Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop Infected with Adware "svcvmx", eating up my CPU


  • This topic is locked This topic is locked
16 replies to this topic

#1 XsickxplayX

XsickxplayX

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 25 June 2017 - 10:32 PM

Hello, I downloaded some cracked video games about a month ago from a website that I *thought* was trustworthy (irresponsible of me, I know). I did not realize until about 2 weeks ago that my computer was feeling very sluggish so I checked my task manager to see what was up. I found a client running called "svcvmx client" and, after a quick google search, found out it was a virus.

 

Unfortunately, I did not have a back-up of my computer and so spent the next few weeks trying to remove the virus whatever way I could. After a little bit of digging I found the source files for the adware, but when I attempted to delete them, my computer would not allow me to stating that I did not have the permission to delete the folders. I am the only user on my PC and an administrator so I spent the next few days trying to take ownership of the folders and delete them but to no avail.

 

The next step I took run full scans of my computer to try and delete the adware. I ran into 2 problems here. 1. If the virus remover program could run, it would not detect the virus and 2. Most of the removers and scanners that people would be unable to open giving me an "The requested resource is already in use." message. The only program that had any success was Zenma, but even though it could detect the virus and remove the files, it could not remove the root which brought the files instantly. I have a video showing what I mean here: https://streamable.com/81pe6 (If am not allowed to link to external sites, ill take it down).

 

I thought I was all out of hope when someone on Reddit recommended that I should try out this website. I come here because I am frankly all out of options. If this does not work ill be forced to do a factory reset on my computer which I want to avoid. Thanks in advance.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
Ran by Osama (administrator) on OSAMAS-PC (25-06-2017 22:19:06)
Running from C:\Users\Osama\Downloads
Loaded Profiles: Osama (Available Profiles: Osama)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
() C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Node.js) C:\Windows\Prey\versions\1.6.8\bin\node.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.6.8\node_modules\triggers\bin\lightevt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxEM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
() C:\Windows\System32\tprdpw64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\IntelCpHeciSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
() C:\Users\Osama\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
() C:\Users\Osama\AppData\Local\ntuserlitelist\dataup\dataup.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_131.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_131.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
() C:\Users\Osama\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Osama\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Osama\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16471808 2016-03-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-03-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-03-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-03-03] (Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-08-18] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel Corporation)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [736768 2016-02-04] ()
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM-x32\...\Run: [cpx] => "C:\Users\Osama\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\Osama\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] ()
HKLM\...\RunOnce: [Zemana AntiMalware] => C:\Users\Osama\Downloads\Programs\Zemana.AntiMalware.Portable-unsigned.exe [15579280 2017-06-20] (Copyright 2017.)
HKU\S-1-5-21-1995453271-3764839841-475955195-1001\...\Run: [Google Update] => C:\Users\Osama\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-1995453271-3764839841-475955195-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-04-24] (Disc Soft Ltd)
HKU\S-1-5-21-1995453271-3764839841-475955195-1001\...\Run: [Chromium] => c:\users\osama\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Osama\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-04] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Osama\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-04] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Osama\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-04] ()
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Osama\AppData\Local\MEGAsync\ShellExtX32.dll [2017-06-04] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Osama\AppData\Local\MEGAsync\ShellExtX32.dll [2017-06-04] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Osama\AppData\Local\MEGAsync\ShellExtX32.dll [2017-06-04] ()
Startup: C:\Users\Osama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-11-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c9699e9e-8d01-4b08-987a-58d9de563693}: [DhcpNameServer] 169.254.23.227
Tcpip\..\Interfaces\{ff710680-7e56-4387-9686-85aa3a1d90dc}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_25&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EyE0AyB0AtDtCzyzyyBtByC0DyB0FyBtN0D0Tzu0StBtDtDtCtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0B0ByDyBtA0DtBtGtD0AtCtDtG0FyByByCtGyEzy0E0EtG0DyCtCyCtDyE0C0AyE0CyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByEzzyC0B0FyEtG0EtBzz0EtGyEyByD0DtGzy0ByE0EtGyDyEzzzzyE0EyDtBzytC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCyBzz%26cr%3D1009083222%26a%3Dwbf_ir_17_25%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-1995453271-3764839841-475955195-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {A66FB330-E725-42F8-8EB0-3C24B92CE14D} URL =
SearchScopes: HKLM-x32 -> DefaultScope {A66FB330-E725-42F8-8EB0-3C24B92CE14D} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_25&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EyE0AyB0AtDtCzyzyyBtByC0DyB0FyBtN0D0Tzu0StBtDtDtCtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0B0ByDyBtA0DtBtGtD0AtCtDtG0FyByByCtGyEzy0E0EtG0DyCtCyCtDyE0C0AyE0CyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByEzzyC0B0FyEtG0EtBzz0EtGyEyByD0DtGzy0ByE0EtGyDyEzzzzyE0EyDtBzytC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCyBzz%26cr%3D1009083222%26a%3Dwbf_ir_17_25%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {A66FB330-E725-42F8-8EB0-3C24B92CE14D} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_25&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EyE0AyB0AtDtCzyzyyBtByC0DyB0FyBtN0D0Tzu0StBtDtDtCtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0B0ByDyBtA0DtBtGtD0AtCtDtG0FyByByCtGyEzy0E0EtG0DyCtCyCtDyE0C0AyE0CyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByEzzyC0B0FyEtG0EtBzz0EtGyEyByD0DtGzy0ByE0EtGyDyEzzzzyE0EyDtBzytC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCyBzz%26cr%3D1009083222%26a%3Dwbf_ir_17_25%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1995453271-3764839841-475955195-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-20] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-20] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: g1la176j.default
FF ProfilePath: C:\Users\Osama\AppData\Roaming\Mozilla\Firefox\Profiles\g1la176j.default [2017-06-25]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\g1la176j.default -> Yahoo! Powered
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\g1la176j.default -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\g1la176j.default -> google.com
FF Keyword.URL: Mozilla\Firefox\Profiles\g1la176j.default -> user_pref("keyword.URL", true);
FF Extension: (Adblock Plus) - C:\Users\Osama\AppData\Roaming\Mozilla\Firefox\Profiles\g1la176j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF HKU\S-1-5-21-1995453271-3764839841-475955195-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-05-16]
FF HKU\S-1-5-21-1995453271-3764839841-475955195-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-1995453271-3764839841-475955195-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Osama\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Osama\AppData\Roaming\IDM\idmmzcc5 [2017-06-07] [not signed]
FF HKU\S-1-5-21-1995453271-3764839841-475955195-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1995453271-3764839841-475955195-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Osama\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1995453271-3764839841-475955195-1001: @talk.google.com/O1DPlugin -> C:\Users\Osama\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1995453271-3764839841-475955195-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Osama\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1995453271-3764839841-475955195-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Osama\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1995453271-3764839841-475955195-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Osama\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Osama\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Osama\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default [2017-06-24]
CHR Extension: (Google Docs) - C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-19]
CHR Extension: (Google Drive) - C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-19]
CHR Extension: (YouTube) - C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-19]
CHR Extension: (Google Docs Offline) - C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-19]
CHR Extension: (Gmail) - C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-19]
CHR Extension: (Chrome Media Router) - C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-19]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]
CHR HKU\S-1-5-21-1995453271-3764839841-475955195-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"drmkpro64" => service could not be unlocked. <==== ATTENTION

