Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something keeps loading in the background, always!


  • This topic is locked This topic is locked
13 replies to this topic

#1 armaanm33

armaanm33

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 06 July 2017 - 02:44 AM

Hello!

My PC runs on a Windows 10 Home Single User, 64x bit processor. Recently I found a minor problem where my something constantly loads in the background, and this problem has turned into a major one. Even the cursor shifts while I am typing as if I switched between the tabs.

 

Also, I was playing this game, GTA San andreas, and every 10-20 seconds, the desktop main screen shows up, as if I shifted the windows screen, (like we do using Alt+Tab)

 

I am not a pro at computers and all.

Saw this site as a trusted one and a helpful one, hope that my problem would be looked upon.

 

Thank you!

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:54 AM

Posted 09 July 2017 - 08:51 AM

Greetings armaanm33 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

What do you mean by "loading in the background." How have you determined that and what, if anything, do you see.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • What is loading in the background?
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 armaanm33

armaanm33
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 09 July 2017 - 10:24 AM

Hello Gary!

 

By loading I meant sometimes a pop up appears and disappears with the blink of an eye, and a loading process is all that I was able to observe. Also while typing, sometimes the pointer disappears, reappears within a second(meanwhile I could'nt type, basically like when the tabs are switched)

 

FRST results:-

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by mohd yunus (ATTENTION: The user is not administrator) on LENOVO-PC (09-07-2017 19:40:24)
Running from C:\Users\mohd yunus\Downloads
Loaded Profiles: mohd yunus (Available Profiles: mohd yunus & mohd)
Platform: Windows 10 Home Single Language Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> igfxCUIService.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> DdMgr.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> svchost.exe
Failed to access process -> IdeaTouch.LocalDataServer.Education.exe
Failed to access process -> HeciServer.exe
Failed to access process -> Service.exe
Failed to access process -> K7CrvSvc.exe
Failed to access process -> k7tsmngr.exe
Failed to access process -> MDM.EXE
Failed to access process -> NLSSRV32.EXE
Failed to access process -> svchost.exe
Failed to access process -> NitroPDFDriverService8x64.exe
Failed to access process -> svchost.exe
Failed to access process -> winsecurity.exe
Failed to access process -> XBLive.exe
Failed to access process -> dasHost.exe
Failed to access process -> k7rtscan.exe
Failed to access process -> k7fwsrvc.exe
Failed to access process -> k7emlpxy.exe
Failed to access process -> svchost.exe
Failed to access process -> PresentationFontCache.exe
Failed to access process -> iPodService.exe
Failed to access process -> rundll32.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> armsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> dwm.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) D:\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
Failed to access process -> JME_LOAD.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7tsecurity.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7sysmon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
Failed to access process -> svchost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPNetworkCommunicatorCom.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-25] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-12-15] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167640 2012-12-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [sun21] => "C:\Program Files (x86)\SunnyDay21\SunnyDay.exe" <==== ATTENTION
HKLM-x32\...\Run: [Openwares LiveUpdate] => C:\Program Files\LiveUpdate\LiveUpdate.exe
HKLM-x32\...\Run: [K7TSStart] => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSecurity.exe [223544 2017-06-27] (K7 Computing Pvt Ltd)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2017-05-29] ()
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\...\Run: [HP Deskjet 3540 series (NET)] => C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-4228541638-1917213688-2020295977-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080
Winsock: Catalog5-x64 07 C:\Windows\system32\wlidnsp.dll [66048 2016-07-16] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\Windows\system32\wlidnsp.dll [66048 2016-07-16] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d13216bb-b29e-4118-a0c3-bd53829d7f88}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131207323918867874&GUID=50068EDB-C8B0-45D5-818D-511828E9DB7F
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1425739453&from=brd&uid=ST500DM002-1BD142_W3T8GW8EXXXXW3T8GW8E&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1425739453&from=brd&uid=ST500DM002-1BD142_W3T8GW8EXXXXW3T8GW8E&q={searchTerms}
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_2eb241e4&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITofQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8NVA3vqYYvmo4J6IYwVRdJCoVwVI4ICIWNVA9J6oVwVM9GqYVNUI3wGYGwVM4J6k4vFI9GqUNNos3wCIYwVA9JmoUwVA3vCITwVI9GqUNNFM3wGQENEVcGCIXvFI9ImIWwVA9J6ILNFdcIaUXNEBcGqQANFdcFCk8NoM4JmoWvFI9JCIYvmo9JCk3wVw4ICIVvFRdImISNVI9JqYXvFM9I6oUNVE9JqYUwVw4ICIVvFE9JCIVwVQ9JqYYvFI9J6oVvFFbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6IVwVVdISoUNVI4ISIVNVM9I6oVNVE3vmk4wVw4ICIWNVE9J6ISNVU9JmIVNVM9I6IVvFFdISIWwVJdIGYVvFQ9J6IXNVFdIqQIwV5dJGYNvmE4IHFbMnMbQGMVNqVbNWFdMaFcQGR7BHFaISopzU0aCaV7CaN9C70bA74hQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAHFbJoMkynwhAHFbJpcsynw8BDwo&param2=NGZ8LWp4LWJ4NJ%3D%3D&p={searchTerms}
SearchScopes: HKLM-x32 -> {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_2eb241e4&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITofQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8NVA3vqYYvmo4J6IYwVRdJCoVwVI4ICIWNVA9J6oVwVM9GqYVNUI3wGYGwVM4J6k4vFI9GqUNNos3wCIYwVA9JmoUwVA3vCITwVI9GqUNNFM3wGQENEVcGCIXvFI9ImIWwVA9J6ILNFdcIaUXNEBcGqQANFdcFCk8NoM4JmoWvFI9JCIYvmo9JCk3wVw4ICIVvFRdImISNVI9JqYXvFM9I6oUNVE9JqYUwVw4ICIVvFE9JCIVwVQ9JqYYvFI9J6oVvFFbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6IVwVVdISoUNVI4ISIVNVM9I6oVNVE3vmk4wVw4ICIWNVE9J6ISNVU9JmIVNVM9I6IVvFFdISIWwVJdIGYVvFQ9J6IXNVFdIqQIwV5dJGYNvmE4IHFbMnMbQGMVNqVbNWFdMaFcQGR7BHFaISopzU0aCaV7CaN9C70bA74hQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAHFbJoMkynwhAHFbJpcsynw8BDwo&param2=NGZ8LWp4LWJ4NJ%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001 -> DefaultScope {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001 -> {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001 -> {B329B567-D7E5-4847-B398-1BCA34202711} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_2eb241e4&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITofQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8NVA3vqYYvmo4J6IYwVRdJCoVwVI4ICIWNVA9J6oVwVM9GqYVNUI3wGYGwVM4J6k4vFI9GqUNNos3wCIYwVA9JmoUwVA3vCITwVI9GqUNNFM3wGQENEVcGCIXvFI9ImIWwVA9J6ILNFdcIaUXNEBcGqQANFdcFCk8NoM4JmoWvFI9JCIYvmo9JCk3wVw4ICIVvFRdImISNVI9JqYXvFM9I6oUNVE9JqYUwVw4ICIVvFE9JCIVwVQ9JqYYvFI9J6oVvFFbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6IVwVVdISoUNVI4ISIVNVM9I6oVNVE3vmk4wVw4ICIWNVE9J6ISNVU9JmIVNVM9I6IVvFFdISIWwVJdIGYVvFQ9J6IXNVFdIqQIwV5dJGYNvmE4IHFbMnMbQGMVNqVbNWFdMaFcQGR7BHFaISopzU0aCaV7CaN9C70bA74hQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAHFbJoMkynwhAHFbJpcsynw8BDwo&param2=NGZ8LWp4LWJ4NJ%3D%3D&p={searchTerms}
BHO-x32: Cash Kitten -> {9ea7bd36-2d13-4df3-837f-7ac273765e7d} -> C:\Program Files (x86)\Cash Kitten\Extensions\9ea7bd36-2d13-4df3-837f-7ac273765e7d.dll => No File
 