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1445384 2016-10-21] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\IntelCpHeciSvc.exe [303096 2017-04-21] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\IntelCpHDCPSvc.exe [480760 2017-04-21] (Intel Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-11-14] (Fork, Ltd.) [File not signed]
R2 Dataup; C:\Users\Osama\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163328 2016-01-27] () [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-04-24] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [134888 2016-01-26] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19424 2015-11-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxCUIService.exe [341496 2017-04-21] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271328 2016-01-25] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-12-27] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-27] (Microsoft Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [42424 2015-12-02] (Lenovo)
R2 YogaPLService; C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe [29112 2015-06-27] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-12-27] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 windowsmanagementservice; C:\Users\Osama\AppData\Local\aofgg\ct.exe [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-06-24] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-06-24] (Disc Soft Ltd)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [30808 2016-01-26] (ELAN Microelectronic Corp.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [129032 2017-04-13] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igdkmd64.sys [11070456 2017-04-21] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7932160 2017-01-24] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2015-12-17] (NVIDIA Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [302808 2015-09-23] (Realtek Semiconductor Corp.)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3104024 2016-04-01] (Realtek Semiconductor Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-06-20] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-06-15] (Zemana Ltd.)
R5 drmkpro64;  <==== ATTENTION: Locked Service <==== ATTENTION
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-25 22:19 - 2017-06-25 22:19 - 00025279 _____ C:\Users\Osama\Downloads\FRST.txt
2017-06-25 22:18 - 2017-06-25 22:18 - 02441216 _____ (Farbar) C:\Users\Osama\Downloads\FRST64.exe
2017-06-25 20:27 - 2017-06-25 20:27 - 00000000 ____D C:\Users\Osama\AppData\Local\llssoft
2017-06-24 16:59 - 2017-06-24 16:59 - 00003374 _____ C:\WINDOWS\System32\Tasks\{6C12658F-AA24-4709-9F11-F94FA583F933}
2017-06-24 05:40 - 2017-06-24 05:40 - 00000000 ____D C:\Users\Osama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KISS
2017-06-24 05:37 - 2017-06-24 05:37 - 00000000 ____D C:\KISS
2017-06-24 05:30 - 2016-07-15 19:29 - 07702016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Models0011.dll
2017-06-24 05:30 - 2016-07-15 19:29 - 02454528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Lexicons0011.dll
2017-06-24 05:30 - 2016-07-15 19:25 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB70011.dll
2017-06-24 05:30 - 2016-07-15 19:24 - 07417344 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Data0011.dll
2017-06-24 05:30 - 2016-07-15 18:40 - 07253504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NL7Data0011.dll
2017-06-24 05:30 - 2016-07-15 18:40 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB70011.dll
2017-06-24 05:30 - 2016-05-25 14:39 - 00002060 _____ C:\WINDOWS\system32\noise.jpn
2017-06-24 05:30 - 2016-05-25 11:10 - 00002060 _____ C:\WINDOWS\SysWOW64\noise.jpn
2017-06-24 05:27 - 2017-06-24 05:27 - 00001054 _____ C:\Users\Osama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-06-24 03:03 - 2017-06-24 03:03 - 00000000 ____D C:\Users\Osama\AppData\Local\Disc_Soft_Ltd
2017-06-24 02:57 - 2017-06-25 20:26 - 00001244 _____ C:\Users\Osama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2017-06-24 02:55 - 2017-06-24 05:35 - 00000000 ____D C:\Users\Osama\AppData\Roaming\DAEMON Tools Lite
2017-06-24 02:55 - 2017-06-24 02:55 - 00047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2017-06-24 02:55 - 2017-06-24 02:55 - 00030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2017-06-24 02:55 - 2017-06-24 02:55 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-06-24 02:55 - 2017-06-24 02:55 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-06-24 02:54 - 2017-06-24 02:55 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-06-24 02:54 - 2017-06-24 02:54 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-06-24 01:39 - 2017-06-24 01:39 - 00002253 _____ C:\Users\Osama\Downloads\MEGAFIX-1.0.0.zip
2017-06-20 20:23 - 2017-06-20 20:23 - 00000000 ____D C:\ProgramData\Sophos
2017-06-20 01:48 - 2017-06-20 01:48 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-06-20 01:44 - 2017-06-25 22:19 - 00000000 ____D C:\FRST
2017-06-20 01:31 - 2010-03-08 05:10 - 00013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe
2017-06-20 01:11 - 2017-06-20 01:32 - 00000000 ____D C:\Users\Osama\AppData\Roaming\FreeFixer
2017-06-20 01:11 - 2017-06-20 01:32 - 00000000 ____D C:\Users\Osama\AppData\Local\FreeFixer
2017-06-20 01:11 - 2017-06-20 01:11 - 00000000 ____D C:\Program Files\FreeFixer
2017-06-17 08:46 - 2017-06-17 08:46 - 02373944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
2017-06-16 19:21 - 2017-06-20 01:06 - 00000000 ____D C:\Program Files\Notepad++
2017-06-16 18:43 - 2017-06-16 18:43 - 00000000 ____D C:\Users\Osama\Documents\Bullet
2017-06-16 18:17 - 2017-06-16 18:17 - 00000000 ____D C:\Users\Osama\AppData\Roaming\WinRAR
2017-06-16 18:16 - 2017-06-16 18:16 - 00000000 ____D C:\Program Files\WinRAR
2017-06-15 15:11 - 2017-06-25 22:18 - 00182771 _____ C:\WINDOWS\ZAM.krnl.trace
2017-06-15 15:11 - 2017-06-25 22:18 - 00088554 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-06-15 15:10 - 2017-06-20 01:32 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-06-15 15:10 - 2017-06-15 15:10 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-06-15 15:10 - 2017-06-15 15:10 - 00000000 ____D C:\Users\Osama\AppData\Local\Zemana
2017-06-14 02:23 - 2017-06-14 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-13 23:36 - 2017-06-13 23:36 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-13 21:43 - 2017-06-03 05:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-13 21:43 - 2017-06-03 05:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-13 21:43 - 2017-06-03 04:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-13 21:43 - 2017-06-03 04:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-13 21:43 - 2017-06-03 04:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-13 21:43 - 2017-06-03 04:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-13 21:43 - 2017-06-03 04:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-13 21:43 - 2017-06-03 04:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-13 21:43 - 2017-06-03 04:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-13 21:43 - 2017-06-03 04:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-13 21:43 - 2017-06-03 04:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-13 21:43 - 2017-06-03 03:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-13 21:43 - 2017-03-04 01:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-13 21:42 - 2017-06-03 05:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-13 21:42 - 2017-06-03 05:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-13 21:42 - 2017-06-03 05:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-13 21:42 - 2017-06-03 05:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-13 21:42 - 2017-06-03 05:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-13 21:42 - 2017-06-03 05:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-13 21:42 - 2017-06-03 05:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-13 21:42 - 2017-06-03 05:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-13 21:42 - 2017-06-03 05:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-13 21:42 - 2017-06-03 05:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-13 21:42 - 2017-06-03 04:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-13 21:42 - 2017-06-03 04:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-13 21:42 - 2017-06-03 04:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-13 21:42 - 2017-06-03 04:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-13 21:42 - 2017-06-03 04:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-13 21:42 - 2017-06-03 04:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-13 21:42 - 2017-06-03 04:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-13 21:42 - 2017-06-03 04:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-13 21:42 - 2017-06-03 04:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-13 21:42 - 2017-06-03 04:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-13 21:42 - 2017-06-03 04:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-13 21:42 - 2017-06-03 04:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-13 21:42 - 2017-06-03 04:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-13 21:42 - 2017-06-03 04:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-13 21:42 - 2017-06-03 04:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-13 21:42 - 2017-06-03 04:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-13 21:42 - 2017-06-03 04:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-13 21:42 - 2017-06-03 04:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-13 21:42 - 2017-06-03 04:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-13 21:42 - 2017-06-03 04:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-13 21:42 - 2017-06-03 04:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-13 21:42 - 2017-06-03 04:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-13 21:42 - 2017-06-03 04:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-13 21:42 - 2017-06-03 04:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-13 21:42 - 2017-06-03 04:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-13 21:42 - 2017-06-03 04:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-13 21:42 - 2017-06-03 04:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-13 21:42 - 2017-06-03 04:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-13 21:42 - 2017-06-03 04:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-13 21:42 - 2017-06-03 04:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-13 21:42 - 2017-06-03 04:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-13 21:42 - 2017-06-03 04:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-13 21:42 - 2017-06-03 04:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-13 21:42 - 2017-06-03 04:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-13 21:42 - 2017-06-03 04:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-13 21:42 - 2017-06-03 04:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-13 21:42 - 2017-06-03 04:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-13 21:42 - 2017-06-03 04:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-13 21:42 - 2017-06-03 04:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-13 21:42 - 2017-06-03 04:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-13 21:42 - 2017-06-03 04:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-13 21:42 - 2017-06-03 04:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-13 21:42 - 2017-06-03 04:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-13 21:42 - 2017-06-03 04:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-13 21:42 - 2017-06-03 04:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-13 21:42 - 2017-06-03 04:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-13 21:42 - 2017-06-03 04:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-13 21:42 - 2017-06-03 04:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-13 21:42 - 2017-06-03 04:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-13 21:42 - 2017-06-03 04:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-13 21:42 - 2017-06-03 04:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-13 21:42 - 2017-06-03 04:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-13 21:42 - 2017-06-03 04:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-13 21:42 - 2017-06-03 04:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-13 21:42 - 2017-06-03 04:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-13 21:42 - 2017-06-03 04:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-13 21:42 - 2017-06-03 04:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-13 21:42 - 2017-06-03 04:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-13 21:42 - 2017-06-03 04:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-13 21:42 - 2017-06-03 04:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-13 21:42 - 2017-06-03 04:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-13 21:42 - 2017-06-03 04:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-13 21:42 - 2017-06-03 04:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-13 21:42 - 2017-06-03 04:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-13 21:42 - 2017-06-03 04:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-13 21:42 - 2017-06-03 04:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-13 21:42 - 2017-06-03 04:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-13 21:42 - 2017-06-03 04:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-13 21:42 - 2017-06-03 03:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-13 21:42 - 2017-06-03 03:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-13 21:42 - 2017-06-03 03:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-13 21:42 - 2017-06-03 03:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-13 21:42 - 2017-06-03 03:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-13 21:42 - 2017-06-03 03:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-13 21:42 - 2017-06-03 03:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-13 21:42 - 2017-06-03 03:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-13 21:42 - 2017-06-03 03:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-13 21:42 - 2017-06-03 03:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-13 21:42 - 2017-06-03 03:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-13 21:42 - 2017-06-03 03:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-13 21:42 - 2017-06-03 03:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-13 21:42 - 2017-06-03 03:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-13 21:42 - 2017-06-03 03:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-13 21:42 - 2017-06-03 03:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-13 21:42 - 2017-06-03 03:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-13 21:42 - 2017-06-03 03:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-13 21:42 - 2017-06-03 03:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-13 21:42 - 2017-06-03 03:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-13 21:42 - 2017-06-03 03:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-13 21:42 - 2017-06-03 03:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-13 21:42 - 2017-06-03 03:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-13 21:42 - 2017-05-25 00:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-13 21:42 - 2017-03-04 01:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-13 21:42 - 2017-03-04 01:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-13 21:42 - 2017-03-04 01:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-13 21:42 - 2016-09-06 23:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-13 21:41 - 2017-06-03 05:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-13 21:41 - 2017-06-03 05:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-13 21:41 - 2017-06-03 05:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-13 21:41 - 2017-06-03 05:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-13 21:41 - 2017-06-03 05:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-13 21:41 - 2017-06-03 05:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-13 21:41 - 2017-06-03 05:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-13 21:41 - 2017-06-03 05:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-13 21:41 - 2017-06-03 05:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-13 21:41 - 2017-06-03 04:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-13 21:41 - 2017-06-03 04:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-13 21:41 - 2017-06-03 04:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-13 21:41 - 2017-06-03 04:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-13 21:41 - 2017-06-03 04:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-13 21:41 - 2017-06-03 04:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-13 21:41 - 2017-06-03 04:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-13 21:41 - 2017-06-03 04:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-13 21:41 - 2017-06-03 04:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-13 21:41 - 2017-06-03 04:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-13 21:41 - 2017-06-03 04:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-13 21:41 - 2017-06-03 03:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-13 21:41 - 2017-06-03 03:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-13 21:41 - 2017-06-03 01:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-13 04:44 - 2017-06-15 21:04 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-06-12 00:24 - 2017-06-12 00:24 - 00000000 ____D C:\Users\Osama\AppData\Local\FOMM
2017-06-12 00:23 - 2017-06-12 00:23 - 00000000 ____D C:\Users\Osama\AppData\Local\Fallout3
2017-06-11 23:31 - 2017-06-25 20:27 - 00000000 ____D C:\Users\Osama\AppData\Local\ntuserlitelist
2017-06-11 22:18 - 2017-06-15 14:22 - 00000254 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2017-06-11 21:57 - 2017-06-11 21:57 - 00000000 ____D C:\Users\Osama\AppData\Local\LLSSOFT.del
2017-06-11 19:40 - 2017-06-11 21:07 - 00000000 ____D C:\ProgramData\RegRun
2017-06-11 19:39 - 2017-06-14 00:18 - 00000000 ____D C:\Users\Osama\Documents\RegRun2
2017-06-11 19:39 - 2017-06-11 19:39 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2017-06-11 19:39 - 2017-06-11 19:39 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2017-06-11 19:39 - 2017-06-11 19:39 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2017-06-11 18:56 - 2017-06-20 00:40 - 00001005 ____H C:\Users\Osama\Desktop\SVCVMX.EXE-81E7B59E.pf - Shortcut.lnk
2017-06-11 18:56 - 2017-06-20 00:40 - 00001005 ____H C:\Users\Osama\Desktop\SVCVMX.EXE-81E7B59E.pf - Shortcut (2).lnk
2017-06-11 18:37 - 2017-06-11 18:37 - 968424800 _____ C:\WINDOWS\MEMORY.DMP
2017-06-11 18:37 - 2017-06-11 18:37 - 00756596 _____ C:\WINDOWS\Minidump\061117-5046-01.dmp
2017-06-11 18:22 - 2017-06-20 00:40 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-11 18:22 - 2017-06-11 18:22 - 00000000 ____D C:\WINDOWS\pss
2017-06-11 16:06 - 2017-06-11 16:06 - 00001417 _____ C:\Users\Osama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-06-11 16:06 - 2017-06-11 16:06 - 00000000 ____D C:\Users\Osama\AppData\Local\UNP
2017-06-11 06:11 - 2017-06-11 06:12 - 00000000 ____D C:\Program Files\UNP
2017-06-11 06:11 - 2017-06-11 06:11 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-06-07 19:39 - 2017-06-24 21:28 - 00000000 ____D C:\Users\Osama\AppData\Roaming\DMCache
2017-06-07 18:49 - 2017-06-07 18:58 - 00000000 ____D C:\Users\Osama\AppData\Roaming\IDM
2017-06-07 18:49 - 2017-06-07 18:49 - 00000000 ____D C:\Users\Osama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-07 18:49 - 2017-06-07 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-07 18:49 - 2017-06-07 18:49 - 00000000 ____D C:\ProgramData\IDM
2017-06-07 18:49 - 2017-06-07 18:49 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-06-05 10:50 - 2017-06-05 10:50 - 00257864 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-25 22:10 - 2016-11-14 00:21 - 00000000 ____D C:\WINDOWS\Prey
2017-06-25 22:10 - 2016-09-25 01:11 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-25 20:27 - 2016-11-17 00:08 - 00155226 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-06-25 20:27 - 2015-11-03 14:28 - 02452142 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-25 20:26 - 2016-11-18 11:05 - 00000000 ____D C:\Users\Osama\AppData\LocalLow\Mozilla
2017-06-25 20:23 - 2016-09-25 01:13 - 00000000 ____D C:\Users\Osama
2017-06-25 20:22 - 2016-09-11 11:32 - 00000000 __SHD C:\Users\Osama\IntelGraphicsProfiles
2017-06-25 20:20 - 2016-09-25 01:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-25 20:20 - 2016-09-25 01:12 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-25 20:20 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-06-25 19:56 - 2016-12-11 22:52 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B2CE1079-BC6C-465D-AF6D-94E64D0B27D4}
2017-06-25 19:22 - 2016-09-15 23:41 - 00000000 ____D C:\Users\Osama\AppData\Local\CrashDumps
2017-06-24 21:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-24 16:59 - 2017-04-24 13:38 - 00000000 ____D C:\Users\Osama\Downloads\Compressed
2017-06-24 07:13 - 2016-09-25 01:11 - 00359944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-24 06:49 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-24 05:30 - 2016-07-16 09:15 - 00000000 ____D C:\WINDOWS\OCR
2017-06-24 02:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-06-24 02:55 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-24 02:55 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-23 18:02 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-23 02:06 - 2016-09-14 10:58 - 00000000 ____D C:\Users\Osama\AppData\Roaming\Skype
2017-06-22 00:46 - 2016-09-25 01:12 - 00000000 ____D C:\Program Files\Realtek
2017-06-20 01:50 - 2016-08-18 04:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-20 01:26 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-20 01:01 - 2016-09-15 23:52 - 00000000 ____D C:\Users\Osama\Desktop\Video Games
2017-06-19 15:44 - 2016-12-15 12:52 - 00003278 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-19 15:44 - 2016-09-14 10:59 - 00002370 _____ C:\Users\Osama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-19 15:44 - 2016-09-11 11:34 - 00000000 ___RD C:\Users\Osama\OneDrive
2017-06-17 04:44 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-17 04:44 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-16 18:16 - 2016-09-15 23:23 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-16 01:08 - 2016-11-06 12:48 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-16 01:08 - 2016-08-18 04:30 - 01456400 ____N C:\WINDOWS\Minidump\061617-4921-01.dmp
2017-06-14 19:34 - 2017-05-10 11:10 - 00004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-14 19:28 - 2016-09-10 21:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-14 16:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-14 00:17 - 2015-11-03 14:24 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-13 23:36 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-13 23:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-13 23:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-13 21:53 - 2016-09-15 23:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-13 19:40 - 2017-05-12 16:49 - 00000000 ____D C:\Users\Osama\AppData\Local\NTUSERLITELIST.del
2017-06-12 00:23 - 2016-10-09 17:03 - 00000000 ____D C:\Users\Osama\Documents\My Games
2017-06-11 22:18 - 2017-05-12 16:39 - 00000000 ____D C:\Program Files (x86)\MICROLEAVES.del
2017-06-11 20:38 - 2017-04-20 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ
2017-06-11 20:27 - 2017-03-24 18:32 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2017-06-11 20:27 - 2017-03-24 18:32 - 00000000 ____D C:\Program Files (x86)\Mr DJ
2017-06-11 20:27 - 2017-03-24 18:31 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-06-08 03:09 - 2016-09-13 12:29 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-08 03:01 - 2017-01-14 21:15 - 00000000 ____D C:\Users\Osama\AppData\Roaming\.minecraft
2017-06-08 03:01 - 2017-01-14 21:15 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-06-07 21:56 - 2017-05-06 13:05 - 00000000 ____D C:\Users\Osama\AppData\Roaming\OBS
2017-06-07 20:46 - 2017-02-07 22:18 - 00000000 ____D C:\Users\Osama\AppData\Local\ElevatedDiagnostics
2017-06-07 18:36 - 2017-03-24 01:47 - 00000000 ____D C:\Users\Osama\Documents\MEGAsync Downloads
2017-06-04 18:27 - 2017-04-07 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-06-04 18:27 - 2016-09-14 13:35 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2017-06-04 18:27 - 2016-09-14 13:35 - 00000000 ____D C:\ProgramData\Skype
2017-06-04 18:10 - 2016-09-14 13:27 - 00000000 ____D C:\Users\Osama\AppData\Local\MEGAsync
2017-06-04 16:41 - 2017-04-24 13:33 - 00000000 ____D C:\Users\Osama\AppData\Local\MegaDownloader
2017-06-03 16:43 - 2016-09-13 12:34 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-06-03 01:36 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 01:36 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-01 13:56 - 2016-09-11 11:32 - 00000000 ____D C:\Users\Osama\AppData\Local\Packages
2017-05-28 15:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-27 11:57 - 2017-05-16 19:33 - 00000000 ____D C:\Fraps