FireFox:
========
FF DefaultProfile: 41A66E7E5EE1
FF ProfilePath: C:\Users\mohd yunus\AppData\Roaming\Mozilla\Firefox\Profiles\khuxrius.default [2017-06-27]
FF user.js: detected! => C:\Users\mohd yunus\AppData\Roaming\Mozilla\Firefox\Profiles\khuxrius.default\user.js [2016-04-02]
FF SearchPlugin: C:\Users\mohd yunus\AppData\Roaming\Mozilla\Firefox\Profiles\khuxrius.default\searchplugins\search.yahoo.com.xml [2016-08-22]
FF ProfilePath: C:\Users\mohd yunus\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 [2017-06-27]
FF user.js: detected! => C:\Users\mohd yunus\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2016-04-02]
FF Extension: (GsearchFinder) - C:\Users\mohd yunus\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-29]
FF Extension: (Cash Kitten) - C:\Users\mohd yunus\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{df82c73a-d1d9-4aea-b18a-18274a04178f}.xpi [2016-04-01] [not signed]
FF SearchPlugin: C:\Users\mohd yunus\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\search.yahoo.com.xml [2016-08-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4228541638-1917213688-2020295977-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-19] (Intel)
FF Plugin HKU\S-1-5-21-4228541638-1917213688-2020295977-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-19] (Intel)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> hxxps://in.search.yahoo.com/?type=937811&fr=yo-yhp-ch
CHR StartupUrls: Profile 2 -> "hxxps://www.google.co.in/"
CHR NewTab: Profile 2 ->  Not-active:"chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html"
CHR Profile: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-08-22]
CHR Extension: (BuyHatke) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jaehkpjddfdgiiefcnhahapilbejohhj [2016-05-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-10]
CHR Extension: (Gmail) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-10]
CHR Profile: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-07-09]
CHR Extension: (Google Slides) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-18]
CHR Extension: (Google Docs) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-18]
CHR Extension: (Google Drive) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-18]
CHR Extension: (YouTube) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-18]
CHR Extension: (Google Sheets) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-18]
CHR Extension: (Google Docs Offline) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-18]
CHR Extension: (Momentum) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2017-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-02]
CHR Extension: (Gmail) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-18]
CHR Extension: (Chrome Media Router) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR Profile: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-05-10]
CHR Extension: (Google Slides) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-10]
CHR Extension: (Docs) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-10]
CHR Extension: (Google Drive) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-10]
CHR Extension: (YouTube) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-10]
CHR Extension: (Google Sheets) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-10]
CHR Extension: (Google Docs Offline) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-10]
CHR Extension: (BuyHatke) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jaehkpjddfdgiiefcnhahapilbejohhj [2016-05-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-10]
CHR Extension: (Gmail) - C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-10]
CHR HKLM\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jaehkpjddfdgiiefcnhahapilbejohhj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jaehkpjddfdgiiefcnhahapilbejohhj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S2 AVHealthMon; C:\WINDOWS\AVHealthMonitor\HealthMon.exe [114712 2014-04-05] (K7 Computing Pvt. Ltd.)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [25184 2013-08-09] (Microsoft) [File not signed]
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [104448 2017-05-29] (Freemake) [File not signed]
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-18] (Microsoft) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 K7CrvSvc; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7CrvSvc.exe [262752 2011-12-21] (K7 Computing Pvt Ltd)
R2 K7EmlPxy; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7EmlPxy.exe [163864 2015-10-31] (K7 Computing Pvt Ltd)
R2 K7FWSrvc; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7FWSrvc.exe [274968 2015-10-31] (K7 Computing Pvt Ltd)
R2 K7RTScan; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7RTScan.exe [299888 2017-07-03] (K7 Computing Pvt Ltd)
R2 K7TSMngr; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSMngr.exe [319104 2017-05-29] (K7 Computing Pvt Ltd)
R3 lmhosts; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1264640 2016-12-27] (Microsoft Corporation) [File not signed] <==== ATTENTION
R2 XBox; C:\Program Files (x86)\XBox\XBLive.exe [6342584 2016-06-13] (Microsoft Corporation) <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cmnxusbser; C:\WINDOWS\system32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
R0 K7FWHlpr; C:\WINDOWS\System32\drivers\K7FWHlpr.sys [110544 2015-01-22] (K7 Computing Pvt Ltd)
R0 K7Sentry; C:\WINDOWS\System32\drivers\K7Sentry.sys [196208 2017-07-03] (K7 Computing Pvt Ltd)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation                           )
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-09 19:40 - 2017-07-09 19:42 - 00024440 _____ C:\Users\mohd yunus\Downloads\FRST.txt
2017-07-09 19:38 - 2017-07-09 19:40 - 00000000 ____D C:\FRST
2017-07-09 19:37 - 2017-07-09 19:38 - 02437120 _____ (Farbar) C:\Users\mohd yunus\Downloads\FRST64.exe
2017-07-06 20:40 - 2017-07-06 20:40 - 00000000 ____D C:\Users\mohd yunus\Downloads\Friends - season 1.en
2017-07-04 13:48 - 2017-07-04 13:50 - 00000000 ___RD C:\Users\mohd yunus\Desktop\Armaan documents
2017-07-04 13:42 - 2017-07-04 13:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-04 13:42 - 2017-07-04 13:42 - 00002135 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-07-04 13:16 - 2017-07-04 13:16 - 01205776 _____ (Adobe Systems Incorporated) C:\Users\mohd yunus\Downloads\readerdc_en_xa_crd_install.exe
2017-07-04 12:13 - 2017-07-04 12:13 - 00688992 _____ (Swearware) C:\Users\mohd yunus\Downloads\dds (1).com
2017-07-01 18:21 - 2017-07-01 18:21 - 00128512 _____ C:\Users\mohd yunus\AppData\Roaming\Setup68798.exe
2017-07-01 18:21 - 2017-07-01 18:21 - 00038912 _____ C:\Users\mohd yunus\AppData\Roaming\Setup31164.exe
2017-07-01 18:21 - 2015-03-08 08:30 - 02399744 _____ C:\Users\mohd yunus\Documents\lmms.exe
2017-06-30 15:37 - 2017-06-30 15:49 - 01999648 _____ C:\Users\mohd yunus\Downloads\1 - Imagine Dragons - Thunder [MP3 320Kbps] - [7Tunes].mp3.crdownload
2017-06-29 22:54 - 2017-06-29 22:54 - 00627856 _____ C:\Users\mohd yunus\Downloads\Friends - season 1.en.zip
2017-06-27 17:55 - 2017-06-27 17:55 - 00000000 ____D C:\Users\mohd yunus\AppData\Roaming\Brorsoft
2017-06-27 17:52 - 2017-06-27 17:52 - 00000000 ____D C:\Users\mohd yunus\Downloads\deadpool-2016-1080p-bluray-x264-sparks-rarbg-english-83738
2017-06-27 17:51 - 2017-06-27 17:51 - 00048684 _____ C:\Users\mohd yunus\Downloads\deadpool-2016-1080p-bluray-x264-sparks-rarbg-english-83738.zip
2017-06-27 17:41 - 2017-06-27 17:41 - 00001408 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2017-06-27 17:41 - 2017-06-27 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2017-06-27 17:37 - 2017-06-27 17:45 - 37789051 _____ (Brorsoft Studio ) C:\Users\mohd yunus\Downloads\blurayvideoconverterultimate_setup.exe
2017-06-27 17:34 - 2017-06-27 17:38 - 32681056 _____ (Ellora Assets Corporation ) C:\Users\mohd yunus\Downloads\FreemakeVideoConverterFull.exe
2017-06-25 16:34 - 2017-06-25 16:36 - 00000000 ____D C:\Users\mohd yunus\Downloads\catch-me-if-you-can-english-yify-5334 (1)
2017-06-25 16:34 - 2017-06-25 16:34 - 00052157 _____ C:\Users\mohd yunus\Downloads\catch-me-if-you-can-english-yify-5334.zip
2017-06-25 16:34 - 2017-06-25 16:34 - 00052157 _____ C:\Users\mohd yunus\Downloads\catch-me-if-you-can-english-yify-5334 (1).zip
2017-06-18 11:03 - 2017-06-18 11:03 - 00000000 ___HD C:\$SysReset
2017-06-18 11:03 - 2017-06-18 11:03 - 00000000 ____D C:\$WINDOWS.~BT
2017-06-17 21:13 - 2017-06-17 21:13 - 00000000 ____D C:\Users\mohd yunus\Documents\FlashIntegro
2017-06-17 21:13 - 2017-06-17 21:13 - 00000000 ____D C:\Users\mohd yunus\AppData\Roaming\FlashIntegro
2017-06-17 21:13 - 2017-06-17 21:13 - 00000000 ____D C:\Users\mohd yunus\AppData\Local\CrashRpt
2017-06-17 20:50 - 2017-06-17 20:50 - 00000000 __SHD C:\found.000
2017-06-17 20:08 - 2017-06-17 20:08 - 00001789 _____ C:\Users\mohd yunus\Desktop\VideoEditor.lnk
2017-06-17 20:01 - 2017-06-17 20:01 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-17 20:00 - 2017-06-17 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro
2017-06-17 19:58 - 2017-05-12 11:38 - 00071480 _____ (Flash-Integro LLC) C:\WINDOWS\SysWOW64\mslvddsfilter3.ax
2017-06-17 19:57 - 2017-06-17 20:00 - 00000000 ____D C:\Program Files (x86)\FlashIntegro
2017-06-17 19:57 - 2011-12-07 18:32 - 00216064 _____ ( ) C:\WINDOWS\SysWOW64\Lagarith.dll
2017-06-17 19:57 - 2005-08-01 18:43 - 00245760 _____ () C:\WINDOWS\SysWOW64\lame.ax
2017-06-17 19:57 - 2004-12-10 09:03 - 00438272 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2017-06-17 19:57 - 2004-09-06 15:06 - 00053248 _____ C:\WINDOWS\SysWOW64\xvid.ax
2017-06-17 19:57 - 2004-07-03 20:08 - 00139264 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll
2017-06-17 19:57 - 2004-07-03 19:59 - 00524288 _____ C:\WINDOWS\SysWOW64\xvidcore.dll
2017-06-17 19:57 - 2004-02-04 20:11 - 00081920 _____ (fccHandler) C:\WINDOWS\SysWOW64\AC3ACM.acm
2017-06-17 19:57 - 2003-05-22 11:26 - 00638976 _____ (DivXNetworks, Inc.) C:\WINDOWS\SysWOW64\divx.dll
2017-06-17 19:57 - 2003-05-22 11:26 - 00221215 _____ (DivXNetworks, Inc.) C:\WINDOWS\SysWOW64\divxdec.ax
2017-06-17 19:57 - 2003-05-21 22:50 - 00261632 _____ (MainConcept) C:\WINDOWS\SysWOW64\mcdvd_32.dll
2017-06-17 19:57 - 2003-05-21 22:50 - 00156910 _____ C:\WINDOWS\WMSysPr8.prx
2017-06-17 19:57 - 2003-05-21 22:50 - 00082944 _____ (Voxware, Inc.) C:\WINDOWS\SysWOW64\vct3216.acm
2017-06-17 19:57 - 2003-05-21 22:50 - 00038912 _____ (NCT Company) C:\WINDOWS\SysWOW64\alf2cd.acm
2017-06-17 19:57 - 2003-03-25 04:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\SysWOW64\L3CODECX.AX
2017-06-17 19:57 - 2002-08-19 23:41 - 00413760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg4c32.dll
2017-06-17 19:57 - 2000-03-14 19:55 - 00013239 _____ (SHARP Corporation) C:\WINDOWS\SysWOW64\Scg726.acm
2017-06-17 19:47 - 2017-06-17 19:57 - 38434920 _____ (Flash-Integro LLC ) C:\Users\mohd yunus\Downloads\video_editor.exe
2017-06-12 21:01 - 2017-06-12 21:01 - 00002738 _____ C:\Users\mohd yunus\Desktop\µTorrent.lnk
2017-06-12 21:01 - 2017-06-12 21:01 - 00002738 _____ C:\Users\mohd yunus\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-06-12 20:59 - 2017-06-12 20:59 - 02431680 _____ (BitTorrent Inc.) C:\Users\mohd yunus\Downloads\uTorrent.exe
2017-06-12 20:52 - 2017-06-12 20:52 - 00001196 _____ C:\Users\mohd yunus\Desktop\Task Manager.lnk
2017-06-12 16:51 - 2017-06-12 16:51 - 00000000 ____D C:\Users\mohd yunus\Downloads\13-reasons-why-english-1101262
2017-06-12 16:50 - 2017-06-12 16:50 - 00641398 _____ C:\Users\mohd yunus\Downloads\13-reasons-why-english-1101262.zip
2017-06-12 16:48 - 2017-06-12 16:48 - 00000000 ____D C:\Users\mohd yunus\Downloads\13-reasons-why-english-1107080
2017-06-12 16:47 - 2017-06-12 16:47 - 00444555 _____ C:\Users\mohd yunus\Downloads\13-reasons-why-english-1107080.zip
2017-06-11 23:04 - 2017-06-11 23:04 - 00000000 ____D C:\Users\mohd yunus\Downloads\13-reasons-why-season-1-episode-11-english-34798
2017-06-11 23:03 - 2017-06-11 23:03 - 00026270 _____ C:\Users\mohd yunus\Downloads\13-reasons-why-season-1-episode-11-english-34798.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-09 19:38 - 2016-06-07 17:09 - 00000000 ____D C:\ProgramData\Windows Security
2017-07-09 19:17 - 2016-04-12 16:57 - 00000000 __SHD C:\Users\mohd yunus\IntelGraphicsProfiles
2017-07-08 21:01 - 2017-01-10 16:27 - 00000000 ____D C:\Users\mohd yunus
2017-07-08 19:50 - 2016-07-16 17:17 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-08 19:50 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-08 16:46 - 2016-07-16 17:06 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-08 16:24 - 2016-01-13 19:12 - 00000000 ____D C:\Program Files (x86)\Opera
2017-07-05 13:51 - 2017-01-10 16:27 - 00000000 ____D C:\Users\mohd
2017-07-05 13:48 - 2017-01-10 16:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-05 13:45 - 2017-06-02 20:52 - 00000614 _____ C:\Users\mohd yunus\Desktop\San Andreas.lnk
2017-07-04 13:46 - 2015-01-03 00:10 - 00000000 ____D C:\Users\mohd yunus\AppData\Local\Adobe
2017-07-04 13:40 - 2014-06-21 17:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-07-04 13:13 - 2016-06-07 17:08 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-07-04 13:07 - 2017-01-10 16:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-03 18:46 - 2016-08-28 19:04 - 00196208 _____ (K7 Computing Pvt Ltd) C:\WINDOWS\system32\Drivers\K7Sentry.Sys
2017-07-02 15:01 - 2017-04-12 17:24 - 00000000 ___RD C:\Users\mohd yunus\Documents\Scanned Documents
2017-07-02 12:14 - 2016-10-14 21:14 - 00000463 _____ C:\Users\mohd yunus\.lmmsrc.xml
2017-06-30 14:10 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-29 22:48 - 2016-05-28 23:11 - 00000000 ___RD C:\Users\mohd yunus\Desktop\songs
2017-06-27 23:37 - 2015-01-03 09:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-27 23:31 - 2015-01-03 09:42 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-27 23:30 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-27 17:43 - 2016-05-11 17:53 - 00000000 ____D C:\Users\mohd yunus\AppData\Local\FreemakeVideoConverter
2017-06-27 17:42 - 2016-05-11 17:53 - 00000000 ____D C:\ProgramData\Freemake
2017-06-27 17:41 - 2016-05-11 17:52 - 00000000 ____D C:\Program Files (x86)\Freemake
2017-06-21 13:48 - 2016-04-13 18:45 - 00002433 _____ C:\Users\mohd yunus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-18 00:16 - 2016-01-07 14:25 - 00000000 ____D C:\Users\mohd yunus\AppData\Roaming\uTorrent
2017-06-17 21:39 - 2016-07-16 17:15 - 00000000 ____D C:\WINDOWS\INF
2017-06-17 20:42 - 2017-06-07 23:22 - 00000928 _____ C:\Users\mohd yunus\Desktop\Start Tor Browser.lnk
2017-06-17 20:36 - 2017-01-13 22:25 - 00000000 ____D C:\WINDOWS\Minidump
 
==================== Files in the root of some directories =======
 
2016-06-08 16:20 - 2016-06-08 16:20 - 0011568 _____ () C:\Users\mohd yunus\AppData\Roaming\InstallationConfiguration.xml
2016-06-08 16:20 - 2016-06-08 16:20 - 0128512 _____ () C:\Users\mohd yunus\AppData\Roaming\Installer.dat
2016-01-17 14:30 - 2016-10-08 17:48 - 0000254 _____ () C:\Users\mohd yunus\AppData\Roaming\WB.CFG
2016-01-06 15:18 - 2016-01-06 15:18 - 0004096 ____H () C:\Users\mohd yunus\AppData\Local\keyfile3.drm
2017-01-10 16:23 - 2017-01-10 16:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2017-03-08 19:12 - 2017-03-08 19:12 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\mohd yunus\AppData\Local\Temp\COMAP.EXE
2017-05-17 18:27 - 2017-05-17 18:27 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\dmafruor.exe
2017-05-17 18:34 - 2017-05-17 18:35 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\l1i5mw2h.exe
2017-05-17 18:33 - 2017-05-17 18:33 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\lyrbqrux.exe
2017-06-22 00:07 - 2017-06-22 00:08 - 1995192 _____ (HOW Inc.                                                    ) C:\Users\mohd yunus\AppData\Local\Temp\mp3gmo2r.exe
2017-05-17 18:31 - 2017-05-17 18:31 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\r0seevnc.exe
2017-05-17 18:34 - 2017-05-17 18:35 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\tgomdx1p.exe
2017-05-17 18:32 - 2017-05-17 18:32 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\uranwphi.exe
2017-05-17 18:25 - 2017-05-17 18:25 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\yseofphs.exe
2017-06-22 00:05 - 2017-06-22 00:06 - 1995192 _____ (HOW Inc.                                                    ) C:\Users\mohd yunus\AppData\Local\Temp\ztbryq5f.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. The user is not administrator
 
==================== End of FRST.txt ============================
 
 
 
ADDITION!
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by mohd yunus (09-07-2017 19:44:18)
Running from C:\Users\mohd yunus\Downloads
Windows 10 Home Single Language Version 1607 (X64) (2017-01-10 11:40:59)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4228541638-1917213688-2020295977-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4228541638-1917213688-2020295977-503 - Limited - Disabled)
Guest (S-1-5-21-4228541638-1917213688-2020295977-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4228541638-1917213688-2020295977-1003 - Limited - Enabled)
mohd (S-1-5-21-4228541638-1917213688-2020295977-1005 - Administrator - Enabled) => C:\Users\mohd
mohd yunus (S-1-5-21-4228541638-1917213688-2020295977-1001 - Limited - Enabled) => C:\Users\mohd yunus
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: K7AntiVirus Premium (Enabled - Up to date) {F00FDD89-D190-E257-55B2-5A2C4E7195C1}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: K7AntiVirus Premium (Enabled - Up to date) {4B6E3C6D-F7AA-EDD9-6F02-615E35F6DF7C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: K7AntiVirus Premium (Enabled) {C8345CAC-9BFF-E30F-7EED-F319B0A2D2BA}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\...\uTorrent) (Version: 3.5.0.43784 - BitTorrent Inc.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
DocX Viewer version 1.2 (HKLM-x32\...\DocX Viewer_is1) (Version: 1.2 - )
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0903 - Lenovo)
Free YouTube Downloader 4.1.591 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Deskjet 3540 series Basic Device Software (HKLM\...\{60D33935-59B4-4ACE-8FAE-EBC60DE40A9C}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
K7AntiVirus Premium (HKLM-x32\...\K7AntiVirus Premium) (Version: 15.00 - K7 Computing Pvt Ltd)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.18 - Lenovo)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.3.0 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5424.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5424.52 - CyberLink Corp.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3614 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3614 - CyberLink Corp.)
LMMS 1.1.3 (HKLM-x32\...\LMMS) (Version: 1.1.3 - LMMS Developers)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{7E9123BE-E96E-46EF-A097-6EEC2065F752}) (Version: 8.5.5.2 - Nitro)
Opera Stable 46.0.2597.39 (HKLM-x32\...\Opera 46.0.2597.39) (Version: 46.0.2597.39 - Opera Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39050 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0224 - REALTEK Semiconductor Corp.)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
VSDC Free Video Editor version 5.7.7.702 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.7.702 - Flash-Integro LLC)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers01: [iSkysoftVideoConverterFileOpreation] -> {BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => C:\windows\SysWOW64\ISCM64.dll [2015-02-27] ()
ContextMenuHandlers01: [K7Computing.K7AVScanner] -> {FD23B962-BADB-11D7-B0FE-00C026A19B93} => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSSExt64.dll [2015-10-31] (K7 Computing Pvt Ltd)
ContextMenuHandlers01: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2013-06-17] (Nitro PDF)
ContextMenuHandlers01: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-26] (WinZip Computing, S.L.)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers04: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-26] (WinZip Computing, S.L.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers06: [K7Computing.K7AVScanner] -> {FD23B962-BADB-11D7-B0FE-00C026A19B93} => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSSExt64.dll [2015-10-31] (K7 Computing Pvt Ltd)
ContextMenuHandlers06: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-26] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\mohd yunus\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
 
ShortcutWithArgument: C:\Users\mohd yunus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-11 21:02 - 2017-04-28 06:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-04 22:01 - 2016-09-07 10:26 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-04-04 21:58 - 2017-03-04 12:01 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-04-04 22:00 - 2017-03-04 11:42 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-04-04 22:00 - 2017-03-04 11:35 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-04 21:59 - 2017-03-04 11:35 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-11 21:02 - 2017-04-28 05:06 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-05-11 21:02 - 2017-04-28 05:06 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-11 21:02 - 2017-04-28 05:07 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-06-28 15:24 - 2017-06-28 15:30 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-28 15:24 - 2017-06-28 15:29 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-28 15:24 - 2017-06-28 15:30 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-28 15:24 - 2017-06-28 15:30 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-06-27 17:41 - 2017-05-29 15:38 - 00073216 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Users\shaya_000\Desktop\book.docx:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 18:55 - 2016-08-28 18:32 - 00002349 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
 
There are 12 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "Openwares LiveUpdate"
HKLM\...\StartupApproved\Run32: => "sun21"
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\...\StartupApproved\StartupFolder: => "Download (1).lnk"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0826964F-0755-42D0-A113-641C36C8E35F}] => (Allow) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
FirewallRules: [{9AC31A49-CA9B-4A84-965F-C3FF574AE60E}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{1A9BC7C8-6145-4F5C-99FA-58CD4F87EBA0}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{0569B8BC-B076-4ED2-AAD3-E10C15B0E814}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{2729A68C-5A73-44FB-8D34-E47C12FF42F9}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{49A44924-BB2F-4C5A-98BD-B71B3160EBDE}] => (Allow) D:\iTunes\iTunes.exe
FirewallRules: [{2F1ACB32-70AE-4C05-9AB5-6BE2C597FA31}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8BA3F473-38D6-4410-A4E9-245AD9EFB63C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{69ACB0ED-177D-4D55-86CC-75C3BFDD493B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1CD411A8-0879-4B1D-B1F7-A83E9D141D39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C3D2D076-889A-4642-B699-662029589B38}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{F6A0929B-62FA-4639-BE02-F990391D7F3C}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{41899419-2FED-44FB-905B-F433312AB21F}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{EC565E9F-2972-4E76-B8B6-A41DEA5578DD}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{909E3216-2E7E-426F-AD82-649F5BB84B28}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{AF69D387-59FA-47F9-B7E3-EE5BBB0EC2DC}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6C7CC36B-35CB-47C8-AAAB-A78038BACDA8}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0316EEE2-CFAA-4E39-9832-857A77B7B59B}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{D9A41DDB-A1BA-481E-B250-BFBEEDF38BB1}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{C5A62C15-6E7A-40CD-8CAC-5072CBBCF7EF}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{371B82D6-E02E-4C12-B2D7-B655C7005FF1}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{150F6C24-58D8-4935-9FA6-60CE974185EA}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0ADFF864-B4B4-4B72-981E-1F9DB6BBCCF3}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{8BE5F528-321E-4E41-8642-DAC426EB0BC2}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{6B7870A8-62CC-47FA-A9A0-CC103D731BF1}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{E4FDC721-C306-4912-A177-A871F2B46B2D}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{F5BC53D9-F403-42C4-B566-7BF2BAF3E1D7}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{D9333CA2-C700-43C1-90B8-FA35D1162B32}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{602092CA-0BC5-4F5D-9845-5388CF02163C}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{CBF10D55-A5F6-4858-B4D4-3E5F7D63E275}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{FE688895-DD54-4926-BACC-22C2FB8A3600}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{5C800025-CEE1-45C7-9ED9-D888B544B08F}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6BA5493C-D51B-4B2D-8FD3-2B80384D6655}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [UDP Query User{76072D52-75CD-4794-917F-1CC0575117EA}C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [TCP Query User{6AB8BEA8-64AA-4BFD-881D-ED6DA71A2ADE}C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [{BDB01B16-8872-45F9-95D8-035BEC577DDC}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{44B23594-3B69-4B4E-914E-CE65A9DFA091}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{34334B3A-F2E2-4CB8-9386-566A417EDDF3}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [UDP Query User{FB88BA60-7C61-4502-B614-5CB9D1388592}C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [TCP Query User{4E41C717-80F6-47C4-8708-C73917701904}C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [{FFCE7F07-123F-4234-B1FD-0ADEB328E81B}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{B7BB3151-1300-4BCA-985F-2E9A44DFC5A7}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{CE51B570-FD78-487D-A040-AF439546274D}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{F30AB347-F454-4DC3-8995-9F7658BA900A}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [UDP Query User{47D707C7-55F7-499B-B5B4-59A2D382FEC4}C:\users\shaya_000\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{B98FA2FE-3611-42AF-A099-97F5F603F683}C:\users\shaya_000\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{C65258D6-2BE8-47BE-8ED6-464F9476A96A}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{D9C28C3D-E647-4EA5-A1A7-224FFF0704CA}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [UDP Query User{55E50310-85E4-4855-B094-5C58035E1126}C:\users\shaya_000\desktop\utorrent.exe] => (Allow) C:\users\shaya_000\desktop\utorrent.exe
FirewallRules: [TCP Query User{18C1B282-7E2E-4167-B352-6C629BAA6D9E}C:\users\shaya_000\desktop\utorrent.exe] => (Allow) C:\users\shaya_000\desktop\utorrent.exe
FirewallRules: [{7A40D297-9977-4FEE-B81F-1FDE0E0AD763}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0AFADC5F-B6A4-43D8-ADD1-99DF23346C2F}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{7D8B6A8A-49C0-4984-9773-7D4727EFB6CA}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0B21819B-9E4E-48B9-806B-904D9D0A8277}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{D82A570B-616B-4CB7-9006-629F5BFCA692}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{8141E624-DC62-47B2-B710-D3565471F7F2}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{23D0818D-9275-43C1-9A57-CC21992EB3EE}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6AB9A1C9-E596-4AE0-831D-2CE9D1D8AD59}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [UDP Query User{02CA318F-33C3-43AA-A9E5-7202A90F2391}C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [TCP Query User{37635F39-4B61-4B69-9667-185956B44E3E}C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [{7302D505-A24D-4C63-BDCD-D96D071F25E2}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{4D38B7D7-56F8-4610-85C2-12648AE098D3}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{9DDC5F96-DA71-46D7-B2D2-0CAE3E48E018}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{52CAC8E0-BAED-49C1-B70F-4F50CF5F526A}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{719CBAC2-CAAC-4F51-8FA8-4A40B9B886BA}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{CF655386-487B-4276-85CE-DB4919764FB5}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6C295E71-908B-4807-8A16-6F5188036412}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{AD053D68-ABA3-4FA4-8B1E-75C10FDDE560}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{51830AA8-BF78-4F1C-A07A-8265DE9C647B}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{BBF01CD0-D474-4A90-BE55-94DB8D4EC0CD}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{DB5AE8B5-66DD-4E50-B6BB-542DCEB5E90B}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{9CB3BFA5-B777-4320-93E0-517C6E206540}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{455EA7E9-0028-4169-A54C-F9007B8975B5}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{217F314E-C221-4BF9-88B8-20A21BF23FEE}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{8924C636-5AE7-4AA2-97E3-D2230CCDC348}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6D8647BB-6E1A-40E6-B1E8-351E84606D6A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{60DFB5A9-2442-4536-99AC-C470566A8A44}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{FD709381-DC90-4696-8E51-B63470F8649B}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{5441005B-123E-420F-8E17-A7103F784F2A}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{242F3391-B004-46B2-8006-5E4AE7D84CAA}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{DE08330B-8495-4CC0-8AF6-4E2692A19050}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{03BF0AC9-0A1E-47B9-9183-8A5A34EC44FB}] => (Allow) C:\Program Files (x86)\speed browser\Application\browser.exe
FirewallRules: [{EFB980A3-6E4E-44C8-86A1-3566C2E12695}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F72D1A6F-3225-4469-9A41-234277571B5B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BEDEAB7F-5BB8-40FF-A532-1FEAB0BB768E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2D035D1-A3E0-4DAA-8E64-6BD6426C630A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1366874-FE38-4FE5-AA88-FC0DEFE950A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{31652523-7190-4B2B-A734-9A9F31DDEA20}C:\users\shaya_000\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{2DAA3839-F4E3-412D-AE5A-52F8306AEB7B}C:\users\shaya_000\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{AE2DAA7F-427A-4748-BE58-CCF86AB88ADB}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\DeviceSetup.exe
FirewallRules: [{965A0257-B90C-4F69-B7A8-6C0717186284}] => (Allow) LPort=5357
FirewallRules: [{264EA7EB-20F1-492C-8C77-9B4BBDF0DD96}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{CB3F5D1C-FBA7-43FC-B48D-05172EF7D057}C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.5_41865.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.5_41865.exe
FirewallRules: [UDP Query User{7391A3C4-A65A-4BDC-933A-DB9991CE1BE2}C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.5_41865.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.5_41865.exe
FirewallRules: [TCP Query User{D2BC4334-BD36-4187-A0B8-834151B5C657}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E6E189AF-FA47-495D-8690-DB3D4B34A2FB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5FFAF5F6-3267-419A-AE8D-0D615068A2DC}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{52C5F322-32AB-4645-BED3-BE6195E3EE3F}] => (Allow) C:\Users\mohd\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EC05BBE6-4225-4CFF-AD65-5069C1C1D096}] => (Allow) C:\Users\mohd\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1DAFABBE-C41D-42DD-AB21-34DC46AC7797}] => (Allow) C:\Users\mohd yunus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BE4A0C25-CADA-4968-86D7-F84C8F9CDACC}] => (Allow) C:\Users\mohd yunus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{95338CC4-38F2-44F3-8072-E00027114577}] => (Allow) C:\Users\mohd yunus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{22455C86-0AB4-4AA6-B757-ACA301235371}] => (Allow) C:\Users\mohd yunus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{43F8596A-1BC4-46F2-ADC0-6316DEF5625F}] => (Allow) C:\Users\mohd yunus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{38B0959E-7940-4CD0-B0E5-4ABB296BE51F}] => (Allow) C:\Users\mohd yunus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1BA29466-B2B6-4CC3-8733-156590F51259}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{154A6763-ED50-4BD9-B681-25A68667D534}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{B11FB4C6-081C-4EDA-8A4F-07CAE0651B35}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{A30D53A2-DB43-42FC-8C2D-342195DE7CC5}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{11CA9D5F-D79A-45D8-A988-DDD2248D32B1}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{7C1A98B9-99F9-4586-8B2E-9C2601C17DDE}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{AA314DFE-EF7A-445D-A772-C833CEBE514E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F155E609-178C-4AC7-9FC3-68569E762967}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
FirewallRules: [{DFF3168C-F925-43CA-AE19-050979F8A6B4}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.39\opera.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® Pentium® processor N- and J-series / Intel® Celeron® processor N- and J-series EHCI USB - 0F34
Description: Intel® Pentium® processor N- and J-series / Intel® Celeron® processor N- and J-series EHCI USB - 0F34
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/09/2017 07:45:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x4b1c
Faulting application start time: 0x01d2f8bdd3886925
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 8dd69da4-e515-4672-98aa-084930c6a6e5
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/09/2017 07:45:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x54b4
Faulting application start time: 0x01d2f8bdca8ecc1d
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 4733ee6e-a99b-4fc2-bb13-1debcd5715b7
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/09/2017 07:45:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x6314
Faulting application start time: 0x01d2f8bdc194a501
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 80d3689d-1749-4aa0-86b2-2cfe36fa5846
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/09/2017 07:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x5fc0
Faulting application start time: 0x01d2f8bdb89a5c33
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: bd27d4bb-0152-40fc-9c41-36e708f42d98
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/09/2017 07:44:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x1df4
Faulting application start time: 0x01d2f8bdafa01e67
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 47db4444-3512-4d43-8ceb-3ad3853b6c9c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/09/2017 07:44:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x450c
Faulting application start time: 0x01d2f8bda6a5d132
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: bbbc6986-d57d-4c6c-9259-4907659d8c0c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/09/2017 07:44:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x6144
Faulting application start time: 0x01d2f8bd9da00057
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 2dba1011-7ea9-40f7-bf17-53df07496938
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/09/2017 07:43:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x5ce0
Faulting application start time: 0x01d2f8bd9494613d
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 4b7a0bd6-c9c2-4f6e-b156-b9811a171bdf
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/09/2017 07:43:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x47e4
Faulting application start time: 0x01d2f8bd8b99471f
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 77a4c80e-29e8-4334-bb5e-98e572075569
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/09/2017 07:43:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x5a2c
Faulting application start time: 0x01d2f8bd829f3f5e
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: c469ec43-694f-46c0-a6e9-a1dcbe518ef5
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (07/09/2017 07:20:45 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/09/2017 07:17:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/09/2017 03:13:08 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: The server {7E203817-236D-4E25-B5C9-EC22048B2B6D} did not register with DCOM within the required timeout.
 
Error: (07/09/2017 03:13:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/09/2017 01:58:08 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/09/2017 01:57:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/09/2017 09:04:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/09/2017 09:03:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/08/2017 09:01:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/08/2017 07:40:47 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU J1800 @ 2.41GHz
Percentage of memory in use: 76%
Total physical RAM: 1938.21 MB
Available physical RAM: 459 MB
Total Virtual: 3614.06 MB
Available Virtual: 1353.34 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:97.66 GB) (Free:2.16 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Fixed) (Total:341.85 GB) (Free:188.62 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:54 AM

Posted 09 July 2017 - 01:23 PM

Greetings,

The FRST scan needs to be run while logged into an Administrator account. Please log into the mohd account and rerun the scan.