==================== Files in the root of some directories =======

2017-05-16 19:04 - 2017-05-16 19:04 - 0000128 ____H () C:\Users\Osama\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2016-09-25 01:12 - 2016-09-25 01:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-05-16 19:04 - 2017-05-16 19:04 - 0000128 ____H () C:\ProgramData\ecf00c38dc807e105d881c433a6b455dd2c606b6
2016-09-25 01:12 - 2016-09-25 01:12 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2016-12-11 21:32 - 2016-12-11 21:32 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
2017-06-24 05:35 - 2015-07-03 05:46 - 0910848 ____N (© Reactor) C:\Users\Osama\AppData\Local\Temp\installer.exe
2017-06-12 02:41 - 2017-06-12 02:41 - 58128344 _____ (Skype Technologies S.A.) C:\Users\Osama\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-24 19:53

==================== End of FRST.txt ============================

Attached Files


Edited by XsickxplayX, 25 June 2017 - 10:34 PM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 PM

Posted 26 June 2017 - 07:19 AM

Hi XsickxplayX :)
 
My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)
 
Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
 
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
 
If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 PM

Posted 27 June 2017 - 10:47 AM

I received your log via PM, thank you. Now you should be able to install and run Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 XsickxplayX

XsickxplayX
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 27 June 2017 - 04:24 PM

I'm not sure which log you wanted so here are both :)

 

Protection Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 6/27/2017 3:30 PM, SYSTEM, OSAMAS-PC, Manual, Rootkit Database, 2016.2.8.1, 2017.5.27.1,
Update, 6/27/2017 3:30 PM, SYSTEM, OSAMAS-PC, Manual, Remediation Database, 2016.2.12.1, 2017.6.16.1,
Update, 6/27/2017 3:30 PM, SYSTEM, OSAMAS-PC, Manual, IP Database, 2016.2.8.1, 2017.6.27.7,
Update, 6/27/2017 3:30 PM, SYSTEM, OSAMAS-PC, Manual, Domain Database, 2016.2.16.8, 2017.6.27.9,
Update, 6/27/2017 3:30 PM, SYSTEM, OSAMAS-PC, Manual, Malware Database, 2016.2.16.6, 2017.6.27.5,
Update, 6/27/2017 3:39 PM, SYSTEM, OSAMAS-PC, Manual, Malware Database, 2017.6.27.5, 2017.6.27.6,
Scan, 6/27/2017 4:19 PM, SYSTEM, OSAMAS-PC, Manual, Start:6/27/2017 3:39 PM, Duration:7 min 42 sec, Threat Scan, Completed, 1 Malware Detection, 44 Non-Malware Detections,

(end)

 

Scan Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/27/2017
Scan Time: 3:39 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.06.27.06
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Osama

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300480
Time Elapsed: 7 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1193EFE6-17D0-4745-A9D8-4F205C032CA6}, Delete-on-Reboot, [1d15d86c6a3fff373faf32e1eb1501ff],
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{44A76E32-9607-4BEB-8129-7B90220229FB}, Delete-on-Reboot, [9b97d173c9e01e18509e759e11ef8779],
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FBAA248B-6784-4BF6-B651-BE420057DF70}, Delete-on-Reboot, [e84a380c8b1e9c9a93471437619fe818],
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G2, Delete-on-Reboot, [9e94c67e5455e94d0efebd5746bac63a],
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G3, Delete-on-Reboot, [49e91f25c6e3bd7941cba76d33cdbc44],
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Updater_Online_Application, Delete-on-Reboot, [df53083c3178c6709e643316857b0cf4],
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [ee44a0a491183afc49faef68aa56669a],
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A66FB330-E725-42F8-8EB0-3C24B92CE14D}, Quarantined, [ff33a79d8029d066dffdcb9de41e2fd1],
PUP.Optional.InstallCore, HKU\S-1-5-21-1995453271-3764839841-475955195-1001\SOFTWARE\csastats, Quarantined, [92a0b193bfea50e6fca60b1c01029a66],
PUP.Optional.SwytShop, HKU\S-1-5-21-1995453271-3764839841-475955195-1001\SOFTWARE\SwytShop, Quarantined, [1022291bbaef74c239d7ecb0b54c9e62],
PUP.Optional.ProductSetup, HKU\S-1-5-21-1995453271-3764839841-475955195-1001\SOFTWARE\PRODUCTSETUP, Quarantined, [ec462f15179279bd990209e6f50db34d],

Registry Values: 7
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1193EFE6-17D0-4745-A9D8-4F205C032CA6}|Path, \Online Application V2G3, Delete-on-Reboot, [1d15d86c6a3fff373faf32e1eb1501ff]
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{44A76E32-9607-4BEB-8129-7B90220229FB}|Path, \Online Application V2G2, Delete-on-Reboot, [9b97d173c9e01e18509e759e11ef8779]
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FBAA248B-6784-4BF6-B651-BE420057DF70}|Path, \Updater_Online_Application, Delete-on-Reboot, [e84a380c8b1e9c9a93471437619fe818]
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_25&param1=1&param2=f[46ec51f3bbee53e3cb3fdb35b7496997]D1%26b[46ec51f3bbee53e3cb3fdb35b7496997]DIE%26cc[46ec51f3bbee53e3cb3fdb35b7496997]Dus%26pa[46ec51f3bbee53e3cb3fdb35b7496997]Dwincy%26cd[46ec51f3bbee53e3cb3fdb35b7496997]D2XzuyEtN2Y1L1Qzu0EyE0AyB0AtDtCzyzyyBtByC0DyB0FyBtN0D0Tzu0StBtDtDtCtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0B0ByDyBtA0DtBtGtD0AtCtDtG0FyByByCtGyEzy0E0EtG0DyCtCyCtDyE0C0AyE0CyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByEzzyC0B0FyEtG0EtBzz0EtGyEyByD0DtGzy0ByE0EtGyDyEzzzzyE0EyDtBzytC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCyBzz%26cr[46ec51f3bbee53e3cb3fdb35b7496997]D1009083222%26a[46ec51f3bbee53e3cb3fdb35b7496997]Dwbf_ir_17_25%26os_ver[46ec51f3bbee53e3cb3fdb35b7496997]D10.0%26os[46ec51f3bbee53e3cb3fdb35b7496997]DWindowsQuarantinedB10QuarantinedBHome, %4, %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A66FB330-E725-42F8-8EB0-3C24B92CE14D}|URL, https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_25&param1=1&param2=f[ff33a79d8029d066dffdcb9de41e2fd1]D4%26b[ff33a79d8029d066dffdcb9de41e2fd1]DIE%26cc[ff33a79d8029d066dffdcb9de41e2fd1]Dus%26pa[ff33a79d8029d066dffdcb9de41e2fd1]Dwincy%26cd[ff33a79d8029d066dffdcb9de41e2fd1]D2XzuyEtN2Y1L1Qzu0EyE0AyB0AtDtCzyzyyBtByC0DyB0FyBtN0D0Tzu0StBtDtDtCtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0B0ByDyBtA0DtBtGtD0AtCtDtG0FyByByCtGyEzy0E0EtG0DyCtCyCtDyE0C0AyE0CyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByEzzyC0B0FyEtG0EtBzz0EtGyEyByD0DtGzy0ByE0EtGyDyEzzzzyE0EyDtBzytC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCyBzz%26cr[ff33a79d8029d066dffdcb9de41e2fd1]D1009083222%26a[ff33a79d8029d066dffdcb9de41e2fd1]Dwbf_ir_17_25%26os_ver[ff33a79d8029d066dffdcb9de41e2fd1]D10.0%26os[ff33a79d8029d066dffdcb9de41e2fd1]DWindowsQuarantinedB10QuarantinedBHome&p={searchTerms}, %4, %5
PUP.Optional.NotChromeRun, HKU\S-1-5-21-1995453271-3764839841-475955195-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Chromium, c:\users\osama\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session, Quarantined, [5dd584c06b3e999dca42300c1fe1e51b]
PUP.Optional.ProductSetup, HKU\S-1-5-21-1995453271-3764839841-475955195-1001\SOFTWARE\PRODUCTSETUP|tb, 0G2O2W1R0C1R1H, Quarantined, [ec462f15179279bd990209e6f50db34d]

Registry Data: 1
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_25&param1=1&param2=fBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_25&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EyE0AyB0AtDtCzyzyyBtByC0DyB0FyBtN0D0Tzu0StBtDtDtCtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0B0ByDyBtA0DtBtGtD0AtCtDtG0FyByByCtGyEzy0E0EtG0DyCtCyCtDyE0C0AyE0CyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByEzzyC0B0FyEtG0EtBzz0EtGyEyByD0DtGzy0ByE0EtGyDyEzzzzyE0EyDtBzytC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCyBzz%26cr%3D1009083222%26a%3Dwbf_ir_17_25%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[77bb1d2759503303e7be73dff70c7f81]D1%26bBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_25&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EyE0AyB0AtDtCzyzyyBtByC0DyB0FyBtN0D0Tzu0StBtDtDtCtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0B0ByDyBtA0DtBtGtD0AtCtDtG0FyByByCtGyEzy0E0EtG0DyCtCyCtDyE0C0AyE0CyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByEzzyC0B0FyEtG0EtBzz0EtGyEyByD0DtGzy0ByE0EtGyDyEzzzzyE0EyDtBzytC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCyBzz%26cr%3D1009083222%26a%3Dwbf_ir_17_25%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[77bb1d2759503303e7be73dff70c7f81]DIE%26ccBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_25&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EyE0AyB0AtDtCzyzyyBtByC0DyB0FyBtN0D0Tzu0StBtDtDtCtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0B0ByDyBtA0DtBtGtD0AtCtDtG0FyByByCtGyEzy0E0EtG0DyCtCyCtDyE0C0AyE0CyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByEzzyC0B0FyEtG0EtBzz0EtGyEyByD0DtGzy0ByE0EtGyDyEzzzzyE0EyDtBzytC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCyBzz%26cr%3D1009083222%26a%3Dwbf_ir_17_25%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[77bb1d2759503303e7be73dff70c7f81]Dus%26paBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_25&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EyE0AyB0AtDtCzyzyyBtByC0DyB0FyBtN0D0Tzu0StBtDtDtCtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0B0ByDyBtA0DtBtGtD0AtCtDtG0FyByByCtGyEzy0E0EtG0DyCtCyCtDyE0C0AyE0CyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByEzzyC0B0FyEtG0EtBzz0EtGyEyByD0DtGzy0ByE0EtGyDyEzzzzyE0EyDtBzytC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCyBzz%26cr%3D1009083222%26a%3Dwbf_ir_17_25%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[77bb1d2759503303e7be73dff70c7f81]Dwincy%26cdBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_25&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EyE0AyB0AtDtCzyzyyBtByC0DyB0FyBtN0D0Tzu0StBtDtDtCtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0B0ByDyBtA0DtBtGtD0AtCtDtG0FyByByCtGyEzy0E0EtG0DyCtCyCtDyE0C0AyE0CyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByEzzyC0B0FyEtG0EtBzz0EtGyEyByD0DtGzy0ByE0EtGyDyEzzzzyE0EyDtBzytC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCyBzz%26cr%3D1009083222%26a%3Dwbf_ir_17_25%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[77bb1d2759503303e7be73dff70c7f81]D2XzuyEtN2Y1L1Qzu0EyE0AyB0AtDtCzyzyyBtByC0DyB0FyBtN0D0Tzu0StBtDtDtCtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0B0ByDyBtA0DtBtGtD0AtCtDtG0FyByByCtGyEzy0E0EtG0DyCtCyCtDyE0C0AyE0CyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByEzzyC0B0FyEtG0EtBzz0EtGyEyByD0DtGzy0ByE0EtGyDyEzzzzyE0EyDtBzytC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCyBzz%26crBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_25&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EyE0AyB0AtDtCzyzyyBtByC0DyB0FyBtN0D0Tzu0StBtDtDtCtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0B0ByDyBtA0DtBtGtD0AtCtDtG0FyByByCtGyEzy0E0EtG0DyCtCyCtDyE0C0AyE0CyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByEzzyC0B0FyEtG0EtBzz0EtGyEyByD0DtGzy0ByE0EtGyDyEzzzzyE0EyDtBzytC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCyBzz%26cr%3D1009083222%26a%3Dwbf_ir_17_25%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[77bb1d2759503303e7be73dff70c7f81]D1009083222%26aBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_25&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EyE0AyB0AtDtCzyzyyBtByC0DyB0FyBtN0D0Tzu0StBtDtDtCtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0B0ByDyBtA0DtBtGtD0AtCtDtG0FyByByCtGyEzy0E0EtG0DyCtCyCtDyE0C0AyE0CyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByEzzyC0B0FyEtG0EtBzz0EtGyEyByD0DtGzy0ByE0EtGyDyEzzzzyE0EyDtBzytC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCyBzz%26cr%3D1009083222%26a%3Dwbf_ir_17_25%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[77bb1d2759503303e7be73dff70c7f81]Dwbf_ir_17_25%26os_verBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_25&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EyE0AyB0AtDtCzyzyyBtByC0DyB0FyBtN0D0Tzu0StBtDtDtCtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0B0ByDyBtA0DtBtGtD0AtCtDtG0FyByByCtGyEzy0E0EtG0DyCtCyCtDyE0C0AyE0CyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByEzzyC0B0FyEtG0EtBzz0EtGyEyByD0DtGzy0ByE0EtGyDyEzzzzyE0EyDtBzytC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCyBzz%26cr%3D1009083222%26a%3Dwbf_ir_17_25%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[77bb1d2759503303e7be73dff70c7f81]D10.0%26osBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_25&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EyE0AyB0AtDtCzyzyyBtByC0DyB0FyBtN0D0Tzu0StBtDtDtCtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0B0ByDyBtA0DtBtGtD0AtCtDtG0FyByByCtGyEzy0E0EtG0DyCtCyCtDyE0C0AyE0CyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByEzzyC0B0FyEtG0EtBzz0EtGyEyByD0DtGzy0ByE0EtGyDyEzzzzyE0EyDtBzytC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCyBzz%26cr%3D1009083222%26a%3Dwbf_ir_17_25%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[77bb1d2759503303e7be73dff70c7f81]DWindowsGood: (www.google.com)B10Good: (www.google.com)BHome, %4, %5

Folders: 5
PUP.Optional.BundleInstaller, C:\Users\Osama\AppData\Local\Temp\117046, Quarantined, [a68ce85c5b4e8da9dcca233d14ec1ae6],
PUP.Optional.BundleInstaller, C:\Users\Osama\AppData\Local\Temp\1634656, Quarantined, [7ab8aa9aa207b38353871749897752ae],
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [cf634bf912977abc00ed48ff56aa966a],
PUP.Optional.SwytShop, C:\Users\Osama\AppData\Roaming\Mozilla\Firefox\Profiles\g1la176j.default\jetpack\323D625D490FE8DD@ext.u, Quarantined, [a290a99befba8ea848ca2c304eb3d22e],
PUP.Optional.SwytShop, C:\Users\Osama\AppData\Roaming\Mozilla\Firefox\Profiles\g1la176j.default\jetpack\323D625D490FE8DD@ext.u\simple-storage, Quarantined, [a290a99befba8ea848ca2c304eb3d22e],

Files: 21
PUP.Optional.WindowService, C:\Users\Osama\AppData\Local\Temp\117046\ic-0.064aa2454a1b4c.exe, Quarantined, [0a284301149578bed0324b95887927d9],
PUP.Optional.WindowService, C:\Users\Osama\AppData\Local\Temp\1634656\ic-0.6109b48346650c.exe, Quarantined, [5bd766de51585adcf9095090cc35d729],
PUP.Optional.AppTrailers, C:\Users\Osama\AppData\Local\Temp\1634656\ic-0.d1c42d498c5a5.exe, Quarantined, [49e9f054c7e258dee742e0693cc41de3],
PUP.Optional.ByteFence, C:\Users\Osama\AppData\Local\Temp\tmpSec3013847\bytefence-installer_3.10.0.3.exe, Quarantined, [d45e3113753456e06b106a5361a052ae],
PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Online Application V2G1, Quarantined, [7fb3ba8aa306b87e779b7d97768ae11f],
PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Online Application V2G2, Quarantined, [1c1691b38524ea4c739fcd479f615ea2],
PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Online Application V2G3, Quarantined, [51e110341891ac8a40d2888ca35dc13f],
PUP.Optional.OnlineIO, C:\Windows\Tasks\Updater_Online_Application.job, Quarantined, [e05254f0cadf6ec8ce2dae99c53b17e9],
PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Updater_Online_Application, Quarantined, [b57d42029019b77f0defae9967994ab6],
PUP.Optional.OnlineIO, C:\Windows\Installer\SourceHash{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [5ad86ed6436665d1f6114dfb39c71ce4],
PUP.Optional.BundleInstaller, C:\Users\Osama\AppData\Local\Temp\117046\ic-0.2a09b6be3cc70c.exe, Quarantined, [a68ce85c5b4e8da9dcca233d14ec1ae6],
PUP.Optional.BundleInstaller, C:\Users\Osama\AppData\Local\Temp\1634656\ic-0.d5f1aaae8ffbe.exe, Quarantined, [7ab8aa9aa207b38353871749897752ae],
PUP.Optional.BundleInstaller, C:\Users\Osama\AppData\Local\Temp\1634656\dlreport, Quarantined, [7ab8aa9aa207b38353871749897752ae],
PUP.Optional.WeatherBuddy, C:\Windows\WeatherBuddy.INI, Quarantined, [4ce693b1adfc50e6240a3642d928c040],
PUP.Optional.OnlineIO, C:\Windows\Tasks\Online Application V2G1.job, Quarantined, [2210f54fe0c95dd9a907fa9ded1447b9],
PUP.Optional.OnlineIO, C:\Windows\Tasks\Online Application V2G2.job, Quarantined, [e44e073d7237de58367aa4f331d04ab6],
PUP.Optional.OnlineIO, C:\Windows\Tasks\Online Application V2G3.job, Quarantined, [ee44f64eefba49edfab6088f679aea16],
Trojan.Clicker, C:\Windows\System32\tprdpw64.exe, Quarantined, [40f2e75dbcedff37eb06748652af6a96],
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Quarantined, [cf634bf912977abc00ed48ff56aa966a],
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Quarantined, [cf634bf912977abc00ed48ff56aa966a],
PUP.Optional.SwytShop, C:\Users\Osama\AppData\Roaming\Mozilla\Firefox\Profiles\g1la176j.default\jetpack\323D625D490FE8DD@ext.u\simple-storage\store.json, Quarantined, [a290a99befba8ea848ca2c304eb3d22e],

Physical Sectors: 0
(No malicious items detected)


(end)



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 PM

Posted 27 June 2017 - 05:59 PM

Good :) Now, let's do a sweep with AdwCleaner and JRT.

zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted JRT log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 XsickxplayX

XsickxplayX
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 29 June 2017 - 05:09 PM

Here's the stuff from AdwCleaner:
 



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Osama\AppData\Local\llssoft
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\llssoft


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microleaves


***** [ Web browsers ] *****

[-] Firefox preferences cleaned: "browser.search.defaultenginename" -  "Yahoo! Powered"
[-] Firefox preferences cleaned: "browser.search.selectedEngine" -  "Yahoo! Powered"
[-] [C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1332 Bytes] - [29/06/2017 15:59:16]
C:\AdwCleaner\AdwCleaner[S0].txt - [1902 Bytes] - [29/06/2017 15:51:04]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1478 Bytes] ##########
 



#7 XsickxplayX

XsickxplayX
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 29 June 2017 - 05:53 PM

And here's all the stuff from JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by Osama (Administrator) on Thu 06/29/2017 at 17:10:32.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1
 

 

Successfully deleted: C:\ProgramData\mntemp (File)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/29/2017 at 17:12:37.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Edited by XsickxplayX, 29 June 2017 - 05:54 PM.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 PM

Posted 29 June 2017 - 06:01 PM

Good :) Now please run a new scan with FRST, and provide me a fresh set of logs (FRST.txt and Addition.txt). I'll look for remnants and remove them if there are any.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 XsickxplayX

XsickxplayX
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 30 June 2017 - 05:26 PM

Here we go!