 


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 armaanm33

armaanm33
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 11 July 2017 - 03:45 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by mohd (administrator) on LENOVO-PC (11-07-2017 13:02:03)
Running from C:\
Loaded Profiles: mohd yunus & mohd (Available Profiles: mohd yunus & mohd)
Platform: Windows 10 Home Single Language Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\K7CrvSvc.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7tsmngr.001
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe
(Microsoft Corporation) C:\Program Files (x86)\XBox\XBLive.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7rtscan.001
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7fwsrvc.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7emlpxy.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1439_none_7efe016621f50bd0\TiWorker.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) D:\iTunes\iTunesHelper.exe
(BitTorrent Inc.) C:\Users\mohd\AppData\Roaming\uTorrent\uTorrent.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7tsecurity.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(BitTorrent Inc.) C:\Users\mohd\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7sysmon.exe
(BitTorrent Inc.) C:\Users\mohd\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) D:\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7tsecurity.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7sysmon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
Failed to access process -> sysnetwk.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSAlrt.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-25] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-12-15] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167640 2012-12-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [sun21] => "C:\Program Files (x86)\SunnyDay21\SunnyDay.exe" <==== ATTENTION
HKLM-x32\...\Run: [Openwares LiveUpdate] => C:\Program Files\LiveUpdate\LiveUpdate.exe
HKLM-x32\...\Run: [K7TSStart] => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSecurity.exe [223544 2017-06-27] (K7 Computing Pvt Ltd)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2017-05-29] ()
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\...\Run: [HP Deskjet 3540 series (NET)] => C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-4228541638-1917213688-2020295977-1005\...\Run: [uTorrent] => C:\Users\mohd\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-07-10] (BitTorrent Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-4228541638-1917213688-2020295977-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyEnable: [S-1-5-21-4228541638-1917213688-2020295977-1005] => Proxy is enabled.
ProxyServer: [S-1-5-21-4228541638-1917213688-2020295977-1005] => http=127.0.0.1:8080;https=127.0.0.1:8080
Winsock: Catalog5-x64 07 C:\Windows\system32\wlidnsp.dll [66048 2016-07-16] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\Windows\system32\wlidnsp.dll [66048 2016-07-16] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d13216bb-b29e-4118-a0c3-bd53829d7f88}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131207323918867874&GUID=50068EDB-C8B0-45D5-818D-511828E9DB7F
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1425739453&from=brd&uid=ST500DM002-1BD142_W3T8GW8EXXXXW3T8GW8E&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1425739453&from=brd&uid=ST500DM002-1BD142_W3T8GW8EXXXXW3T8GW8E&q={searchTerms}
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4228541638-1917213688-2020295977-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131207323920050669&GUID=50068EDB-C8B0-45D5-818D-511828E9DB7F
HKU\S-1-5-21-4228541638-1917213688-2020295977-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4228541638-1917213688-2020295977-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_2eb241e4&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITofQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8NVA3vqYYvmo4J6IYwVRdJCoVwVI4ICIWNVA9J6oVwVM9GqYVNUI3wGYGwVM4J6k4vFI9GqUNNos3wCIYwVA9JmoUwVA3vCITwVI9GqUNNFM3wGQENEVcGCIXvFI9ImIWwVA9J6ILNFdcIaUXNEBcGqQANFdcFCk8NoM4JmoWvFI9JCIYvmo9JCk3wVw4ICIVvFRdImISNVI9JqYXvFM9I6oUNVE9JqYUwVw4ICIVvFE9JCIVwVQ9JqYYvFI9J6oVvFFbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6IVwVVdISoUNVI4ISIVNVM9I6oVNVE3vmk4wVw4ICIWNVE9J6ISNVU9JmIVNVM9I6IVvFFdISIWwVJdIGYVvFQ9J6IXNVFdIqQIwV5dJGYNvmE4IHFbMnMbQGMVNqVbNWFdMaFcQGR7BHFaISopzU0aCaV7CaN9C70bA74hQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAHFbJoMkynwhAHFbJpcsynw8BDwo&param2=NGZ8LWp4LWJ4NJ%3D%3D&p={searchTerms}
SearchScopes: HKLM-x32 -> {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_2eb241e4&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITofQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8NVA3vqYYvmo4J6IYwVRdJCoVwVI4ICIWNVA9J6oVwVM9GqYVNUI3wGYGwVM4J6k4vFI9GqUNNos3wCIYwVA9JmoUwVA3vCITwVI9GqUNNFM3wGQENEVcGCIXvFI9ImIWwVA9J6ILNFdcIaUXNEBcGqQANFdcFCk8NoM4JmoWvFI9JCIYvmo9JCk3wVw4ICIVvFRdImISNVI9JqYXvFM9I6oUNVE9JqYUwVw4ICIVvFE9JCIVwVQ9JqYYvFI9J6oVvFFbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6IVwVVdISoUNVI4ISIVNVM9I6oVNVE3vmk4wVw4ICIWNVE9J6ISNVU9JmIVNVM9I6IVvFFdISIWwVJdIGYVvFQ9J6IXNVFdIqQIwV5dJGYNvmE4IHFbMnMbQGMVNqVbNWFdMaFcQGR7BHFaISopzU0aCaV7CaN9C70bA74hQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAHFbJoMkynwhAHFbJpcsynw8BDwo&param2=NGZ8LWp4LWJ4NJ%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001 -> DefaultScope {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001 -> {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001 -> {B329B567-D7E5-4847-B398-1BCA34202711} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_2eb241e4&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITofQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8NVA3vqYYvmo4J6IYwVRdJCoVwVI4ICIWNVA9J6oVwVM9GqYVNUI3wGYGwVM4J6k4vFI9GqUNNos3wCIYwVA9JmoUwVA3vCITwVI9GqUNNFM3wGQENEVcGCIXvFI9ImIWwVA9J6ILNFdcIaUXNEBcGqQANFdcFCk8NoM4JmoWvFI9JCIYvmo9JCk3wVw4ICIVvFRdImISNVI9JqYXvFM9I6oUNVE9JqYUwVw4ICIVvFE9JCIVwVQ9JqYYvFI9J6oVvFFbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6IVwVVdISoUNVI4ISIVNVM9I6oVNVE3vmk4wVw4ICIWNVE9J6ISNVU9JmIVNVM9I6IVvFFdISIWwVJdIGYVvFQ9J6IXNVFdIqQIwV5dJGYNvmE4IHFbMnMbQGMVNqVbNWFdMaFcQGR7BHFaISopzU0aCaV7CaN9C70bA74hQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAHFbJoMkynwhAHFbJpcsynw8BDwo&param2=NGZ8LWp4LWJ4NJ%3D%3D&p={searchTerms}
BHO-x32: Cash Kitten -> {9ea7bd36-2d13-4df3-837f-7ac273765e7d} -> C:\Program Files (x86)\Cash Kitten\Extensions\9ea7bd36-2d13-4df3-837f-7ac273765e7d.dll => No File
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4228541638-1917213688-2020295977-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-19] (Intel)
FF Plugin HKU\S-1-5-21-4228541638-1917213688-2020295977-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-19] (Intel)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> buyhatke
CHR Profile: C:\Users\mohd\AppData\Local\Google\Chrome\User Data\Default [2017-07-11]
CHR Extension: (Google Slides) - C:\Users\mohd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-24]
CHR Extension: (Google Docs) - C:\Users\mohd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-26]
CHR Extension: (Google Drive) - C:\Users\mohd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-26]
CHR Extension: (YouTube) - C:\Users\mohd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-26]
CHR Extension: (Google Sheets) - C:\Users\mohd\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-24]
CHR Extension: (Google Docs Offline) - C:\Users\mohd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-10]
CHR Extension: (BuyHatke) - C:\Users\mohd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaehkpjddfdgiiefcnhahapilbejohhj [2017-07-10]
CHR Extension: (Home Tab) - C:\Users\mohd\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofkpgiaknijknhajbhnghkodiccblkg [2017-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mohd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-24]
CHR Extension: (Gmail) - C:\Users\mohd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\mohd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-24]
CHR HKLM\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jaehkpjddfdgiiefcnhahapilbejohhj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4228541638-1917213688-2020295977-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jaehkpjddfdgiiefcnhahapilbejohhj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jaehkpjddfdgiiefcnhahapilbejohhj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S2 AVHealthMon; C:\WINDOWS\AVHealthMonitor\HealthMon.exe [114712 2014-04-05] (K7 Computing Pvt. Ltd.)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [25184 2013-08-09] (Microsoft) [File not signed]
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [104448 2017-05-29] (Freemake) [File not signed]
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-18] (Microsoft) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 K7CrvSvc; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7CrvSvc.exe [262752 2011-12-21] (K7 Computing Pvt Ltd)
R2 K7EmlPxy; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7EmlPxy.exe [163864 2015-10-31] (K7 Computing Pvt Ltd)
R2 K7FWSrvc; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7FWSrvc.exe [274968 2015-10-31] (K7 Computing Pvt Ltd)
R2 K7RTScan; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7RTScan.exe [299888 2017-07-03] (K7 Computing Pvt Ltd)
R2 K7TSMngr; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSMngr.exe [319104 2017-05-29] (K7 Computing Pvt Ltd)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1264640 2016-12-27] (Microsoft Corporation) [File not signed] <==== ATTENTION
R2 XBox; C:\Program Files (x86)\XBox\XBLive.exe [6342584 2016-06-13] (Microsoft Corporation) <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cmnxusbser; C:\WINDOWS\system32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
R0 K7FWHlpr; C:\WINDOWS\System32\drivers\K7FWHlpr.sys [110544 2015-01-22] (K7 Computing Pvt Ltd)
R0 K7Sentry; C:\WINDOWS\System32\drivers\K7Sentry.sys [196208 2017-07-03] (K7 Computing Pvt Ltd)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation                           )
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-11 13:02 - 2017-07-11 13:02 - 00022562 _____ C:\FRST.txt
2017-07-11 12:57 - 2017-07-09 19:38 - 02437120 _____ (Farbar) C:\FRST64.exe
2017-07-10 16:36 - 2017-07-10 16:36 - 00000000 ____D C:\Users\mohd\AppData\Local\MicrosoftEdge
2017-07-10 16:29 - 2017-07-10 16:29 - 00000000 ____D C:\Users\mohd\AppData\Local\NetworkTiles
2017-07-09 19:44 - 2017-07-09 19:45 - 00045900 _____ C:\Users\mohd yunus\Downloads\Addition.txt
2017-07-09 19:40 - 2017-07-09 19:45 - 00037217 _____ C:\Users\mohd yunus\Downloads\FRST.txt
2017-07-09 19:38 - 2017-07-11 13:02 - 00000000 ____D C:\FRST
2017-07-09 19:37 - 2017-07-09 19:38 - 02437120 _____ (Farbar) C:\Users\mohd yunus\Downloads\FRST64.exe
2017-07-06 20:40 - 2017-07-06 20:40 - 00000000 ____D C:\Users\mohd yunus\Downloads\Friends - season 1.en
2017-07-05 13:50 - 2017-07-11 12:41 - 00000000 ____D C:\Users\mohd\AppData\LocalLow\uTorrent
2017-07-05 13:45 - 2017-07-05 13:45 - 00000000 ____D C:\Users\mohd\Documents\GTA San Andreas User Files
2017-07-04 13:48 - 2017-07-04 13:50 - 00000000 ___RD C:\Users\mohd yunus\Desktop\Armaan documents
2017-07-04 13:43 - 2017-07-04 19:42 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-07-04 13:42 - 2017-07-04 13:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-04 13:42 - 2017-07-04 13:42 - 00002135 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-07-04 13:30 - 2017-07-04 13:30 - 00000000 ____D C:\Users\mohd\AppData\Local\Adobe
2017-07-04 13:16 - 2017-07-04 13:16 - 01205776 _____ (Adobe Systems Incorporated) C:\Users\mohd yunus\Downloads\readerdc_en_xa_crd_install.exe
2017-07-04 12:16 - 2017-07-04 12:16 - 00035618 _____ C:\Users\mohd\Desktop\dds.txt
2017-07-04 12:16 - 2017-07-04 12:16 - 00007152 _____ C:\Users\mohd\Desktop\attach.txt
2017-07-04 12:13 - 2017-07-04 12:13 - 00688992 _____ (Swearware) C:\Users\mohd yunus\Downloads\dds (1).com
2017-07-01 18:21 - 2015-03-08 08:30 - 02399744 _____ C:\Users\mohd yunus\Documents\lmms.exe
2017-06-30 15:37 - 2017-06-30 15:49 - 01999648 _____ C:\Users\mohd yunus\Downloads\1 - Imagine Dragons - Thunder [MP3 320Kbps] - [7Tunes].mp3.crdownload
2017-06-30 14:11 - 2017-06-30 14:11 - 00000000 ____D C:\Users\mohd\Documents\Hitman Blood Money
2017-06-29 22:54 - 2017-06-29 22:54 - 00627856 _____ C:\Users\mohd yunus\Downloads\Friends - season 1.en.zip
2017-06-27 17:55 - 2017-06-27 17:55 - 00000000 ____D C:\Users\mohd yunus\AppData\Roaming\Brorsoft
2017-06-27 17:52 - 2017-06-27 17:52 - 00000000 ____D C:\Users\mohd yunus\Downloads\deadpool-2016-1080p-bluray-x264-sparks-rarbg-english-83738
2017-06-27 17:51 - 2017-06-27 17:51 - 00048684 _____ C:\Users\mohd yunus\Downloads\deadpool-2016-1080p-bluray-x264-sparks-rarbg-english-83738.zip
2017-06-27 17:41 - 2017-06-27 17:41 - 00001408 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2017-06-27 17:41 - 2017-06-27 17:41 - 00000000 ____D C:\Users\mohd\Documents\Freemake
2017-06-27 17:41 - 2017-06-27 17:41 - 00000000 ____D C:\Users\mohd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2017-06-27 17:41 - 2017-06-27 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2017-06-27 17:37 - 2017-06-27 17:45 - 37789051 _____ (Brorsoft Studio ) C:\Users\mohd yunus\Downloads\blurayvideoconverterultimate_setup.exe
2017-06-27 17:34 - 2017-06-27 17:38 - 32681056 _____ (Ellora Assets Corporation ) C:\Users\mohd yunus\Downloads\FreemakeVideoConverterFull.exe
2017-06-25 16:34 - 2017-06-25 16:36 - 00000000 ____D C:\Users\mohd yunus\Downloads\catch-me-if-you-can-english-yify-5334 (1)
2017-06-25 16:34 - 2017-06-25 16:34 - 00052157 _____ C:\Users\mohd yunus\Downloads\catch-me-if-you-can-english-yify-5334.zip
2017-06-25 16:34 - 2017-06-25 16:34 - 00052157 _____ C:\Users\mohd yunus\Downloads\catch-me-if-you-can-english-yify-5334 (1).zip
2017-06-18 11:03 - 2017-06-18 11:03 - 00000000 ___HD C:\$SysReset
2017-06-18 11:03 - 2017-06-18 11:03 - 00000000 ____D C:\$WINDOWS.~BT
2017-06-17 21:13 - 2017-06-17 21:13 - 00000000 ____D C:\Users\mohd yunus\Documents\FlashIntegro
2017-06-17 21:13 - 2017-06-17 21:13 - 00000000 ____D C:\Users\mohd yunus\AppData\Roaming\FlashIntegro
2017-06-17 21:13 - 2017-06-17 21:13 - 00000000 ____D C:\Users\mohd yunus\AppData\Local\CrashRpt
2017-06-17 20:50 - 2017-06-17 20:50 - 00000000 __SHD C:\found.000
2017-06-17 20:36 - 2017-06-17 20:37 - 00416660 _____ C:\WINDOWS\Minidump\061717-34046-01.dmp
2017-06-17 20:08 - 2017-06-17 20:08 - 00001789 _____ C:\Users\mohd yunus\Desktop\VideoEditor.lnk
2017-06-17 20:01 - 2017-06-17 20:01 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-17 20:00 - 2017-06-17 20:00 - 00001415 _____ C:\Users\mohd\Desktop\VSDC Free Screen Recorder.lnk
2017-06-17 20:00 - 2017-06-17 20:00 - 00001290 _____ C:\Users\mohd\Desktop\VSDC Free Video Editor.lnk
2017-06-17 20:00 - 2017-06-17 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro
2017-06-17 19:58 - 2017-05-12 11:38 - 00071480 _____ (Flash-Integro LLC) C:\WINDOWS\SysWOW64\mslvddsfilter3.ax
2017-06-17 19:57 - 2017-06-17 20:00 - 00000000 ____D C:\Program Files (x86)\FlashIntegro
2017-06-17 19:57 - 2011-12-07 18:32 - 00216064 _____ ( ) C:\WINDOWS\SysWOW64\Lagarith.dll
2017-06-17 19:57 - 2005-08-01 18:43 - 00245760 _____ () C:\WINDOWS\SysWOW64\lame.ax
2017-06-17 19:57 - 2004-12-10 09:03 - 00438272 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2017-06-17 19:57 - 2004-09-06 15:06 - 00053248 _____ C:\WINDOWS\SysWOW64\xvid.ax
2017-06-17 19:57 - 2004-07-03 20:08 - 00139264 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll
2017-06-17 19:57 - 2004-07-03 19:59 - 00524288 _____ C:\WINDOWS\SysWOW64\xvidcore.dll
2017-06-17 19:57 - 2004-02-04 20:11 - 00081920 _____ (fccHandler) C:\WINDOWS\SysWOW64\AC3ACM.acm
2017-06-17 19:57 - 2003-05-22 11:26 - 00638976 _____ (DivXNetworks, Inc.) C:\WINDOWS\SysWOW64\divx.dll
2017-06-17 19:57 - 2003-05-22 11:26 - 00221215 _____ (DivXNetworks, Inc.) C:\WINDOWS\SysWOW64\divxdec.ax
2017-06-17 19:57 - 2003-05-21 22:50 - 00261632 _____ (MainConcept) C:\WINDOWS\SysWOW64\mcdvd_32.dll
2017-06-17 19:57 - 2003-05-21 22:50 - 00156910 _____ C:\WINDOWS\WMSysPr8.prx
2017-06-17 19:57 - 2003-05-21 22:50 - 00082944 _____ (Voxware, Inc.) C:\WINDOWS\SysWOW64\vct3216.acm
2017-06-17 19:57 - 2003-05-21 22:50 - 00038912 _____ (NCT Company) C:\WINDOWS\SysWOW64\alf2cd.acm
2017-06-17 19:57 - 2003-03-25 04:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\SysWOW64\L3CODECX.AX
2017-06-17 19:57 - 2002-08-19 23:41 - 00413760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg4c32.dll
2017-06-17 19:57 - 2000-03-14 19:55 - 00013239 _____ (SHARP Corporation) C:\WINDOWS\SysWOW64\Scg726.acm
2017-06-17 19:47 - 2017-06-17 19:57 - 38434920 _____ (Flash-Integro LLC ) C:\Users\mohd yunus\Downloads\video_editor.exe
2017-06-12 21:01 - 2017-06-12 21:01 - 00002738 _____ C:\Users\mohd yunus\Desktop\µTorrent.lnk
2017-06-12 21:01 - 2017-06-12 21:01 - 00002738 _____ C:\Users\mohd yunus\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-06-12 20:59 - 2017-06-12 20:59 - 02431680 _____ (BitTorrent Inc.) C:\Users\mohd yunus\Downloads\uTorrent.exe
2017-06-12 20:52 - 2017-06-12 20:52 - 00001196 _____ C:\Users\mohd yunus\Desktop\Task Manager.lnk
2017-06-12 16:51 - 2017-06-12 16:51 - 00000000 ____D C:\Users\mohd yunus\Downloads\13-reasons-why-english-1101262
2017-06-12 16:50 - 2017-06-12 16:50 - 00641398 _____ C:\Users\mohd yunus\Downloads\13-reasons-why-english-1101262.zip
2017-06-12 16:48 - 2017-06-12 16:48 - 00000000 ____D C:\Users\mohd yunus\Downloads\13-reasons-why-english-1107080
2017-06-12 16:47 - 2017-06-12 16:47 - 00444555 _____ C:\Users\mohd yunus\Downloads\13-reasons-why-english-1107080.zip
2017-06-11 23:14 - 2017-06-11 23:14 - 00000946 _____ C:\Users\mohd\Desktop\µTorrent.lnk
2017-06-11 23:14 - 2017-06-11 23:14 - 00000926 _____ C:\Users\mohd\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-06-11 23:04 - 2017-06-11 23:04 - 00000000 ____D C:\Users\mohd yunus\Downloads\13-reasons-why-season-1-episode-11-english-34798
2017-06-11 23:03 - 2017-06-11 23:03 - 00026270 _____ C:\Users\mohd yunus\Downloads\13-reasons-why-season-1-episode-11-english-34798.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-11 13:01 - 2016-12-01 04:26 - 00000000 ____D C:\Users\mohd\AppData\Roaming\uTorrent
2017-07-11 13:01 - 2016-07-16 17:06 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-11 13:00 - 2016-06-07 17:09 - 00000000 ____D C:\ProgramData\Windows Security
2017-07-11 12:50 - 2016-04-12 16:57 - 00000000 __SHD C:\Users\mohd yunus\IntelGraphicsProfiles
2017-07-11 12:47 - 2017-06-04 15:30 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E9B0D7C2-54CF-4AC6-8918-0F473BFD3732}
2017-07-11 12:47 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-07-11 12:41 - 2016-10-08 19:02 - 00000000 __SHD C:\Users\mohd\IntelGraphicsProfiles
2017-07-11 12:29 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-10 16:39 - 2017-01-10 16:27 - 00000000 ____D C:\Users\mohd
2017-07-10 16:29 - 2016-10-08 19:02 - 00000000 ____D C:\Users\mohd\AppData\Local\Packages
2017-07-10 16:28 - 2016-10-08 21:10 - 00000000 ____D C:\Users\mohd\AppData\Roaming\Apple Computer
2017-07-08 21:01 - 2017-01-10 16:27 - 00000000 ____D C:\Users\mohd yunus
2017-07-08 19:50 - 2016-07-16 17:17 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-08 16:24 - 2017-01-10 16:49 - 00003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1452692807
2017-07-08 16:24 - 2016-01-13 19:12 - 00000000 ____D C:\Program Files (x86)\Opera
2017-07-05 13:48 - 2017-01-10 16:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-05 13:45 - 2017-06-02 20:52 - 00000614 _____ C:\Users\mohd yunus\Desktop\San Andreas.lnk
2017-07-04 13:46 - 2015-01-03 00:10 - 00000000 ____D C:\Users\mohd yunus\AppData\Local\Adobe
2017-07-04 13:40 - 2014-06-21 17:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-07-04 13:13 - 2016-06-07 17:08 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-07-04 13:07 - 2017-01-10 16:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-03 18:46 - 2016-08-28 19:04 - 00196208 _____ (K7 Computing Pvt Ltd) C:\WINDOWS\system32\Drivers\K7Sentry.Sys
2017-07-02 15:01 - 2017-04-12 17:24 - 00000000 ___RD C:\Users\mohd yunus\Documents\Scanned Documents
2017-07-02 12:14 - 2016-10-14 21:14 - 00000463 _____ C:\Users\mohd yunus\.lmmsrc.xml
2017-07-01 11:13 - 2017-06-02 20:15 - 00000000 ____D C:\Users\mohd\AppData\Roaming\Nitro PDF
2017-06-29 22:48 - 2016-05-28 23:11 - 00000000 ___RD C:\Users\mohd yunus\Desktop\songs
2017-06-27 23:37 - 2015-01-03 09:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-27 23:31 - 2015-01-03 09:42 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-27 23:30 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-27 17:43 - 2016-05-11 17:53 - 00000000 ____D C:\Users\mohd yunus\AppData\Local\FreemakeVideoConverter
2017-06-27 17:42 - 2016-05-11 17:53 - 00000000 ____D C:\ProgramData\Freemake
2017-06-27 17:41 - 2016-05-11 17:52 - 00000000 ____D C:\Program Files (x86)\Freemake
2017-06-21 13:48 - 2016-04-13 18:45 - 00002433 _____ C:\Users\mohd yunus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-18 00:16 - 2016-01-07 14:25 - 00000000 ____D C:\Users\mohd yunus\AppData\Roaming\uTorrent
2017-06-17 21:39 - 2016-07-16 17:15 - 00000000 ____D C:\WINDOWS\INF
2017-06-17 21:32 - 2016-07-16 11:34 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-06-17 20:42 - 2017-06-07 23:22 - 00000928 _____ C:\Users\mohd yunus\Desktop\Start Tor Browser.lnk
2017-06-17 20:36 - 2017-01-13 22:25 - 00000000 ____D C:\WINDOWS\Minidump
 