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017
Ran by Osama (administrator) on OSAMAS-PC (30-06-2017 17:21:44)
Running from C:\Users\Osama\Downloads
Loaded Profiles: Osama (Available Profiles: Osama)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Node.js) C:\Windows\Prey\versions\1.6.8\bin\node.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.6.8\node_modules\triggers\bin\lightevt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.XboxApp_29.30.2001.0_x64__8wekyb3d8bbwe\XboxApp.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16471808 2016-03-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-03-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-03-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-03-03] (Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-08-18] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel Corporation)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [736768 2016-02-04] ()
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKU\S-1-5-21-1995453271-3764839841-475955195-1001\...\Run: [Google Update] => C:\Users\Osama\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-1995453271-3764839841-475955195-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-04-24] (Disc Soft Ltd)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Osama\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-04] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Osama\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-04] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Osama\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-04] ()
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Osama\AppData\Local\MEGAsync\ShellExtX32.dll [2017-06-04] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Osama\AppData\Local\MEGAsync\ShellExtX32.dll [2017-06-04] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Osama\AppData\Local\MEGAsync\ShellExtX32.dll [2017-06-04] ()
Startup: C:\Users\Osama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-11-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c9699e9e-8d01-4b08-987a-58d9de563693}: [DhcpNameServer] 169.254.23.227
Tcpip\..\Interfaces\{ff710680-7e56-4387-9686-85aa3a1d90dc}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1995453271-3764839841-475955195-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {A66FB330-E725-42F8-8EB0-3C24B92CE14D} URL =
SearchScopes: HKLM-x32 -> DefaultScope {A66FB330-E725-42F8-8EB0-3C24B92CE14D} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-20] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-20] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: g1la176j.default
FF ProfilePath: C:\Users\Osama\AppData\Roaming\Mozilla\Firefox\Profiles\g1la176j.default [2017-06-30]
FF Homepage: Mozilla\Firefox\Profiles\g1la176j.default -> google.com
FF Keyword.URL: Mozilla\Firefox\Profiles\g1la176j.default -> user_pref("keyword.URL", true);
FF Extension: (Adblock Plus) - C:\Users\Osama\AppData\Roaming\Mozilla\Firefox\Profiles\g1la176j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF HKU\S-1-5-21-1995453271-3764839841-475955195-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-05-16]
FF HKU\S-1-5-21-1995453271-3764839841-475955195-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-1995453271-3764839841-475955195-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Osama\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Osama\AppData\Roaming\IDM\idmmzcc5 [2017-06-07] [not signed]
FF HKU\S-1-5-21-1995453271-3764839841-475955195-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1995453271-3764839841-475955195-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Osama\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1995453271-3764839841-475955195-1001: @talk.google.com/O1DPlugin -> C:\Users\Osama\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1995453271-3764839841-475955195-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Osama\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1995453271-3764839841-475955195-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Osama\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1995453271-3764839841-475955195-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Osama\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Osama\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Osama\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default [2017-06-29]
CHR Extension: (Google Docs) - C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-19]
CHR Extension: (Google Drive) - C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-19]
CHR Extension: (YouTube) - C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-19]
CHR Extension: (Google Docs Offline) - C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-19]
CHR Extension: (Gmail) - C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-19]
CHR Extension: (Chrome Media Router) - C:\Users\Osama\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-19]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]
CHR HKU\S-1-5-21-1995453271-3764839841-475955195-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1445384 2016-10-21] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\IntelCpHeciSvc.exe [303096 2017-04-21] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\IntelCpHDCPSvc.exe [480760 2017-04-21] (Intel Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-11-14] (Fork, Ltd.) [File not signed]
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163328 2016-01-27] () [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-04-24] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [134888 2016-01-26] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19424 2015-11-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxCUIService.exe [341496 2017-04-21] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271328 2016-01-25] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-12-27] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-27] (Microsoft Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [42424 2015-12-02] (Lenovo)
R2 YogaPLService; C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe [29112 2015-06-27] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-12-27] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-06-24] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-06-24] (Disc Soft Ltd)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [30808 2016-01-26] (ELAN Microelectronic Corp.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [129032 2017-04-13] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igdkmd64.sys [11070456 2017-04-21] (Intel Corporation)
R1 MpKsl31fda2a1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1523383E-9A93-43E2-9B9D-D554E142F4DC}\MpKsl31fda2a1.sys [44928 2017-06-30] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7932160 2017-01-24] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2015-12-17] (NVIDIA Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [302808 2015-09-23] (Realtek Semiconductor Corp.)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3104024 2016-04-01] (Realtek Semiconductor Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-06-20] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-06-15] (Zemana Ltd.)
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-30 17:21 - 2017-06-30 17:21 - 00000000 ____D C:\Users\Osama\Downloads\FRST-OlderVersion
2017-06-29 15:49 - 2017-06-29 15:59 - 00000000 ____D C:\AdwCleaner
2017-06-29 15:49 - 2017-06-29 15:49 - 04110280 _____ C:\Users\Osama\Downloads\AdwCleaner.exe
2017-06-27 15:29 - 2017-06-27 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-27 15:29 - 2017-06-27 15:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-06-27 15:29 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-27 15:29 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-06-27 15:29 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-27 15:27 - 2017-06-27 15:28 - 22851472 _____ (Malwarebytes ) C:\Users\Osama\Downloads\mbam-setup-bc.1878-2.2.1.1043.exe
2017-06-27 00:17 - 2017-06-27 16:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-27 00:17 - 2017-06-27 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-06-27 00:17 - 2017-06-27 15:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-27 00:16 - 2017-06-27 02:45 - 00000000 ____D C:\Users\Osama\Desktop\mbar
2017-06-26 23:29 - 2017-06-27 00:16 - 16564750 _____ (Malwarebytes Corp.) C:\Users\Osama\Downloads\mbar-1.09.4.1001.exe
2017-06-25 22:19 - 2017-06-30 17:21 - 00022128 _____ C:\Users\Osama\Downloads\FRST.txt
2017-06-25 22:19 - 2017-06-25 22:19 - 00047571 _____ C:\Users\Osama\Downloads\Addition.txt
2017-06-25 22:18 - 2017-06-30 17:21 - 02440704 _____ (Farbar) C:\Users\Osama\Downloads\FRST64.exe
2017-06-24 16:59 - 2017-06-24 16:59 - 00003374 _____ C:\WINDOWS\System32\Tasks\{6C12658F-AA24-4709-9F11-F94FA583F933}
2017-06-24 05:40 - 2017-06-24 05:40 - 00000000 ____D C:\Users\Osama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KISS
2017-06-24 05:27 - 2017-06-24 05:27 - 00001054 _____ C:\Users\Osama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-06-24 03:03 - 2017-06-24 03:03 - 00000000 ____D C:\Users\Osama\AppData\Local\Disc_Soft_Ltd
2017-06-24 02:57 - 2017-06-25 20:26 - 00001244 _____ C:\Users\Osama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2017-06-24 02:55 - 2017-06-24 05:35 - 00000000 ____D C:\Users\Osama\AppData\Roaming\DAEMON Tools Lite
2017-06-24 02:55 - 2017-06-24 02:55 - 00047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2017-06-24 02:55 - 2017-06-24 02:55 - 00030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2017-06-24 02:55 - 2017-06-24 02:55 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-06-24 02:55 - 2017-06-24 02:55 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-06-24 02:54 - 2017-06-24 02:55 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-06-24 02:54 - 2017-06-24 02:54 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-06-24 01:39 - 2017-06-24 01:39 - 00002253 _____ C:\Users\Osama\Downloads\MEGAFIX-1.0.0.zip
2017-06-20 20:23 - 2017-06-20 20:23 - 00000000 ____D C:\ProgramData\Sophos
2017-06-20 01:48 - 2017-06-20 01:48 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-06-20 01:44 - 2017-06-30 17:21 - 00000000 ____D C:\FRST
2017-06-20 01:31 - 2010-03-08 05:10 - 00013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe
2017-06-20 01:11 - 2017-06-20 01:32 - 00000000 ____D C:\Users\Osama\AppData\Roaming\FreeFixer
2017-06-20 01:11 - 2017-06-20 01:32 - 00000000 ____D C:\Users\Osama\AppData\Local\FreeFixer
2017-06-20 01:11 - 2017-06-20 01:11 - 00000000 ____D C:\Program Files\FreeFixer
2017-06-17 08:46 - 2017-06-17 08:46 - 02373944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
2017-06-16 19:21 - 2017-06-20 01:06 - 00000000 ____D C:\Program Files\Notepad++
2017-06-16 18:43 - 2017-06-16 18:43 - 00000000 ____D C:\Users\Osama\Documents\Bullet
2017-06-16 18:17 - 2017-06-16 18:17 - 00000000 ____D C:\Users\Osama\AppData\Roaming\WinRAR
2017-06-16 18:16 - 2017-06-16 18:16 - 00000000 ____D C:\Program Files\WinRAR
2017-06-15 15:11 - 2017-06-30 17:21 - 00150861 _____ C:\WINDOWS\ZAM.krnl.trace
2017-06-15 15:11 - 2017-06-30 17:21 - 00116717 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-06-15 15:10 - 2017-06-20 01:32 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-06-15 15:10 - 2017-06-15 15:10 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-06-15 15:10 - 2017-06-15 15:10 - 00000000 ____D C:\Users\Osama\AppData\Local\Zemana
2017-06-14 02:23 - 2017-06-30 03:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-13 23:36 - 2017-06-13 23:36 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-13 21:43 - 2017-06-03 05:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-13 21:43 - 2017-06-03 05:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-13 21:43 - 2017-06-03 04:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-13 21:43 - 2017-06-03 04:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-13 21:43 - 2017-06-03 04:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-13 21:43 - 2017-06-03 04:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-13 21:43 - 2017-06-03 04:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-13 21:43 - 2017-06-03 04:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-13 21:43 - 2017-06-03 04:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-13 21:43 - 2017-06-03 04:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-13 21:43 - 2017-06-03 04:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-13 21:43 - 2017-06-03 03:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-13 21:43 - 2017-03-04 01:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-13 21:42 - 2017-06-03 05:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-13 21:42 - 2017-06-03 05:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-13 21:42 - 2017-06-03 05:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-13 21:42 - 2017-06-03 05:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-13 21:42 - 2017-06-03 05:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-13 21:42 - 2017-06-03 05:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-13 21:42 - 2017-06-03 05:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-13 21:42 - 2017-06-03 05:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-13 21:42 - 2017-06-03 05:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-13 21:42 - 2017-06-03 05:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-13 21:42 - 2017-06-03 04:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-13 21:42 - 2017-06-03 04:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-13 21:42 - 2017-06-03 04:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-13 21:42 - 2017-06-03 04:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-13 21:42 - 2017-06-03 04:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-13 21:42 - 2017-06-03 04:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-13 21:42 - 2017-06-03 04:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-13 21:42 - 2017-06-03 04:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-13 21:42 - 2017-06-03 04:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-13 21:42 - 2017-06-03 04:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-13 21:42 - 2017-06-03 04:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-13 21:42 - 2017-06-03 04:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-13 21:42 - 2017-06-03 04:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-13 21:42 - 2017-06-03 04:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-13 21:42 - 2017-06-03 04:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-13 21:42 - 2017-06-03 04:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-13 21:42 - 2017-06-03 04:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-13 21:42 - 2017-06-03 04:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-13 21:42 - 2017-06-03 04:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-13 21:42 - 2017-06-03 04:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-13 21:42 - 2017-06-03 04:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-13 21:42 - 2017-06-03 04:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-13 21:42 - 2017-06-03 04:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-13 21:42 - 2017-06-03 04:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-13 21:42 - 2017-06-03 04:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-13 21:42 - 2017-06-03 04:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-13 21:42 - 2017-06-03 04:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-13 21:42 - 2017-06-03 04:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-13 21:42 - 2017-06-03 04:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-13 21:42 - 2017-06-03 04:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-13 21:42 - 2017-06-03 04:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-13 21:42 - 2017-06-03 04:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-13 21:42 - 2017-06-03 04:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-13 21:42 - 2017-06-03 04:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-13 21:42 - 2017-06-03 04:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-13 21:42 - 2017-06-03 04:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-13 21:42 - 2017-06-03 04:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-13 21:42 - 2017-06-03 04:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-13 21:42 - 2017-06-03 04:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-13 21:42 - 2017-06-03 04:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-13 21:42 - 2017-06-03 04:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-13 21:42 - 2017-06-03 04:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-13 21:42 - 2017-06-03 04:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-13 21:42 - 2017-06-03 04:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-13 21:42 - 2017-06-03 04:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-13 21:42 - 2017-06-03 04:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-13 21:42 - 2017-06-03 04:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-13 21:42 - 2017-06-03 04:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-13 21:42 - 2017-06-03 04:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-13 21:42 - 2017-06-03 04:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-13 21:42 - 2017-06-03 04:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-13 21:42 - 2017-06-03 04:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-13 21:42 - 2017-06-03 04:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-13 21:42 - 2017-06-03 04:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-13 21:42 - 2017-06-03 04:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-13 21:42 - 2017-06-03 04:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-13 21:42 - 2017-06-03 04:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-13 21:42 - 2017-06-03 04:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-13 21:42 - 2017-06-03 04:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-13 21:42 - 2017-06-03 04:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-13 21:42 - 2017-06-03 04:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-13 21:42 - 2017-06-03 04:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-13 21:42 - 2017-06-03 04:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-13 21:42 - 2017-06-03 04:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-13 21:42 - 2017-06-03 04:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-13 21:42 - 2017-06-03 04:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-13 21:42 - 2017-06-03 04:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-13 21:42 - 2017-06-03 04:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-13 21:42 - 2017-06-03 03:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-13 21:42 - 2017-06-03 03:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-13 21:42 - 2017-06-03 03:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-13 21:42 - 2017-06-03 03:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-13 21:42 - 2017-06-03 03:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-13 21:42 - 2017-06-03 03:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-13 21:42 - 2017-06-03 03:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-13 21:42 - 2017-06-03 03:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-13 21:42 - 2017-06-03 03:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-13 21:42 - 2017-06-03 03:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-13 21:42 - 2017-06-03 03:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-13 21:42 - 2017-06-03 03:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-13 21:42 - 2017-06-03 03:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-13 21:42 - 2017-06-03 03:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-13 21:42 - 2017-06-03 03:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-13 21:42 - 2017-06-03 03:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-13 21:42 - 2017-06-03 03:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-13 21:42 - 2017-06-03 03:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-13 21:42 - 2017-06-03 03:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-13 21:42 - 2017-06-03 03:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-13 21:42 - 2017-06-03 03:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-13 21:42 - 2017-06-03 03:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-13 21:42 - 2017-06-03 03:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-13 21:42 - 2017-05-25 00:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-13 21:42 - 2017-03-04 01:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-13 21:42 - 2017-03-04 01:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-13 21:42 - 2017-03-04 01:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-13 21:42 - 2016-09-06 23:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-13 21:41 - 2017-06-03 05:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-13 21:41 - 2017-06-03 05:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-13 21:41 - 2017-06-03 05:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-13 21:41 - 2017-06-03 05:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-13 21:41 - 2017-06-03 05:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-13 21:41 - 2017-06-03 05:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-13 21:41 - 2017-06-03 05:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-13 21:41 - 2017-06-03 05:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-13 21:41 - 2017-06-03 05:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-13 21:41 - 2017-06-03 04:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-13 21:41 - 2017-06-03 04:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-13 21:41 - 2017-06-03 04:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-13 21:41 - 2017-06-03 04:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-13 21:41 - 2017-06-03 04:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-13 21:41 - 2017-06-03 04:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-13 21:41 - 2017-06-03 04:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-13 21:41 - 2017-06-03 04:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-13 21:41 - 2017-06-03 04:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-13 21:41 - 2017-06-03 04:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-13 21:41 - 2017-06-03 04:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-13 21:41 - 2017-06-03 03:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-13 21:41 - 2017-06-03 03:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-13 21:41 - 2017-06-03 01:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-13 04:44 - 2017-06-15 21:04 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-06-12 00:24 - 2017-06-12 00:24 - 00000000 ____D C:\Users\Osama\AppData\Local\FOMM
2017-06-12 00:23 - 2017-06-12 00:23 - 00000000 ____D C:\Users\Osama\AppData\Local\Fallout3
2017-06-11 22:18 - 2017-06-15 14:22 - 00000254 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2017-06-11 21:57 - 2017-06-11 21:57 - 00000000 ____D C:\Users\Osama\AppData\Local\LLSSOFT.del
2017-06-11 19:40 - 2017-06-11 21:07 - 00000000 ____D C:\ProgramData\RegRun
2017-06-11 19:39 - 2017-06-14 00:18 - 00000000 ____D C:\Users\Osama\Documents\RegRun2
2017-06-11 19:39 - 2017-06-11 19:39 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2017-06-11 19:39 - 2017-06-11 19:39 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2017-06-11 19:39 - 2017-06-11 19:39 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2017-06-11 18:56 - 2017-06-20 00:40 - 00001005 ____H C:\Users\Osama\Desktop\SVCVMX.EXE-81E7B59E.pf - Shortcut.lnk
2017-06-11 18:56 - 2017-06-20 00:40 - 00001005 ____H C:\Users\Osama\Desktop\SVCVMX.EXE-81E7B59E.pf - Shortcut (2).lnk
2017-06-11 18:37 - 2017-06-11 18:37 - 968424800 _____ C:\WINDOWS\MEMORY.DMP
2017-06-11 18:37 - 2017-06-11 18:37 - 00756596 _____ C:\WINDOWS\Minidump\061117-5046-01.dmp
2017-06-11 18:22 - 2017-06-20 00:40 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-11 18:22 - 2017-06-11 18:22 - 00000000 ____D C:\WINDOWS\pss
2017-06-11 16:06 - 2017-06-11 16:06 - 00001417 _____ C:\Users\Osama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-06-11 16:06 - 2017-06-11 16:06 - 00000000 ____D C:\Users\Osama\AppData\Local\UNP
2017-06-11 06:11 - 2017-06-11 06:12 - 00000000 ____D C:\Program Files\UNP
2017-06-11 06:11 - 2017-06-11 06:11 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-06-07 19:39 - 2017-06-29 17:10 - 00000000 ____D C:\Users\Osama\AppData\Roaming\DMCache
2017-06-07 18:49 - 2017-06-07 18:58 - 00000000 ____D C:\Users\Osama\AppData\Roaming\IDM
2017-06-07 18:49 - 2017-06-07 18:49 - 00000000 ____D C:\Users\Osama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-07 18:49 - 2017-06-07 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-07 18:49 - 2017-06-07 18:49 - 00000000 ____D C:\ProgramData\IDM
2017-06-07 18:49 - 2017-06-07 18:49 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-06-05 10:50 - 2017-06-05 10:50 - 00257864 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-30 16:17 - 2016-12-11 22:52 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B2CE1079-BC6C-465D-AF6D-94E64D0B27D4}
2017-06-30 16:14 - 2016-11-14 00:21 - 00000000 ____D C:\WINDOWS\Prey
2017-06-30 16:14 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-30 08:41 - 2016-09-25 01:11 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-30 03:24 - 2016-11-18 11:05 - 00000000 ____D C:\Users\Osama\AppData\LocalLow\Mozilla
2017-06-30 03:24 - 2016-09-10 21:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-29 18:13 - 2016-11-17 00:08 - 00161393 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-06-29 18:12 - 2015-11-03 14:28 - 02558964 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-29 18:08 - 2016-09-25 01:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-29 18:08 - 2016-09-25 01:12 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-29 18:08 - 2016-09-11 11:32 - 00000000 __SHD C:\Users\Osama\IntelGraphicsProfiles
2017-06-29 18:08 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-06-29 11:09 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-27 16:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Cursors
2017-06-27 15:27 - 2017-04-19 21:59 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 02:43 - 2017-05-12 16:39 - 00000000 ____D C:\Users\Osama\AppData\Local\vxmixhwt
2017-06-27 00:52 - 2016-09-15 23:41 - 00000000 ____D C:\Users\Osama\AppData\Local\CrashDumps
2017-06-26 23:23 - 2016-07-16 09:15 - 00000000 ____D C:\WINDOWS\OCR
2017-06-26 23:23 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-26 23:22 - 2016-09-25 01:11 - 00359944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-25 20:23 - 2016-09-25 01:13 - 00000000 ____D C:\Users\Osama
2017-06-24 16:59 - 2017-04-24 13:38 - 00000000 ____D C:\Users\Osama\Downloads\Compressed
2017-06-24 02:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-06-24 02:55 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-24 02:55 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-23 02:06 - 2016-09-14 10:58 - 00000000 ____D C:\Users\Osama\AppData\Roaming\Skype
2017-06-22 00:46 - 2016-09-25 01:12 - 00000000 ____D C:\Program Files\Realtek
2017-06-20 01:50 - 2016-08-18 04:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-20 01:26 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-20 01:01 - 2016-09-15 23:52 - 00000000 ____D C:\Users\Osama\Desktop\Video Games
2017-06-19 15:44 - 2016-12-15 12:52 - 00003278 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-19 15:44 - 2016-09-14 10:59 - 00002370 _____ C:\Users\Osama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-19 15:44 - 2016-09-11 11:34 - 00000000 ___RD C:\Users\Osama\OneDrive
2017-06-17 04:44 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-17 04:44 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-16 18:16 - 2016-09-15 23:23 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-16 01:08 - 2016-11-06 12:48 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-16 01:08 - 2016-08-18 04:30 - 01456400 ____N C:\WINDOWS\Minidump\061617-4921-01.dmp
2017-06-14 19:34 - 2017-05-10 11:10 - 00004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-14 16:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-14 00:17 - 2015-11-03 14:24 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-13 23:36 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-13 23:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-13 23:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-13 21:53 - 2016-09-15 23:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-13 19:40 - 2017-05-12 16:49 - 00000000 ____D C:\Users\Osama\AppData\Local\NTUSERLITELIST.del
2017-06-12 00:23 - 2016-10-09 17:03 - 00000000 ____D C:\Users\Osama\Documents\My Games
2017-06-11 22:18 - 2017-05-12 16:39 - 00000000 ____D C:\Program Files (x86)\MICROLEAVES.del
2017-06-11 20:38 - 2017-04-20 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ
2017-06-11 20:27 - 2017-03-24 18:32 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2017-06-11 20:27 - 2017-03-24 18:32 - 00000000 ____D C:\Program Files (x86)\Mr DJ
2017-06-11 20:27 - 2017-03-24 18:31 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-06-08 03:09 - 2016-09-13 12:29 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-08 03:01 - 2017-01-14 21:15 - 00000000 ____D C:\Users\Osama\AppData\Roaming\.minecraft
2017-06-08 03:01 - 2017-01-14 21:15 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-06-07 21:56 - 2017-05-06 13:05 - 00000000 ____D C:\Users\Osama\AppData\Roaming\OBS
2017-06-07 20:46 - 2017-02-07 22:18 - 00000000 ____D C:\Users\Osama\AppData\Local\ElevatedDiagnostics
2017-06-07 18:36 - 2017-03-24 01:47 - 00000000 ____D C:\Users\Osama\Documents\MEGAsync Downloads
2017-06-04 18:27 - 2017-04-07 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-06-04 18:27 - 2016-09-14 13:35 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2017-06-04 18:27 - 2016-09-14 13:35 - 00000000 ____D C:\ProgramData\Skype
2017-06-04 18:10 - 2016-09-14 13:27 - 00000000 ____D C:\Users\Osama\AppData\Local\MEGAsync
2017-06-04 16:41 - 2017-04-24 13:33 - 00000000 ____D C:\Users\Osama\AppData\Local\MegaDownloader
2017-06-03 16:43 - 2016-09-13 12:34 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-06-03 01:36 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 01:36 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-01 13:56 - 2016-09-11 11:32 - 00000000 ____D C:\Users\Osama\AppData\Local\Packages