==================== Files in the root of some directories =======
 
2017-01-10 16:23 - 2017-01-10 16:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2016-11-21 15:53 - 2016-11-21 15:53 - 0052640 _____ () C:\Users\mohd\AppData\Local\Temp\pin2taskbar.exe
2017-03-08 19:12 - 2017-03-08 19:12 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\mohd yunus\AppData\Local\Temp\COMAP.EXE
2017-05-17 18:27 - 2017-05-17 18:27 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\dmafruor.exe
2017-05-17 18:34 - 2017-05-17 18:35 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\l1i5mw2h.exe
2017-05-17 18:33 - 2017-05-17 18:33 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\lyrbqrux.exe
2017-06-22 00:07 - 2017-06-22 00:08 - 1995192 _____ (HOW Inc.                                                    ) C:\Users\mohd yunus\AppData\Local\Temp\mp3gmo2r.exe
2017-05-17 18:31 - 2017-05-17 18:31 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\r0seevnc.exe
2017-05-17 18:34 - 2017-05-17 18:35 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\tgomdx1p.exe
2017-05-17 18:32 - 2017-05-17 18:32 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\uranwphi.exe
2017-05-17 18:25 - 2017-05-17 18:25 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\yseofphs.exe
2017-06-22 00:05 - 2017-06-22 00:06 - 1995192 _____ (HOW Inc.                                                    ) C:\Users\mohd yunus\AppData\Local\Temp\ztbryq5f.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-27 23:30
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
ADDITION_________________________
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by mohd (11-07-2017 13:05:28)
Running from C:\
Windows 10 Home Single Language Version 1607 (X64) (2017-01-10 11:40:59)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4228541638-1917213688-2020295977-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4228541638-1917213688-2020295977-503 - Limited - Disabled)
Guest (S-1-5-21-4228541638-1917213688-2020295977-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4228541638-1917213688-2020295977-1003 - Limited - Enabled)
mohd (S-1-5-21-4228541638-1917213688-2020295977-1005 - Administrator - Enabled) => C:\Users\mohd
mohd yunus (S-1-5-21-4228541638-1917213688-2020295977-1001 - Limited - Enabled) => C:\Users\mohd yunus
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: K7AntiVirus Premium (Enabled - Up to date) {F00FDD89-D190-E257-55B2-5A2C4E7195C1}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: K7AntiVirus Premium (Enabled - Up to date) {4B6E3C6D-F7AA-EDD9-6F02-615E35F6DF7C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: K7AntiVirus Premium (Enabled) {C8345CAC-9BFF-E30F-7EED-F319B0A2D2BA}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\...\uTorrent) (Version: 3.5.0.43784 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-4228541638-1917213688-2020295977-1005\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
DocX Viewer version 1.2 (HKLM-x32\...\DocX Viewer_is1) (Version: 1.2 - )
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0903 - Lenovo)
Free YouTube Downloader 4.1.591 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Deskjet 3540 series Basic Device Software (HKLM\...\{60D33935-59B4-4ACE-8FAE-EBC60DE40A9C}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
K7AntiVirus Premium (HKLM-x32\...\K7AntiVirus Premium) (Version: 15.00 - K7 Computing Pvt Ltd)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.18 - Lenovo)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.3.0 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5424.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5424.52 - CyberLink Corp.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3614 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3614 - CyberLink Corp.)
LMMS 1.1.3 (HKLM-x32\...\LMMS) (Version: 1.1.3 - LMMS Developers)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4228541638-1917213688-2020295977-1005\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{7E9123BE-E96E-46EF-A097-6EEC2065F752}) (Version: 8.5.5.2 - Nitro)
Opera Stable 46.0.2597.39 (HKLM-x32\...\Opera 46.0.2597.39) (Version: 46.0.2597.39 - Opera Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39050 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0224 - REALTEK Semiconductor Corp.)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
VSDC Free Video Editor version 5.7.7.702 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.7.702 - Flash-Integro LLC)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers01: [iSkysoftVideoConverterFileOpreation] -> {BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => C:\windows\SysWOW64\ISCM64.dll [2015-02-27] ()
ContextMenuHandlers01: [K7Computing.K7AVScanner] -> {FD23B962-BADB-11D7-B0FE-00C026A19B93} => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSSExt64.dll [2015-10-31] (K7 Computing Pvt Ltd)
ContextMenuHandlers01: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2013-06-17] (Nitro PDF)
ContextMenuHandlers01: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-26] (WinZip Computing, S.L.)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers04: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-26] (WinZip Computing, S.L.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers06: [K7Computing.K7AVScanner] -> {FD23B962-BADB-11D7-B0FE-00C026A19B93} => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSSExt64.dll [2015-10-31] (K7 Computing Pvt Ltd)
ContextMenuHandlers06: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-26] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08EE2CDA-E49E-4C06-9549-3C2191CD3ABE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {0F2E84CE-A554-4641-91E9-19EB702E1F62} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {12AC48B1-7379-493D-AEEA-926739812819} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {13399075-3769-4F0B-901E-4F190AEAF594} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {13CEF3AC-5161-404D-BB38-0227C42E856B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {209598B4-19C6-41AC-AC6E-882F47490845} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12] (Adobe Systems Incorporated)
Task: {2609FA19-2F40-47F9-B610-910A36689453} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {27A76E26-7AD0-47BF-9F08-A0201BC3829E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {2E0C71CC-D4C6-4045-BB67-C42ADECA5B5B} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {300BEC6B-536B-477C-96CF-C94613C4D46B} - System32\Tasks\otk3022 => C:\Program Files (x86)\Hoistsearch\otk3022.exe <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {407CA2E9-A8F9-4FFB-9A5A-0A4158A0F8EF} - System32\Tasks\{014C6EA3-51C8-4F7C-B7D5-486A5BFBDE81} => pcalua.exe -a "C:\Users\mohd yunus\Downloads\GTA Vice City [Full Highly Compressed] - By AllTypeHacks.exe" -d "C:\Users\mohd yunus\Downloads"
Task: {4318ADED-5CD9-49DC-9226-685495BF93B1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {53AC2903-8199-4633-8D07-441270E78200} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5537C477-549E-4D7D-AF59-C2CA3E946C08} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {56AA9C09-0421-4CD6-A3C9-ABDC7C247414} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5C44878B-2673-4BBF-B179-F40BC628A6CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-07] (Google Inc.)
Task: {667D0378-3A7C-4977-8935-EA9AB218B1D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {69CDFCEF-1CFA-4490-B192-46E1B110D650} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {6CAFB3D0-7CC8-4AF1-8A97-A9D6D0A722AE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6DA8BAE1-F79D-4CE7-8C94-ADEF0D81F78C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {71160B5C-71E3-400C-9E8B-5D90AB276998} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: {7C9DD3D4-2977-4546-8572-D2FBA44F5DE1} - System32\Tasks\Cutraeuul => C:\ProgramData\Cutraeuul\1.0.6.1\dulsomib.exe
Task: {81BC5924-E1DC-437A-957A-ADE8885EB087} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {92640757-B45E-4FD1-BA3E-14DB1A01B9C0} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {9CA3D94F-C288-413B-A77D-A24206A5BD79} - \WPD\SqmUpload_S-1-5-21-4228541638-1917213688-2020295977-1001 -> No File <==== ATTENTION
Task: {A4DBB85E-1C47-48F6-9EA8-103D008E5FC1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C53B4A90-E5BE-41C2-809D-CEF264D7B685} - System32\Tasks\Opera scheduled Autoupdate 1452692807 => C:\Program Files (x86)\Opera\launcher.exe [2017-07-04] (Opera Software)
Task: {CCD0BCD6-B315-4302-89C1-A8A5237D0466} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-12-15] (CyberLink)
Task: {D82CA50C-ECC8-4BC3-8A34-7893C4D68C04} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DB2DF490-170C-402E-9653-0296CF8DA501} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {E4FC822A-75D6-44F0-A870-F41B918C811D} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {E80D5C1E-AD53-4B27-81FF-7B9AB63CDA4A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {F4610BC5-DF89-4A85-82CA-D4342ACA976A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-07] (Google Inc.)
Task: {F754D36E-D8E1-41BF-B270-81951E1943C5} - \WPD\SqmUpload_S-1-5-21-4228541638-1917213688-2020295977-1009 -> No File <==== ATTENTION
Task: {FB5711E2-A41B-41FF-88B7-F741AFB0EF41} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-21 17:34 - 2011-08-17 09:16 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2016-07-16 17:12 - 2016-07-16 17:12 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-11 21:02 - 2017-04-28 06:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-04 22:01 - 2016-09-07 10:26 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-04-04 21:58 - 2017-03-04 12:01 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-04-04 22:00 - 2017-03-04 11:42 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-04-04 22:00 - 2017-03-04 11:35 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-04 21:59 - 2017-03-04 11:35 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-11 21:02 - 2017-04-28 05:06 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-05-11 21:02 - 2017-04-28 05:06 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-11 21:02 - 2017-04-28 05:07 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-06-21 17:34 - 2011-08-17 09:16 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2017-06-27 17:41 - 2017-05-29 15:38 - 00073216 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2016-01-09 16:28 - 2015-02-27 14:38 - 00721263 _____ () C:\windows\SysWOW64\ISCM64.dll
2017-06-28 15:24 - 2017-06-28 15:30 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-28 15:24 - 2017-06-28 15:29 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-28 15:24 - 2017-06-28 15:30 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-28 15:24 - 2017-06-28 15:30 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2016-07-01 15:55 - 2016-07-04 16:17 - 31017472 _____ () C:\Program Files\WindowsApps\CC12F15C.FlipkartRetail_3.8.0.0_x64__xwb2kyp214jny\Flipkart.WinRT.UWP.dll
2014-06-21 17:34 - 2011-05-18 01:57 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-05 05:29 - 2009-12-05 05:29 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-05 05:34 - 2009-12-05 05:34 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2014-06-21 17:49 - 2013-07-19 04:01 - 00016896 _____ () C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\featureController.dll
2014-06-21 17:49 - 2013-07-19 04:01 - 00062976 _____ () C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\osEvents.dll
2014-06-21 17:49 - 2013-07-19 04:01 - 00322048 _____ () C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\log4cplus.dll
2014-06-21 17:49 - 2013-07-19 04:01 - 00400384 _____ () C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\sqlite3.dll
2014-06-21 17:49 - 2013-07-19 04:01 - 00195584 _____ () C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\libgsoap.dll
2014-06-21 17:49 - 2013-07-19 04:01 - 00020480 _____ () C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\eventsSender.dll
2014-06-21 17:49 - 2013-07-19 04:01 - 00062464 _____ () C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\zlib1.dll
2014-06-21 17:49 - 2013-07-19 04:00 - 00446976 _____ () C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\deviceProfile.dll
2014-06-21 17:49 - 2013-07-19 04:01 - 00064512 _____ () C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\serviceManagerStarter.dll
2016-01-09 16:29 - 2014-10-31 16:40 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2016-01-09 16:29 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Users\shaya_000\Desktop\book.docx:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 18:55 - 2016-08-28 18:32 - 00002349 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
 