==================== Files in the root of some directories =======

2017-05-16 19:04 - 2017-05-16 19:04 - 0000128 ____H () C:\Users\Osama\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2016-09-25 01:12 - 2016-09-25 01:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-05-16 19:04 - 2017-05-16 19:04 - 0000128 ____H () C:\ProgramData\ecf00c38dc807e105d881c433a6b455dd2c606b6
2016-09-25 01:12 - 2016-09-25 01:12 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
2017-06-24 05:35 - 2015-07-03 05:46 - 0910848 ____N (© Reactor) C:\Users\Osama\AppData\Local\Temp\installer.exe
2017-06-12 02:41 - 2017-06-12 02:41 - 58128344 _____ (Skype Technologies S.A.) C:\Users\Osama\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-24 19:53

==================== End of FRST.txt ============================

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Osama (30-06-2017 17:22:24)
Running from C:\Users\Osama\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-25 06:18:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1995453271-3764839841-475955195-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1995453271-3764839841-475955195-503 - Limited - Disabled)
Guest (S-1-5-21-1995453271-3764839841-475955195-501 - Limited - Disabled)
Malfo (S-1-5-21-1995453271-3764839841-475955195-1004 - Limited - Disabled)
Osama (S-1-5-21-1995453271-3764839841-475955195-1001 - Administrator - Enabled) => C:\Users\Osama
Rapid (S-1-5-21-1995453271-3764839841-475955195-1003 - Limited - Disabled)
shado (S-1-5-21-1995453271-3764839841-475955195-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Skybox Labs)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0232 - Disc Soft Ltd)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.6.3.44 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.6.3.48 - Dolby Laboratories, Inc.)
Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10240.11165 - Realtek Semiconductor Corp.)
ELAN pointing device (HKLM\...\Elantech) (Version: 11.4.81.1 - ELAN Microelectronic Corp.)
Fallout 3 GOTY version 1.7.0.3 (HKLM-x32\...\Fallout 3 GOTY_is1) (Version: 1.7.0.3 - Mr DJ)
ƒJƒXƒ^ƒ€ƒƒCƒh3D2 (HKLM-x32\...\ƒJƒXƒ^ƒ€ƒƒCƒh3D2) (Version:  - KISS)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FreeFixer (HKLM-x32\...\FreeFixer1.14) (Version: 1.14 - Kephyr)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.4.1186 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{EB14CEF0-8F59-47A3-B965-D0C0D6AC0DA3}) (Version: 18.1.1605.3087 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{475ea806-cb2a-455b-bb1b-9f99342b2fe2}) (Version: 19.40.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iSpring Free Cam 8 (HKLM-x32\...\{9E6D2789-25C1-4884-ACAA-32F187F96410}) (Version: 8.3.15297 - iSpring Solutions Inc.)
JES (HKLM-x32\...\{AE72B60E-47B2-46FE-AC9E-0436A26DAD7D}) (Version: 5.020 - Georgia Institute of Technology)
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Lenovo Solution Center (HKLM\...\{E442BFFD-8406-4C6D-BE7E-0CF6E61EE363}) (Version: 3.2.004.00 - Lenovo)
Lenovo System Interface Foundation Driver (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.078.00 - Lenovo)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mass Effect (HKLM-x32\...\{D5FED686-AF59-454C-91A9-DC357E4AED11}_is1) (Version:  - )
Mass Effect 2 Digital Deluxe Edition version 1.2.1604.0 (HKLM-x32\...\Mass Effect 2 Digital Deluxe Edition_is1) (Version: 1.2.1604.0 - Mr DJ)
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.6.2 SDK (HKLM-x32\...\{39BEF607-44E6-472B-90C1-BD62AA2B7A3F}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 Targeting Pack (HKLM-x32\...\{C07B4BC7-A37D-46A8-B2A3-620CC569D149}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8201.2102 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8201.2102 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1995453271-3764839841-475955195-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Prey Anti-Theft (HKLM-x32\...\{8FA61850-72E8-4B3A-930E-5315606DA727}) (Version: 1.6.3 - Prey, Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10240.29091 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7756 - Realtek Semiconductor Corp.)
Skype™ 7.35 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims 4 Deluxe Edition version 1.10.57.1020 (HKLM-x32\...\The Sims 4 Deluxe Edition_is1) (Version: 1.10.57.1020 - Mr DJ)
Unity Web Player (HKU\S-1-5-21-1995453271-3764839841-475955195-1001\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
User Manuals (HKLM-x32\...\{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo)
Video Win Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.5.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{45D392D2-5956-4646-9CA6-83CBF67507B6}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.33 (HKLM-x32\...\{f23f94c5-8bba-4202-85ad-c83d4402cdc1}) (Version: 10.1.14393.33 - Microsoft Corporation)
WinRAR 5.50 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.4 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1995453271-3764839841-475955195-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Osama\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1995453271-3764839841-475955195-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Osama\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1995453271-3764839841-475955195-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Osama\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1995453271-3764839841-475955195-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Osama\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {058F262B-8342-4144-BEEF-0EB85D5FDD54} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2016-01-25] (Lenovo)
Task: {0CB61A35-4E99-4062-9118-36D8C0863BF8} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.0.26020.0 => C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\VSIXAutoUpdate.exe
Task: {21DAF5A2-EC2C-4CD4-A130-F01C8D4971B7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {245A644A-83A0-44A7-892F-081F10831416} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-20] ()
Task: {322A70B1-27B4-4419-8EE4-4B645FB7C2BA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-20] ()
Task: {3265B736-3F63-4EB9-87EE-9D1B7ED06F43} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {48EF278C-D5D4-4FFC-B5A7-57182E961257} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1995453271-3764839841-475955195-1001UA => C:\Users\Osama\AppData\Local\Google\Update\GoogleUpdate.exe [2017-02-26] (Google Inc.)
Task: {54C4616C-4439-4791-AFF2-B34DE6202EC9} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {5B46EDA4-FC6E-44AA-BC20-E59A6CE8EFA7} - System32\Tasks\{6C12658F-AA24-4709-9F11-F94FA583F933} => pcalua.exe -a "C:\Users\Osama\Downloads\Compressed\Docked Game\TDGirl.exe" -d "C:\Users\Osama\Downloads\Compressed\Docked Game"
Task: {5C51B9F8-30A8-424A-9A69-76A13A3F48B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-20] (Microsoft Corporation)
Task: {7358284F-8D3C-4000-B971-D6F9F31DB478} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {79F79062-2DED-4D1D-95F1-B3E98F240C82} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-19] (Google Inc.)
Task: {8360838F-5E0B-422D-81B5-0AB2DB1EC737} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-20] (Microsoft Corporation)
Task: {84531DFE-2E8B-47AA-A10B-D8B85FC60D49} - System32\Tasks\Nvbackend => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {A03096A5-E911-4E4D-8A43-8906E7E9768F} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Osama\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {B0CE6296-D506-4468-888A-0ECA01DE6B6D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2016-01-25] (Lenovo)
Task: {B31370F2-B2BC-4A40-8CFB-575798D1F71E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-06-20] (Microsoft Corporation)
Task: {B5908542-5C55-4C4E-AD73-683620703BF0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {BD279B09-C41C-4B5F-9B57-3D3882293636} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-19] (Google Inc.)
Task: {BEE6ECAE-10C4-4CDA-9E17-1E5B177D1053} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\67bcf0a4-5f98-4fbd-a362-1f26cf5f09a3 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {E3F79832-341D-4C13-900C-9DB5629D7AE0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1995453271-3764839841-475955195-1001Core => C:\Users\Osama\AppData\Local\Google\Update\GoogleUpdate.exe [2017-02-26] (Google Inc.)
Task: {E4DE7518-DD5C-4BC1-91D6-D933BD153BE0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\68674251-bacb-4748-9c02-a21d309ab41c => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {ECD94EC2-7585-447D-BB79-73315F755FDE} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\995918f4-b0d6-432f-ac60-bec5480f15b7 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {F5420226-2700-40B3-BDC2-3166854AFEB1} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-13 21:42 - 2017-06-03 05:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-27 05:04 - 2016-01-27 05:04 - 00163328 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2016-08-18 04:47 - 2015-06-27 04:34 - 00029112 _____ () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
2016-08-18 04:47 - 2015-08-18 22:00 - 00058296 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2016-09-25 01:12 - 2016-12-29 08:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-08-18 04:47 - 2015-12-02 03:25 - 00043960 _____ () C:\ProgramData\LenovoTransition\Server\x64\EnableAutoRotation.dll
2016-10-31 14:45 - 2017-06-04 18:10 - 00598528 _____ () C:\Users\Osama\AppData\Local\MEGAsync\ShellExtX64.dll
2016-09-13 16:23 - 2017-06-20 01:25 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-25 04:08 - 2016-09-25 04:08 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 10:19 - 2017-03-04 01:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-08-18 04:47 - 2016-08-18 04:47 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2016-08-18 04:47 - 2016-08-18 04:47 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2016-02-04 08:07 - 2016-02-04 08:07 - 00736768 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2017-06-21 16:22 - 2017-06-21 16:23 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 16:22 - 2017-06-21 16:23 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-03 16:54 - 2017-06-03 16:55 - 23661056 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-06-03 16:54 - 2017-06-03 16:55 - 09016320 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-05-26 15:53 - 2017-05-26 16:03 - 03140520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-03 16:54 - 2017-06-03 16:55 - 10214400 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\EntPlat.dll
2017-06-19 15:46 - 2017-06-19 15:47 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-06-19 15:46 - 2017-06-19 15:47 - 27430400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-06-14 14:27 - 2017-06-14 14:30 - 00460288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-06-14 14:27 - 2017-06-14 14:30 - 02275328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-06-08 16:28 - 2017-06-08 16:28 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-14 14:27 - 2017-06-14 14:30 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-09-14 11:02 - 2016-09-14 11:03 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-06-14 14:27 - 2017-06-14 14:30 - 00900096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-05 10:46 - 2017-05-05 10:47 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-09-14 11:02 - 2016-09-14 11:03 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-06-13 13:48 - 2017-06-13 13:48 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_29.30.2001.0_x64__8wekyb3d8bbwe\XboxApp.exe
2017-06-13 13:48 - 2017-06-13 13:48 - 33852416 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_29.30.2001.0_x64__8wekyb3d8bbwe\XboxApp.dll
2016-09-14 11:02 - 2016-09-14 11:03 - 01651112 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_29.30.2001.0_x64__8wekyb3d8bbwe\winsdkfb.dll
2017-03-15 10:20 - 2017-03-04 01:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 10:20 - 2017-03-04 01:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 10:20 - 2017-03-04 01:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-13 21:42 - 2017-06-03 03:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-13 21:42 - 2017-06-03 03:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-13 21:42 - 2017-06-03 03:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-05-09 17:37 - 2017-05-09 17:37 - 00899584 _____ () \\?\C:\Windows\Prey\versions\1.6.8\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\node_sqlite3.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:iSpring Solutions [128]
AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128]
AlternateDataStreams: C:\Users\Osama:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\Osama\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\Osama\AppData\Roaming:iSpring Solutions [128]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1995453271-3764839841-475955195-1001\...\sharepoint.com -> hxxps://uic365-myfiles.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2016-11-02 10:04 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1995453271-3764839841-475955195-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Signature\Signature01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-1995453271-3764839841-475955195-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B9854357-6964-45A8-89C8-855D48F1E2A9}] => (Block) C:\users\osama\documents\megasync downloads\eldewrito_0.5.1.1_release\eldewrito_0.5.1.1_release\eldorado.exe
FirewallRules: [{6C6FF801-7C3C-4372-8015-E43A3190BE31}] => (Block) C:\users\osama\documents\megasync downloads\eldewrito_0.5.1.1_release\eldewrito_0.5.1.1_release\eldorado.exe
FirewallRules: [UDP Query User{94A5828C-B294-4346-9652-2674C4C161BD}C:\users\osama\documents\megasync downloads\eldewrito_0.5.1.1_release\eldewrito_0.5.1.1_release\eldorado.exe] => (Allow) C:\users\osama\documents\megasync downloads\eldewrito_0.5.1.1_release\eldewrito_0.5.1.1_release\eldorado.exe
FirewallRules: [TCP Query User{0234BB7F-04C6-499C-A1CF-35239A7C3F5C}C:\users\osama\documents\megasync downloads\eldewrito_0.5.1.1_release\eldewrito_0.5.1.1_release\eldorado.exe] => (Allow) C:\users\osama\documents\megasync downloads\eldewrito_0.5.1.1_release\eldewrito_0.5.1.1_release\eldorado.exe
FirewallRules: [{6930B678-300B-4BBF-9CCE-6BF87DCA3B53}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C43F538D-73FD-43EF-A49A-B79FFB14F036}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E688907B-8841-49A9-9CE2-3DE902D7EBE3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{01476003-B5EF-45BE-ABF8-FB6195C99E13}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4B3080B2-9601-45ED-8CD2-0BBE5667CF49}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{07BA8C09-FAA5-48AF-A54E-B1278195AC0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6C203402-A4AD-452E-89EB-4C05F75F6A26}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7285F678-92DF-49DF-BD4E-BC5DC2208450}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{7456D124-1869-4857-9423-33FE4EB8E03F}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{21DAE541-9108-4424-BB49-BCCEC311C95C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{0BAD1BA8-E9F7-436A-8287-5486BE178DC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [TCP Query User{C3388CA9-A4AA-409E-B975-9412D1D0A1A7}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{D40F07B2-9E5C-4C58-9590-560988DFB42E}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [{1B954E2E-BA54-4D59-98FD-D7237DAD338A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [{C47CC7CB-39C2-4977-8285-B4CAFB860D7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [{C03C454F-BDBA-43A8-8144-297FF1F0CADD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{75C332B7-310D-4800-A685-369715884AE8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B20B4496-29C1-464D-8FFE-395BD52A5686}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{FB5A14C4-D877-45B7-BF00-68C872E6BA45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{FC934991-1695-4970-8750-9C20DC8BA3E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{D4BE7BDE-7E10-4CC2-B658-FDCA64ACE5D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{39E5A409-4649-4F79-B763-032F6FC0F587}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{0500CD50-1963-4014-AEF6-7A002D6561CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{D96F6CE8-5AE6-4FBF-A5AF-856B49475ADA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{C33B1171-6F56-4878-A7D8-01CDD7E1F95F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4AD66202-82EC-49BF-A5C2-C6905F54FCE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{89681889-FDB9-4404-83F8-A135DE3274DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{EACA9755-262C-4952-ADE9-3390FFD935E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{54D1918A-02AA-42F1-929A-D3D7F81FF347}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{235CC86B-675C-4829-90CB-63C2D2975294}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BA4670AF-AF13-4EC2-BC58-5458ADA1B9F8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1384D063-FBC9-4391-8EAC-66324E86EF04}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{D8524CAE-C82F-4E5E-92BC-EC057D32C490}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{D00BA57E-C1CB-4233-BF4F-BB3954706F95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{BE630FB4-1317-49F8-BE6A-4EBD79F6C056}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{22C009DC-F72B-4C9B-A0EF-53AF4E3ED168}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{751D2B2C-5251-41EA-B85D-189CFE3EEB96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [TCP Query User{F0525235-0D03-4F8E-80DD-DF6D330C4111}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{6986099D-7AC2-4F25-9087-819ACEA21024}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{1AA1BBC2-0526-4341-B52D-C8A181622807}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{9DCDA350-10B9-484F-A6B0-5ABF42CD4581}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [TCP Query User{3E65F66A-0203-4B9B-BF17-A9E5B67E9096}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{4BB6CB52-4EDE-4E6A-8913-4ED31FE4CEEA}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{0F7BC407-B5B6-4F60-BDF9-131D342772F9}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{53B63049-B6CB-4502-83A5-036E58DA0677}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{B842A412-3B7A-4DAA-9E30-F80C0AEF9997}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [TCP Query User{C67F2EFD-5657-4BA7-9E48-0C20F4D6F25C}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe
FirewallRules: [UDP Query User{61ED34F0-78E7-46EE-80C6-E3A945F34B5B}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe
FirewallRules: [{69FBAD06-1A5F-4870-B73A-14F5CAE4EBD1}] => (Block) C:\program files\megadownloader\megadownloader.exe
FirewallRules: [{438FBA55-054F-451E-8B8E-8D140117F56E}] => (Block) C:\program files\megadownloader\megadownloader.exe
FirewallRules: [{18C9272D-D828-4026-8A15-0915E68109BB}] => (Allow) C:\Program Files (x86)\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [{40C2C301-18D6-4AA1-BF30-CC54EA3E0941}] => (Allow) C:\Program Files (x86)\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [{BAD7AFF6-828E-4348-A0EA-9A0D10FD41C1}] => (Allow) C:\Program Files\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [{473C1DDC-E559-4904-A460-87D4B4A74EC9}] => (Allow) C:\Program Files\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [{252DF10D-8736-43BF-A319-4729B7EA5C73}] => (Allow) C:\Windows\Prey\versions\1.6.8\bin\node.exe
FirewallRules: [TCP Query User{1EC47862-2965-4813-8F94-40741805FD96}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E898313D-5B00-48B0-AE53-5782AC9FBB3D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{8B111FAF-712C-4D70-AE95-21AEED93B84D}] => (Allow) C:\Program Files (x86)\Mr DJ\Mass Effect 2 Digital Deluxe Edition\MassEffect2Launcher.exe
FirewallRules: [{0B4B6975-8126-4D15-8CE2-6F62911C4C3B}] => (Allow) C:\Program Files (x86)\Mr DJ\Mass Effect 2 Digital Deluxe Edition\MassEffect2Launcher.exe
FirewallRules: [TCP Query User{D5E60914-2CF5-4BA8-804B-37F6EA8B881B}C:\program files (x86)\mr dj\mass effect 2 digital deluxe edition\binaries\masseffect2.exe] => (Allow) C:\program files (x86)\mr dj\mass effect 2 digital deluxe edition\binaries\masseffect2.exe
FirewallRules: [UDP Query User{078D21CC-4A10-4DE4-8CAF-4DB94EAB4329}C:\program files (x86)\mr dj\mass effect 2 digital deluxe edition\binaries\masseffect2.exe] => (Allow) C:\program files (x86)\mr dj\mass effect 2 digital deluxe edition\binaries\masseffect2.exe
FirewallRules: [TCP Query User{D5380FC0-4DEF-4063-B217-E14D407F9AEC}C:\program files (x86)\mr dj\mass effect 2 digital deluxe edition\binaries\masseffect2.exe] => (Allow) C:\program files (x86)\mr dj\mass effect 2 digital deluxe edition\binaries\masseffect2.exe
FirewallRules: [UDP Query User{9FD15AB1-AD93-4804-BEA0-258046432B8D}C:\program files (x86)\mr dj\mass effect 2 digital deluxe edition\binaries\masseffect2.exe] => (Allow) C:\program files (x86)\mr dj\mass effect 2 digital deluxe edition\binaries\masseffect2.exe
FirewallRules: [{C006D141-72B1-4C82-996C-0B82902F7FC7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{80495C16-98BA-4823-9B6F-4352973BE837}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{82098F29-9C12-4F59-99AC-ACE9D23946B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{52FB272A-8B4A-42F9-983D-1AF2355B623B}] => (Allow) C:\Program Files (x86)\Mr DJ\Fallout 3 GOTY\GeMM\fomm.exe
FirewallRules: [{6CEBE5D3-9CBA-485E-92BE-B2AA88487894}] => (Allow) C:\Program Files (x86)\Mr DJ\Fallout 3 GOTY\GeMM\fomm.exe
FirewallRules: [{185A4687-898E-4096-9A37-8593A9699E96}] => (Allow) C:\Program Files (x86)\Mr DJ\Fallout 3 GOTY\FalloutLauncher.exe
FirewallRules: [{75110BAF-A579-4AF5-B1D1-444943406FD3}] => (Allow) C:\Program Files (x86)\Mr DJ\Fallout 3 GOTY\FalloutLauncher.exe
FirewallRules: [{D3E3407E-CB31-4987-A103-9C75E42B38CB}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{9ADFEAF0-D6CB-44AA-9B64-4C87A8ED357E}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{F8319168-4CD3-4247-98A3-ACDF29CB02BB}] => (Allow) C:\Users\Osama\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{C94AADB2-7712-43C2-95F3-ABAEEF7A49D3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