There are 12 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-4228541638-1917213688-2020295977-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "Openwares LiveUpdate"
HKLM\...\StartupApproved\Run32: => "sun21"
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\...\StartupApproved\StartupFolder: => "Download (1).lnk"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0826964F-0755-42D0-A113-641C36C8E35F}] => (Allow) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
FirewallRules: [{9AC31A49-CA9B-4A84-965F-C3FF574AE60E}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{1A9BC7C8-6145-4F5C-99FA-58CD4F87EBA0}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{0569B8BC-B076-4ED2-AAD3-E10C15B0E814}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{2729A68C-5A73-44FB-8D34-E47C12FF42F9}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{49A44924-BB2F-4C5A-98BD-B71B3160EBDE}] => (Allow) D:\iTunes\iTunes.exe
FirewallRules: [{2F1ACB32-70AE-4C05-9AB5-6BE2C597FA31}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8BA3F473-38D6-4410-A4E9-245AD9EFB63C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{69ACB0ED-177D-4D55-86CC-75C3BFDD493B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1CD411A8-0879-4B1D-B1F7-A83E9D141D39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C3D2D076-889A-4642-B699-662029589B38}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{F6A0929B-62FA-4639-BE02-F990391D7F3C}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{41899419-2FED-44FB-905B-F433312AB21F}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{EC565E9F-2972-4E76-B8B6-A41DEA5578DD}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{909E3216-2E7E-426F-AD82-649F5BB84B28}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{AF69D387-59FA-47F9-B7E3-EE5BBB0EC2DC}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6C7CC36B-35CB-47C8-AAAB-A78038BACDA8}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0316EEE2-CFAA-4E39-9832-857A77B7B59B}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{D9A41DDB-A1BA-481E-B250-BFBEEDF38BB1}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{C5A62C15-6E7A-40CD-8CAC-5072CBBCF7EF}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{371B82D6-E02E-4C12-B2D7-B655C7005FF1}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{150F6C24-58D8-4935-9FA6-60CE974185EA}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0ADFF864-B4B4-4B72-981E-1F9DB6BBCCF3}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{8BE5F528-321E-4E41-8642-DAC426EB0BC2}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{6B7870A8-62CC-47FA-A9A0-CC103D731BF1}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{E4FDC721-C306-4912-A177-A871F2B46B2D}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{F5BC53D9-F403-42C4-B566-7BF2BAF3E1D7}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{D9333CA2-C700-43C1-90B8-FA35D1162B32}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{602092CA-0BC5-4F5D-9845-5388CF02163C}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{CBF10D55-A5F6-4858-B4D4-3E5F7D63E275}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{FE688895-DD54-4926-BACC-22C2FB8A3600}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{5C800025-CEE1-45C7-9ED9-D888B544B08F}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6BA5493C-D51B-4B2D-8FD3-2B80384D6655}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [UDP Query User{76072D52-75CD-4794-917F-1CC0575117EA}C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [TCP Query User{6AB8BEA8-64AA-4BFD-881D-ED6DA71A2ADE}C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [{BDB01B16-8872-45F9-95D8-035BEC577DDC}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{44B23594-3B69-4B4E-914E-CE65A9DFA091}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{34334B3A-F2E2-4CB8-9386-566A417EDDF3}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [UDP Query User{FB88BA60-7C61-4502-B614-5CB9D1388592}C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [TCP Query User{4E41C717-80F6-47C4-8708-C73917701904}C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [{FFCE7F07-123F-4234-B1FD-0ADEB328E81B}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{B7BB3151-1300-4BCA-985F-2E9A44DFC5A7}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{CE51B570-FD78-487D-A040-AF439546274D}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{F30AB347-F454-4DC3-8995-9F7658BA900A}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [UDP Query User{47D707C7-55F7-499B-B5B4-59A2D382FEC4}C:\users\shaya_000\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{B98FA2FE-3611-42AF-A099-97F5F603F683}C:\users\shaya_000\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{C65258D6-2BE8-47BE-8ED6-464F9476A96A}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{D9C28C3D-E647-4EA5-A1A7-224FFF0704CA}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [UDP Query User{55E50310-85E4-4855-B094-5C58035E1126}C:\users\shaya_000\desktop\utorrent.exe] => (Allow) C:\users\shaya_000\desktop\utorrent.exe
FirewallRules: [TCP Query User{18C1B282-7E2E-4167-B352-6C629BAA6D9E}C:\users\shaya_000\desktop\utorrent.exe] => (Allow) C:\users\shaya_000\desktop\utorrent.exe
FirewallRules: [{7A40D297-9977-4FEE-B81F-1FDE0E0AD763}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0AFADC5F-B6A4-43D8-ADD1-99DF23346C2F}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{7D8B6A8A-49C0-4984-9773-7D4727EFB6CA}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0B21819B-9E4E-48B9-806B-904D9D0A8277}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{D82A570B-616B-4CB7-9006-629F5BFCA692}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{8141E624-DC62-47B2-B710-D3565471F7F2}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{23D0818D-9275-43C1-9A57-CC21992EB3EE}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6AB9A1C9-E596-4AE0-831D-2CE9D1D8AD59}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [UDP Query User{02CA318F-33C3-43AA-A9E5-7202A90F2391}C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [TCP Query User{37635F39-4B61-4B69-9667-185956B44E3E}C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [{7302D505-A24D-4C63-BDCD-D96D071F25E2}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{4D38B7D7-56F8-4610-85C2-12648AE098D3}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{9DDC5F96-DA71-46D7-B2D2-0CAE3E48E018}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{52CAC8E0-BAED-49C1-B70F-4F50CF5F526A}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{719CBAC2-CAAC-4F51-8FA8-4A40B9B886BA}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{CF655386-487B-4276-85CE-DB4919764FB5}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6C295E71-908B-4807-8A16-6F5188036412}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{AD053D68-ABA3-4FA4-8B1E-75C10FDDE560}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{51830AA8-BF78-4F1C-A07A-8265DE9C647B}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{BBF01CD0-D474-4A90-BE55-94DB8D4EC0CD}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{DB5AE8B5-66DD-4E50-B6BB-542DCEB5E90B}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{9CB3BFA5-B777-4320-93E0-517C6E206540}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{455EA7E9-0028-4169-A54C-F9007B8975B5}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{217F314E-C221-4BF9-88B8-20A21BF23FEE}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{8924C636-5AE7-4AA2-97E3-D2230CCDC348}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6D8647BB-6E1A-40E6-B1E8-351E84606D6A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{60DFB5A9-2442-4536-99AC-C470566A8A44}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{FD709381-DC90-4696-8E51-B63470F8649B}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{5441005B-123E-420F-8E17-A7103F784F2A}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{242F3391-B004-46B2-8006-5E4AE7D84CAA}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{DE08330B-8495-4CC0-8AF6-4E2692A19050}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{03BF0AC9-0A1E-47B9-9183-8A5A34EC44FB}] => (Allow) C:\Program Files (x86)\speed browser\Application\browser.exe
FirewallRules: [{EFB980A3-6E4E-44C8-86A1-3566C2E12695}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F72D1A6F-3225-4469-9A41-234277571B5B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BEDEAB7F-5BB8-40FF-A532-1FEAB0BB768E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2D035D1-A3E0-4DAA-8E64-6BD6426C630A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1366874-FE38-4FE5-AA88-FC0DEFE950A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{31652523-7190-4B2B-A734-9A9F31DDEA20}C:\users\shaya_000\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{2DAA3839-F4E3-412D-AE5A-52F8306AEB7B}C:\users\shaya_000\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{AE2DAA7F-427A-4748-BE58-CCF86AB88ADB}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\DeviceSetup.exe
FirewallRules: [{965A0257-B90C-4F69-B7A8-6C0717186284}] => (Allow) LPort=5357
FirewallRules: [{264EA7EB-20F1-492C-8C77-9B4BBDF0DD96}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{CB3F5D1C-FBA7-43FC-B48D-05172EF7D057}C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.5_41865.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.5_41865.exe
FirewallRules: [UDP Query User{7391A3C4-A65A-4BDC-933A-DB9991CE1BE2}C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.5_41865.exe] => (Allow) C:\users\shaya_000\appdata\roaming\utorrent\updates\3.4.5_41865.exe
FirewallRules: [TCP Query User{D2BC4334-BD36-4187-A0B8-834151B5C657}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E6E189AF-FA47-495D-8690-DB3D4B34A2FB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5FFAF5F6-3267-419A-AE8D-0D615068A2DC}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{52C5F322-32AB-4645-BED3-BE6195E3EE3F}] => (Allow) C:\Users\mohd\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EC05BBE6-4225-4CFF-AD65-5069C1C1D096}] => (Allow) C:\Users\mohd\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1DAFABBE-C41D-42DD-AB21-34DC46AC7797}] => (Allow) C:\Users\mohd yunus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BE4A0C25-CADA-4968-86D7-F84C8F9CDACC}] => (Allow) C:\Users\mohd yunus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{95338CC4-38F2-44F3-8072-E00027114577}] => (Allow) C:\Users\mohd yunus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{22455C86-0AB4-4AA6-B757-ACA301235371}] => (Allow) C:\Users\mohd yunus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{43F8596A-1BC4-46F2-ADC0-6316DEF5625F}] => (Allow) C:\Users\mohd yunus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{38B0959E-7940-4CD0-B0E5-4ABB296BE51F}] => (Allow) C:\Users\mohd yunus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1BA29466-B2B6-4CC3-8733-156590F51259}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{154A6763-ED50-4BD9-B681-25A68667D534}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{B11FB4C6-081C-4EDA-8A4F-07CAE0651B35}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{A30D53A2-DB43-42FC-8C2D-342195DE7CC5}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{11CA9D5F-D79A-45D8-A988-DDD2248D32B1}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{7C1A98B9-99F9-4586-8B2E-9C2601C17DDE}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{AA314DFE-EF7A-445D-A772-C833CEBE514E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F155E609-178C-4AC7-9FC3-68569E762967}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
FirewallRules: [{DFF3168C-F925-43CA-AE19-050979F8A6B4}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.39\opera.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® Pentium® processor N- and J-series / Intel® Celeron® processor N- and J-series EHCI USB - 0F34
Description: Intel® Pentium® processor N- and J-series / Intel® Celeron® processor N- and J-series EHCI USB - 0F34
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/11/2017 01:06:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x7d60
Faulting application start time: 0x01d2fa185dcbded0
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 166d8477-df6e-40ae-b89c-4d39e9c3041d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/11/2017 01:05:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x4e30
Faulting application start time: 0x01d2fa1854d24806
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e58bc5d8-622e-4c06-afb4-74d870543826
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/11/2017 01:03:56 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected
 
Error: (07/11/2017 12:58:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x4294
Faulting application start time: 0x01d2fa174adcbf99
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 1a6f5afc-da99-4385-9d42-8b4198291b73
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/11/2017 12:57:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x4d1c
Faulting application start time: 0x01d2fa1738c1ef36
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 3e0a6e41-1c14-4b4e-8879-25ec2b6457ec
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/11/2017 12:57:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x7004
Faulting application start time: 0x01d2fa172fc6ccf3
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 311d50ef-deef-4ac2-8ce5-563862455873
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/11/2017 12:57:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0xac4
Faulting application start time: 0x01d2fa1726cce40c
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: dfb0a1ed-7286-4e55-9937-a4bc2d800aa2
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/11/2017 12:57:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x6ed8
Faulting application start time: 0x01d2fa171dd3cb6d
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 7e838950-15d2-4d1c-988c-cae3bb30f569
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/11/2017 12:56:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x84fc
Faulting application start time: 0x01d2fa1714d50b3e
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 005535cf-2e37-4a3f-a731-595aa1480ce6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/11/2017 12:56:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sysnetwk.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000037070
Faulting process id: 0x8a5c
Faulting application start time: 0x01d2fa170bdafd50
Faulting application path: C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: cd0baa43-d19a-4ea5-92a6-8ce1d5238fdd
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (07/11/2017 01:02:37 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/11/2017 01:00:19 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/11/2017 12:58:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/11/2017 12:53:52 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/11/2017 12:50:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/11/2017 12:44:11 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/11/2017 12:41:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/11/2017 12:39:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/11/2017 12:39:22 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/11/2017 12:36:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU J1800 @ 2.41GHz
Percentage of memory in use: 81%
Total physical RAM: 1938.21 MB
Available physical RAM: 354.28 MB
Total Virtual: 3990.77 MB
Available Virtual: 1435.92 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:97.66 GB) (Free:3.3 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Fixed) (Total:341.85 GB) (Free:186.75 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 54F30F1B)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:54 AM

Posted 11 July 2017 - 01:05 PM

Thank you for the information.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [sun21] => "C:\Program Files (x86)\SunnyDay21\SunnyDay.exe"
C:\Program Files (x86)\SunnyDay21
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1425739453&from=brd&uid=ST500DM002-1BD142_W3T8GW8EXXXXW3T8GW8E&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1425739453&from=brd&uid=ST500DM002-1BD142_W3T8GW8EXXXXW3T8GW8E&q={searchTerms}
BHO-x32: Cash Kitten -> {9ea7bd36-2d13-4df3-837f-7ac273765e7d} -> C:\Program Files (x86)\Cash Kitten\Extensions\9ea7bd36-2d13-4df3-837f-7ac273765e7d.dll => No File
C:\Program Files (x86)\Cash Kitten
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [No File]
CHR HKLM\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1264640 2016-12-27] (Microsoft Corporation) [File not signed]
R2 XBox; C:\Program Files (x86)\XBox\XBLive.exe [6342584 2016-06-13] (Microsoft Corporation)
C:\ProgramData\Windows Security
C:\Program Files (x86)\XBox
2017-03-08 19:12 - 2017-03-08 19:12 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\mohd yunus\AppData\Local\Temp\COMAP.EXE
2017-05-17 18:27 - 2017-05-17 18:27 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\dmafruor.exe
2017-05-17 18:34 - 2017-05-17 18:35 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\l1i5mw2h.exe
2017-05-17 18:33 - 2017-05-17 18:33 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\lyrbqrux.exe
2017-06-22 00:07 - 2017-06-22 00:08 - 1995192 _____ (HOW Inc.                                                    ) C:\Users\mohd yunus\AppData\Local\Temp\mp3gmo2r.exe
2017-05-17 18:31 - 2017-05-17 18:31 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\r0seevnc.exe
2017-05-17 18:34 - 2017-05-17 18:35 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\tgomdx1p.exe
2017-05-17 18:32 - 2017-05-17 18:32 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\uranwphi.exe
2017-05-17 18:25 - 2017-05-17 18:25 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\yseofphs.exe
2017-06-22 00:05 - 2017-06-22 00:06 - 1995192 _____ (HOW Inc.                                                    ) C:\Users\mohd yunus\AppData\Local\Temp\ztbryq5f.exe
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {2609FA19-2F40-47F9-B610-910A36689453} - \CCleanerSkipUAC
Task: {300BEC6B-536B-477C-96CF-C94613C4D46B} - System32\Tasks\otk3022 => C:\Program Files (x86)\Hoistsearch\otk3022.exe
C:\Program Files (x86)\Hoistsearch
Task: {7C9DD3D4-2977-4546-8572-D2FBA44F5DE1} - System32\Tasks\Cutraeuul => C:\ProgramData\Cutraeuul\1.0.6.1\dulsomib.exe
C:\ProgramData\Cutraeuul
Task: {F754D36E-D8E1-41BF-B270-81951E1943C5} - \WPD\SqmUpload_S-1-5-21-4228541638-1917213688-2020295977-1009
FirewallRules: [{0826964F-0755-42D0-A113-641C36C8E35F}] => (Allow) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
FirewallRules: [{C3D2D076-889A-4642-B699-662029589B38}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{F6A0929B-62FA-4639-BE02-F990391D7F3C}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{41899419-2FED-44FB-905B-F433312AB21F}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{EC565E9F-2972-4E76-B8B6-A41DEA5578DD}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{909E3216-2E7E-426F-AD82-649F5BB84B28}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{AF69D387-59FA-47F9-B7E3-EE5BBB0EC2DC}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6C7CC36B-35CB-47C8-AAAB-A78038BACDA8}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0316EEE2-CFAA-4E39-9832-857A77B7B59B}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{D9A41DDB-A1BA-481E-B250-BFBEEDF38BB1}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{C5A62C15-6E7A-40CD-8CAC-5072CBBCF7EF}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{371B82D6-E02E-4C12-B2D7-B655C7005FF1}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{150F6C24-58D8-4935-9FA6-60CE974185EA}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6B7870A8-62CC-47FA-A9A0-CC103D731BF1}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{E4FDC721-C306-4912-A177-A871F2B46B2D}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{F5BC53D9-F403-42C4-B566-7BF2BAF3E1D7}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{D9333CA2-C700-43C1-90B8-FA35D1162B32}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{FE688895-DD54-4926-BACC-22C2FB8A3600}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{5C800025-CEE1-45C7-9ED9-D888B544B08F}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6BA5493C-D51B-4B2D-8FD3-2B80384D6655}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{BDB01B16-8872-45F9-95D8-035BEC577DDC}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{44B23594-3B69-4B4E-914E-CE65A9DFA091}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{34334B3A-F2E2-4CB8-9386-566A417EDDF3}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{FFCE7F07-123F-4234-B1FD-0ADEB328E81B}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{B7BB3151-1300-4BCA-985F-2E9A44DFC5A7}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{CE51B570-FD78-487D-A040-AF439546274D}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{F30AB347-F454-4DC3-8995-9F7658BA900A}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{C65258D6-2BE8-47BE-8ED6-464F9476A96A}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{D9C28C3D-E647-4EA5-A1A7-224FFF0704CA}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{7A40D297-9977-4FEE-B81F-1FDE0E0AD763}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0AFADC5F-B6A4-43D8-ADD1-99DF23346C2F}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{7D8B6A8A-49C0-4984-9773-7D4727EFB6CA}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0B21819B-9E4E-48B9-806B-904D9D0A8277}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{D82A570B-616B-4CB7-9006-629F5BFCA692}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{8141E624-DC62-47B2-B710-D3565471F7F2}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{23D0818D-9275-43C1-9A57-CC21992EB3EE}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6AB9A1C9-E596-4AE0-831D-2CE9D1D8AD59}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{7302D505-A24D-4C63-BDCD-D96D071F25E2}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{4D38B7D7-56F8-4610-85C2-12648AE098D3}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{9DDC5F96-DA71-46D7-B2D2-0CAE3E48E018}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{52CAC8E0-BAED-49C1-B70F-4F50CF5F526A}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{719CBAC2-CAAC-4F51-8FA8-4A40B9B886BA}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{CF655386-487B-4276-85CE-DB4919764FB5}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6C295E71-908B-4807-8A16-6F5188036412}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{AD053D68-ABA3-4FA4-8B1E-75C10FDDE560}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{51830AA8-BF78-4F1C-A07A-8265DE9C647B}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{BBF01CD0-D474-4A90-BE55-94DB8D4EC0CD}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{DB5AE8B5-66DD-4E50-B6BB-542DCEB5E90B}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{9CB3BFA5-B777-4320-93E0-517C6E206540}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{455EA7E9-0028-4169-A54C-F9007B8975B5}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{217F314E-C221-4BF9-88B8-20A21BF23FEE}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{03BF0AC9-0A1E-47B9-9183-8A5A34EC44FB}] => (Allow) C:\Program Files (x86)\speed browser\Application\browser.exe
FirewallRules: [{965A0257-B90C-4F69-B7A8-6C0717186284}] => (Allow) LPort=5357
File: C:\Users\mohd yunus\Documents\lmms.exe
RemoveProxy:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 armaanm33

armaanm33
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 13 July 2017 - 03:44 AM

Fix log:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-07-2017
Ran by mohd (13-07-2017 12:30:54) Run:1
Running from C:\
Loaded Profiles: mohd yunus & mohd (Available Profiles: mohd yunus & mohd)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [sun21] => "C:\Program Files (x86)\SunnyDay21\SunnyDay.exe"
C:\Program Files (x86)\SunnyDay21
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1425739453&from=brd&uid=ST500DM002-1BD142_W3T8GW8EXXXXW3T8GW8E&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1425739453&from=brd&uid=ST500DM002-1BD142_W3T8GW8EXXXXW3T8GW8E&q={searchTerms}
BHO-x32: Cash Kitten -> {9ea7bd36-2d13-4df3-837f-7ac273765e7d} -> C:\Program Files (x86)\Cash Kitten\Extensions\9ea7bd36-2d13-4df3-837f-7ac273765e7d.dll => No File
C:\Program Files (x86)\Cash Kitten
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [No File]
CHR HKLM\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1264640 2016-12-27] (Microsoft Corporation) [File not signed]
R2 XBox; C:\Program Files (x86)\XBox\XBLive.exe [6342584 2016-06-13] (Microsoft Corporation)
C:\ProgramData\Windows Security
C:\Program Files (x86)\XBox
2017-03-08 19:12 - 2017-03-08 19:12 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\mohd yunus\AppData\Local\Temp\COMAP.EXE
2017-05-17 18:27 - 2017-05-17 18:27 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\dmafruor.exe
2017-05-17 18:34 - 2017-05-17 18:35 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\l1i5mw2h.exe
2017-05-17 18:33 - 2017-05-17 18:33 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\lyrbqrux.exe
2017-06-22 00:07 - 2017-06-22 00:08 - 1995192 _____ (HOW Inc.                                                    ) C:\Users\mohd yunus\AppData\Local\Temp\mp3gmo2r.exe
2017-05-17 18:31 - 2017-05-17 18:31 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\r0seevnc.exe
2017-05-17 18:34 - 2017-05-17 18:35 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\tgomdx1p.exe
2017-05-17 18:32 - 2017-05-17 18:32 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\uranwphi.exe
2017-05-17 18:25 - 2017-05-17 18:25 - 0606392 _____ (Vitzo Ltd.) C:\Users\mohd yunus\AppData\Local\Temp\yseofphs.exe
2017-06-22 00:05 - 2017-06-22 00:06 - 1995192 _____ (HOW Inc.                                                    ) C:\Users\mohd yunus\AppData\Local\Temp\ztbryq5f.exe
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll
CustomCLSID: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\mohd yunus\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {2609FA19-2F40-47F9-B610-910A36689453} - \CCleanerSkipUAC
Task: {300BEC6B-536B-477C-96CF-C94613C4D46B} - System32\Tasks\otk3022 => C:\Program Files (x86)\Hoistsearch\otk3022.exe
C:\Program Files (x86)\Hoistsearch
Task: {7C9DD3D4-2977-4546-8572-D2FBA44F5DE1} - System32\Tasks\Cutraeuul => C:\ProgramData\Cutraeuul\1.0.6.1\dulsomib.exe
C:\ProgramData\Cutraeuul
Task: {F754D36E-D8E1-41BF-B270-81951E1943C5} - \WPD\SqmUpload_S-1-5-21-4228541638-1917213688-2020295977-1009
FirewallRules: [{0826964F-0755-42D0-A113-641C36C8E35F}] => (Allow) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
FirewallRules: [{C3D2D076-889A-4642-B699-662029589B38}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{F6A0929B-62FA-4639-BE02-F990391D7F3C}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{41899419-2FED-44FB-905B-F433312AB21F}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{EC565E9F-2972-4E76-B8B6-A41DEA5578DD}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{909E3216-2E7E-426F-AD82-649F5BB84B28}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{AF69D387-59FA-47F9-B7E3-EE5BBB0EC2DC}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6C7CC36B-35CB-47C8-AAAB-A78038BACDA8}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0316EEE2-CFAA-4E39-9832-857A77B7B59B}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{D9A41DDB-A1BA-481E-B250-BFBEEDF38BB1}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{C5A62C15-6E7A-40CD-8CAC-5072CBBCF7EF}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{371B82D6-E02E-4C12-B2D7-B655C7005FF1}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{150F6C24-58D8-4935-9FA6-60CE974185EA}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6B7870A8-62CC-47FA-A9A0-CC103D731BF1}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{E4FDC721-C306-4912-A177-A871F2B46B2D}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{F5BC53D9-F403-42C4-B566-7BF2BAF3E1D7}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{D9333CA2-C700-43C1-90B8-FA35D1162B32}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{FE688895-DD54-4926-BACC-22C2FB8A3600}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{5C800025-CEE1-45C7-9ED9-D888B544B08F}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6BA5493C-D51B-4B2D-8FD3-2B80384D6655}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{BDB01B16-8872-45F9-95D8-035BEC577DDC}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{44B23594-3B69-4B4E-914E-CE65A9DFA091}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{34334B3A-F2E2-4CB8-9386-566A417EDDF3}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{FFCE7F07-123F-4234-B1FD-0ADEB328E81B}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{B7BB3151-1300-4BCA-985F-2E9A44DFC5A7}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{CE51B570-FD78-487D-A040-AF439546274D}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{F30AB347-F454-4DC3-8995-9F7658BA900A}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{C65258D6-2BE8-47BE-8ED6-464F9476A96A}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{D9C28C3D-E647-4EA5-A1A7-224FFF0704CA}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{7A40D297-9977-4FEE-B81F-1FDE0E0AD763}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0AFADC5F-B6A4-43D8-ADD1-99DF23346C2F}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{7D8B6A8A-49C0-4984-9773-7D4727EFB6CA}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0B21819B-9E4E-48B9-806B-904D9D0A8277}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{D82A570B-616B-4CB7-9006-629F5BFCA692}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{8141E624-DC62-47B2-B710-D3565471F7F2}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{23D0818D-9275-43C1-9A57-CC21992EB3EE}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6AB9A1C9-E596-4AE0-831D-2CE9D1D8AD59}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{7302D505-A24D-4C63-BDCD-D96D071F25E2}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{4D38B7D7-56F8-4610-85C2-12648AE098D3}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{9DDC5F96-DA71-46D7-B2D2-0CAE3E48E018}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{52CAC8E0-BAED-49C1-B70F-4F50CF5F526A}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{719CBAC2-CAAC-4F51-8FA8-4A40B9B886BA}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{CF655386-487B-4276-85CE-DB4919764FB5}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6C295E71-908B-4807-8A16-6F5188036412}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{AD053D68-ABA3-4FA4-8B1E-75C10FDDE560}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{51830AA8-BF78-4F1C-A07A-8265DE9C647B}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{BBF01CD0-D474-4A90-BE55-94DB8D4EC0CD}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{DB5AE8B5-66DD-4E50-B6BB-542DCEB5E90B}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{9CB3BFA5-B777-4320-93E0-517C6E206540}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{455EA7E9-0028-4169-A54C-F9007B8975B5}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{217F314E-C221-4BF9-88B8-20A21BF23FEE}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{03BF0AC9-0A1E-47B9-9183-8A5A34EC44FB}] => (Allow) C:\Program Files (x86)\speed browser\Application\browser.exe
FirewallRules: [{965A0257-B90C-4F69-B7A8-6C0717186284}] => (Allow) LPort=5357
File: C:\Users\mohd yunus\Documents\lmms.exe
RemoveProxy:
emptytemp:
 