27-06-2017 04:01:04 Scheduled Checkpoint
29-06-2017 17:10:33 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2017 04:15:52 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
    (HRESULT : 0x80040210) (0x80040210)

Error: (06/30/2017 04:15:52 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).

Error: (06/30/2017 04:14:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (06/30/2017 04:14:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (06/30/2017 04:14:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (06/30/2017 04:14:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (06/30/2017 04:14:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=311, vendorId=0, vendorType=0

Error: (06/30/2017 04:14:26 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (06/30/2017 04:14:26 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (06/30/2017 04:14:26 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0


System errors:
=============
Error: (06/30/2017 04:40:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/30/2017 02:49:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2017 11:22:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2017 10:56:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2017 09:15:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2017 08:30:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2017 08:00:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2017 06:08:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2017 06:08:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2017 06:08:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-06-27 03:02:06.205
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-24 19:53:26.539
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-14 03:23:02.163
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-12 20:41:06.737
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-07 20:46:33.220
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-28 18:40:41.890
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-25 16:38:30.322
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-20 18:56:15.322
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-10 11:32:20.182
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-17 17:51:39.815
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 22%
Total physical RAM: 16237.76 MB
Available physical RAM: 12562.3 MB
Total Virtual: 17261.76 MB
Available Virtual: 13396.17 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.23 GB) (Free:61.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 6897DEB7)

Partition: GPT.

==================== End of Addition.txt ============================



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 PM

Posted 01 July 2017 - 04:33 PM

One last push!

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
How's your system behaving now? Are there any other issues that needs to be addressed?

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 XsickxplayX

XsickxplayX
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 01 July 2017 - 08:45 PM

Here we go:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Osama (01-07-2017 20:14:23) Run:1
Running from C:\Users\Osama\Downloads
Loaded Profiles: Osama (Available Profiles: Osama)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

SearchScopes: HKLM -> DefaultScope value is missing

CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}

CustomCLSID: HKU\S-1-5-21-1995453271-3764839841-475955195-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Osama\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1995453271-3764839841-475955195-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Osama\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File

Task: {5B46EDA4-FC6E-44AA-BC20-E59A6CE8EFA7} - System32\Tasks\{6C12658F-AA24-4709-9F11-F94FA583F933} => pcalua.exe -a "C:\Users\Osama\Downloads\Compressed\Docked Game\TDGirl.exe" -d "C:\Users\Osama\Downloads\Compressed\Docked Game"

AlternateDataStreams: C:\ProgramData:iSpring Solutions [128]
AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128]
AlternateDataStreams: C:\Users\Osama:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\Osama\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\Osama\AppData\Roaming:iSpring Solutions [128]

FirewallRules: [{F8319168-4CD3-4247-98A3-ACDF29CB02BB}] => (Allow) C:\Users\Osama\AppData\Local\Chromium\Application\chrome.exe

C:\Program Files (x86)\MICROLEAVES.del

 

 

 

 

System is not acting up, its working just fine now!


Edited by XsickxplayX, 01 July 2017 - 08:45 PM.


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 PM

Posted 01 July 2017 - 08:46 PM

Awesome, that's good!

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;
Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and dqVs5wj.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

AntivirusAntimalwareFirewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages);
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall;
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it;
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 XsickxplayX

XsickxplayX
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 01 July 2017 - 08:48 PM

Thanks man! Can I still view this thread when you close it?



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 PM

Posted 01 July 2017 - 08:58 PM

Yes you can. It'll just be closed, but will still be there :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 XsickxplayX

XsickxplayX
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 01 July 2017 - 09:10 PM

Sweet! That's all I needed. You can close it now. Thanks for everything.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users