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\sun21 => value removed successfully
"C:\Program Files (x86)\SunnyDay21" => not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ea7bd36-2d13-4df3-837f-7ac273765e7d} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9ea7bd36-2d13-4df3-837f-7ac273765e7d} => key removed successfully
"C:\Program Files (x86)\Cash Kitten" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF => key removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\kofkpgiaknijknhajbhnghkodiccblkg => key removed successfully
HKLM\System\CurrentControlSet\Services\WindowsSecurity => key removed successfully
WindowsSecurity => service removed successfully
HKLM\System\CurrentControlSet\Services\XBox => key removed successfully
XBox => service removed successfully
C:\ProgramData\Windows Security => moved successfully
C:\Program Files (x86)\XBox => moved successfully
C:\Users\mohd yunus\AppData\Local\Temp\COMAP.EXE => moved successfully
C:\Users\mohd yunus\AppData\Local\Temp\dmafruor.exe => moved successfully
C:\Users\mohd yunus\AppData\Local\Temp\l1i5mw2h.exe => moved successfully
C:\Users\mohd yunus\AppData\Local\Temp\lyrbqrux.exe => moved successfully
C:\Users\mohd yunus\AppData\Local\Temp\mp3gmo2r.exe => moved successfully
C:\Users\mohd yunus\AppData\Local\Temp\r0seevnc.exe => moved successfully
C:\Users\mohd yunus\AppData\Local\Temp\tgomdx1p.exe => moved successfully
C:\Users\mohd yunus\AppData\Local\Temp\uranwphi.exe => moved successfully
C:\Users\mohd yunus\AppData\Local\Temp\yseofphs.exe => moved successfully
C:\Users\mohd yunus\AppData\Local\Temp\ztbryq5f.exe => moved successfully
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key removed successfully
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key removed successfully
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key removed successfully
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key removed successfully
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key removed successfully
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2609FA19-2F40-47F9-B610-910A36689453} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2609FA19-2F40-47F9-B610-910A36689453} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{300BEC6B-536B-477C-96CF-C94613C4D46B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{300BEC6B-536B-477C-96CF-C94613C4D46B} => key removed successfully
C:\WINDOWS\System32\Tasks\otk3022 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\otk3022 => key removed successfully
"C:\Program Files (x86)\Hoistsearch" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7C9DD3D4-2977-4546-8572-D2FBA44F5DE1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C9DD3D4-2977-4546-8572-D2FBA44F5DE1} => key removed successfully
C:\WINDOWS\System32\Tasks\Cutraeuul => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Cutraeuul => key removed successfully
"C:\ProgramData\Cutraeuul" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F754D36E-D8E1-41BF-B270-81951E1943C5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F754D36E-D8E1-41BF-B270-81951E1943C5} => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0826964F-0755-42D0-A113-641C36C8E35F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3D2D076-889A-4642-B699-662029589B38} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F6A0929B-62FA-4639-BE02-F990391D7F3C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{41899419-2FED-44FB-905B-F433312AB21F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC565E9F-2972-4E76-B8B6-A41DEA5578DD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{909E3216-2E7E-426F-AD82-649F5BB84B28} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF69D387-59FA-47F9-B7E3-EE5BBB0EC2DC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C7CC36B-35CB-47C8-AAAB-A78038BACDA8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0316EEE2-CFAA-4E39-9832-857A77B7B59B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D9A41DDB-A1BA-481E-B250-BFBEEDF38BB1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5A62C15-6E7A-40CD-8CAC-5072CBBCF7EF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{371B82D6-E02E-4C12-B2D7-B655C7005FF1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{150F6C24-58D8-4935-9FA6-60CE974185EA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B7870A8-62CC-47FA-A9A0-CC103D731BF1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4FDC721-C306-4912-A177-A871F2B46B2D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F5BC53D9-F403-42C4-B566-7BF2BAF3E1D7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D9333CA2-C700-43C1-90B8-FA35D1162B32} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE688895-DD54-4926-BACC-22C2FB8A3600} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5C800025-CEE1-45C7-9ED9-D888B544B08F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6BA5493C-D51B-4B2D-8FD3-2B80384D6655} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BDB01B16-8872-45F9-95D8-035BEC577DDC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{44B23594-3B69-4B4E-914E-CE65A9DFA091} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{34334B3A-F2E2-4CB8-9386-566A417EDDF3} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FFCE7F07-123F-4234-B1FD-0ADEB328E81B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7BB3151-1300-4BCA-985F-2E9A44DFC5A7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CE51B570-FD78-487D-A040-AF439546274D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F30AB347-F454-4DC3-8995-9F7658BA900A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C65258D6-2BE8-47BE-8ED6-464F9476A96A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D9C28C3D-E647-4EA5-A1A7-224FFF0704CA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7A40D297-9977-4FEE-B81F-1FDE0E0AD763} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0AFADC5F-B6A4-43D8-ADD1-99DF23346C2F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D8B6A8A-49C0-4984-9773-7D4727EFB6CA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0B21819B-9E4E-48B9-806B-904D9D0A8277} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D82A570B-616B-4CB7-9006-629F5BFCA692} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8141E624-DC62-47B2-B710-D3565471F7F2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{23D0818D-9275-43C1-9A57-CC21992EB3EE} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6AB9A1C9-E596-4AE0-831D-2CE9D1D8AD59} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7302D505-A24D-4C63-BDCD-D96D071F25E2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4D38B7D7-56F8-4610-85C2-12648AE098D3} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9DDC5F96-DA71-46D7-B2D2-0CAE3E48E018} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{52CAC8E0-BAED-49C1-B70F-4F50CF5F526A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{719CBAC2-CAAC-4F51-8FA8-4A40B9B886BA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF655386-487B-4276-85CE-DB4919764FB5} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C295E71-908B-4807-8A16-6F5188036412} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AD053D68-ABA3-4FA4-8B1E-75C10FDDE560} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{51830AA8-BF78-4F1C-A07A-8265DE9C647B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BBF01CD0-D474-4A90-BE55-94DB8D4EC0CD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB5AE8B5-66DD-4E50-B6BB-542DCEB5E90B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9CB3BFA5-B777-4320-93E0-517C6E206540} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{455EA7E9-0028-4169-A54C-F9007B8975B5} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{217F314E-C221-4BF9-88B8-20A21BF23FEE} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{03BF0AC9-0A1E-47B9-9183-8A5A34EC44FB} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{965A0257-B90C-4F69-B7A8-6C0717186284} => value removed successfully
 
========================= File: C:\Users\mohd yunus\Documents\lmms.exe ========================
 
File not signed
MD5: 03F123FCA0E00E341193CC0106B3757D
Creation and modification date: 2017-07-01 18:21 - 2015-03-08 08:30
Size: 2399744
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========= RemoveProxy: =========
 
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4228541638-1917213688-2020295977-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-4228541638-1917213688-2020295977-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-4228541638-1917213688-2020295977-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4228541638-1917213688-2020295977-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10677571 B
Java, Flash, Steam htmlcache => 949 B
Windows/system/drivers => 379528113 B
Edge => 17408 B
Chrome => 34935157 B
Firefox => 0 B
Opera => 26122664 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 1104608 B
NetworkService => 14063542 B
mohd yunus => 234578708 B
mohd => 79103163 B
 
RecycleBin => 1479486818 B
EmptyTemp: => 2.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:32:30 ====
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
# AdwCleaner v6.047 - Logfile created 13/07/2017 at 13:03:48
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-11.1 [Server]
# Operating System : Windows 10 Home Single Language  (X64)
# Username : mohd - LENOVO-PC
# Running from : C:\Users\mohd yunus\Downloads\AdwCleaner (1).exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\mohd yunus\AppData\Local\MalwareProtectionLive
[-] Folder deleted: C:\Users\mohd yunus\AppData\Local\speed browser
[-] Folder deleted: C:\Users\mohd yunus\AppData\Local\Host Service
[-] Folder deleted: C:\Users\mohd yunus\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\YourGSearchFinder_br
[-] Folder deleted: C:\Program Files\SkypeUpdateEx
[-] Folder deleted: C:\ProgramData\IHProtectUpDate
[-] Folder deleted: C:\ProgramData\lavasoft\web companion
[#] Folder deleted on reboot: C:\ProgramData\Application Data\IHProtectUpDate
[#] Folder deleted on reboot: C:\ProgramData\Application Data\lavasoft\web companion
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser
[-] Folder deleted: C:\Program Files (x86)\Amazon\ABB
[-] Folder deleted: C:\Program Files (x86)\Max Driver Updater
[-] Folder deleted: C:\Program Files (x86)\speed browser
[-] Folder deleted: C:\Program Files (x86)\HPDef
[#] Folder deleted on reboot: C:\Program Files (x86)\HpDef
[-] Folder deleted: C:\Program Files (x86)\Common Files\freemake shared
[-] Folder deleted: C:\ProgramData\Microsoft\Network\Dsq
[-] Folder deleted: C:\ProgramData\Microsoft\XBLive
[-] Folder deleted: C:\Users\mohd\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofkpgiaknijknhajbhnghkodiccblkg
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\mohd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
[-] File deleted: C:\Users\Public\Desktop\Free YouTube Downloader.lnk
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kofkpgiaknijknhajbhnghkodiccblkg_0.localstorage
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxps_adobe-reader.en.softonic.com_0.localstorage
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxps_adobe-reader.en.softonic.com_0.localstorage-journal
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxps_all-player.en.softonic.com_0.localstorage
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxps_all-player.en.softonic.com_0.localstorage-journal
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxps_static.cmptch.com_0.localstorage
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxps_static.cmptch.com_0.localstorage-journal
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxps_www.timeshighereducation.com_0.localstorage
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxps_www.timeshighereducation.com_0.localstorage-journal
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_fromdoctopdf.dl.tb.ask.com_0.localstorage
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_fulltab.com_0.localstorage
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_fulltab.com_0.localstorage-journal
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_nova.rambler.ru_0.localstorage
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_nova.rambler.ru_0.localstorage-journal
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_www.metrolyrics.com_0.localstorage
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_www.tenorshare.com_0.localstorage
[-] File deleted: C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_www.tenorshare.com_0.localstorage-journal
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key deleted: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\Software\GAMESDESKTOP
[-] Key deleted: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\Software\mtApService
[-] Key deleted: HKU\S-1-5-21-4228541638-1917213688-2020295977-1005\Software\WajIEnhance
[#] Key deleted on reboot: HKCU\Software\WajIEnhance
[-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key deleted: HKLM\SOFTWARE\SkypeUpdateEx
[-] Key deleted: HKLM\SOFTWARE\MaxPower
[-] Key deleted: HKLM\SOFTWARE\mtApService
[-] Key deleted: HKLM\SOFTWARE\mtUtatity
[#] Key deleted on reboot: [x64] HKCU\Software\WajIEnhance
[-] Key deleted: [x64] HKLM\SOFTWARE\SkypeUpdateEx
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[-] Key deleted: HKU\S-1-5-21-4228541638-1917213688-2020295977-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B329B567-D7E5-4847-B398-1BCA34202711}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a62abdee-78a2-4ddb-9355-1c334abd6e43}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a62abdee-78a2-4ddb-9355-1c334abd6e43}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\kofkpgiaknijknhajbhnghkodiccblkg
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2] [extension] Deleted: fjfiaeaopgmgbenipljajjipecobmbni
[-] [C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2] [extension] Deleted: kofkpgiaknijknhajbhnghkodiccblkg
[-] [C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 2] [extension] Deleted: nafaimnnclfjfedmmabolbppcngeolgf
[-] [C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\mohd yunus\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\mohd\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\mohd\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\mohd\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: kofkpgiaknijknhajbhnghkodiccblkg
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
\AdwCleaner\AdwCleaner[C1].txt - [29752 Bytes] - [08/06/2016 16:51:41]
\AdwCleaner\AdwCleaner[C2].txt - [8385 Bytes] - [13/07/2017 13:03:48]
\AdwCleaner\AdwCleaner[S1].txt - [35406 Bytes] - [08/06/2016 16:38:33]
\AdwCleaner\AdwCleaner[S2].txt - [8570 Bytes] - [13/07/2017 12:57:14]
 
########## EOF - \AdwCleaner\AdwCleaner[C2].txt - [8599 Bytes] ##########
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Can you provide me a list of all the P2P programs in my computer?
 
 
 


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:54 AM

Posted 13 July 2017 - 12:27 PM

Greetings,

Did you install Linux MultiMedia Studio?

µTorrent is the Peer to Peer program.

How is the computer running now?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 armaanm33

armaanm33
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 14 July 2017 - 01:59 AM

It is running perfectly fine!

 

Thank you so much Gary and bleepingcomputer!

 

 

And no, I did not install that yet. Should I?

 

P.s. uninstalled uttorrent



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:54 AM

Posted 14 July 2017 - 10:18 AM

Glad to hear that.

I would recommend you uninstall Linux MultiMedia Studio if you aren't aware of it.

Please do these things.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press Windows Key + R on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Linux MultiMedia Studio

  • Reboot your computer
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • Did the program uninstall?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 armaanm33

armaanm33
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 16 July 2017 - 06:27 AM

No ESET log was created!

 

Security check could not be run because my antivirus is blocking the program.

 

 

Yes the program did uninstall.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:54 AM

Posted 16 July 2017 - 08:42 AM

Try disabling K7AntiVirus Premium then running Security Check again.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:54 AM

Posted 20 July 2017 - 04:15 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:54 AM

Posted 22 July 2017 - 08:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users