Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome search redirects to yahoo search


  • This topic is locked This topic is locked
4 replies to this topic

#1 ighost

ighost

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 17 July 2017 - 08:29 AM

I have tried all ways to remove this virus by trying all methods online

 

Tried several antivirus, malwarebytes, adaware, adwcleaner and all sorts of tools, still doesn't work.

 

I need a targeted solution to my problem...

 

Getting my FRST scan done now


Edited by ighost, 17 July 2017 - 08:31 AM.


BC AdBot (Login to Remove)

 


#2 ighost

ighost
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 17 July 2017 - 08:39 AM

log too long.. posting them as files instead

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2017
Ran by user (administrator) on BRYAN-PC (17-07-2017 21:30:46)
Running from C:\Users\user\Downloads
Loaded Profiles: defaultuser0 & user (Available Profiles: defaultuser0 & user)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki120397.inf_amd64_8c63902cd832fca6\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderSVC.exe
() C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareService.exe
(Intel® Corporation) C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe
(Intel® Corporation) C:\Program Files\Intel\Intel® Online Connect Access\IntelTechnologyAccessService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki120397.inf_amd64_8c63902cd832fca6\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki120397.inf_amd64_8c63902cd832fca6\IntelCpHeciSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Online Connect\ioc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki120397.inf_amd64_8c63902cd832fca6\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
() C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\CCSDK\CCSDKUpdateAgent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16779768 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1478144 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1478144 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1478144 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [829632 2016-06-24] ()
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [894376 2017-07-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe [4461016 2017-02-21] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [PIA] => C:\Program Files\pia_manager\pia_manager.exe
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG)
HKU\S-1-5-21-1904544824-3824733754-4098052484-1001\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [2406080 2017-07-17] (BitTorrent Inc.)
HKU\S-1-5-21-1904544824-3824733754-4098052484-1001\...\MountPoints2: {1e2b0f6b-6ad1-11e7-83e3-5800e3f68e92} - "E:\SETUP.EXE"
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{45233a07-d00f-4fb3-981f-ab81a4e425f9}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{9f5a60d3-dade-4245-98f7-582b93844e19}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b581c7d1-a447-455c-8179-6589e58a6965}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1904544824-3824733754-4098052484-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-10-27] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-10-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-10-27] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-10-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-10-27] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-10-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-10-27] (Microsoft Corporation)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-07-17]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-17]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-17]
CHR Extension: (Google Calendar) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-17]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-17]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 adawareantivirusservice; C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareService.exe [585784 2017-02-21] ()
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [347056 2017-01-18] (Windows ® Win 7 DDK provider)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [680288 2016-12-07] (Lenovo)
R3 cphs; C:\Windows\System32\DriverStore\FileRepository\ki120397.inf_amd64_8c63902cd832fca6\IntelCpHeciSvc.exe [284144 2017-01-18] (Intel Corporation)
R2 cplspcon; C:\Windows\System32\DriverStore\FileRepository\ki120397.inf_amd64_8c63902cd832fca6\IntelCpHDCPSvc.exe [462832 2017-01-18] (Intel Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163336 2016-09-19] ()
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [134872 2017-04-12] (ELAN Microelectronics Corp.)
R2 GameRecorderSVC; C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderSVC.exe [392032 2017-04-28] (Lenovo(beijing) Limited)
R2 igfxCUIService2.0.0.0; C:\Windows\System32\DriverStore\FileRepository\ki120397.inf_amd64_8c63902cd832fca6\igfxCUIService.exe [324592 2017-01-18] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (Lenovo Group Limited)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-10-14] (Intel® Corporation)
R3 Intel® Online Connect; C:\Program Files\Intel\Intel® Online Connect\ioc.exe [25312 2016-11-02] (Intel Corporation)
S2 Intel® Online Connect Helper; C:\Program Files\Intel\Intel® Online Connect\iocHelperService.exe [34528 2016-11-02] (Intel Corporation)
S3 Intel® Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-15] (Intel Corporation)
R2 Intel® TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-18] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel\Intel® Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-18] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-11-09] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
R2 PluginLoaderSvc; C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe [966496 2017-04-28] (Lenovo(beijing) Limited)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1605376 2016-11-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-11-23] (BitDefender)
R1 bdfwfpf; C:\Program Files\adaware\adaware antivirus\AdAwareProxyEngine\1.0.0.8\bdfwfpf.sys [127312 2016-06-16] (BitDefender LLC)
R3 BHTPCRDR; C:\Windows\System32\drivers\bhtpcrdr.sys [173432 2016-08-11] (BayHubTech/O2Micro )
R3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [605608 2017-01-18] (Qualcomm)
R1 epp; C:\EEK\bin64\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [32336 2016-11-24] (ELAN Microelectronic Corp.)
S3 FBNetFilter; C:\Windows\system32\Drivers\FBNetFlt.sys [46576 2017-04-28] (Lenovo(beijing) Limited)
R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [178384 2017-02-08] (BitDefender LLC)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-07-17] ()
R3 igfx; C:\Windows\System32\DriverStore\FileRepository\ki120397.inf_amd64_8c63902cd832fca6\igdkmd64.sys [11039704 2017-01-18] (Intel Corporation)
R0 ignis; C:\Windows\System32\drivers\ignis.sys [300840 2016-08-15] (Bitdefender)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-07-17] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-07-17] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-07-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-17] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-07-17] (Malwarebytes)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [59792 2016-09-14] (Intel Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_878490f8a01d9e65\nvlddmkm.sys [14253624 2017-01-11] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57976 2017-06-21] (NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2412976 2017-04-24] (Qualcomm Atheros, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [943112 2016-08-23] (Realtek )
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3146760 2016-09-13] (Realtek Semiconductor Corp.)
R3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [442848 2017-02-08] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-07-17] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-07-17] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-17 21:30 - 2017-07-17 21:31 - 00020952 _____ C:\Users\user\Downloads\FRST.txt
2017-07-17 21:30 - 2017-07-17 21:30 - 00000000 ____D C:\FRST
2017-07-17 21:07 - 2017-07-17 21:07 - 00000000 ____D C:\ProgramData\Emsisoft
2017-07-17 20:59 - 2017-07-17 21:29 - 00000000 ____D C:\EEK
2017-07-17 20:59 - 2017-07-17 20:59 - 02435584 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2017-07-17 20:51 - 2017-07-17 20:59 - 320731536 _____ C:\Users\user\Downloads\EmsisoftEmergencyKit.exe
2017-07-17 20:49 - 2017-07-17 20:51 - 00548172 _____ C:\TDSSKiller.3.1.0.15_17.07.2017_20.49.23_log.txt
2017-07-17 20:48 - 2017-07-17 20:49 - 04922400 _____ (AO Kaspersky Lab) C:\Users\user\Downloads\tdsskiller.exe
2017-07-17 20:47 - 2017-07-17 20:47 - 00071398 _____ (jpshortstuff) C:\Users\user\Downloads\GooredFix.exe
2017-07-17 20:47 - 2017-07-17 20:47 - 00000830 _____ C:\Users\user\Desktop\GooredFix.txt
2017-07-17 20:47 - 2017-07-17 20:47 - 00000000 ____D C:\Users\user\Desktop\GooredFix Backups
2017-07-17 20:44 - 2017-07-17 20:44 - 00253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-17 20:44 - 2017-07-17 20:44 - 00188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-17 20:44 - 2017-07-17 20:44 - 00101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-07-17 20:44 - 2017-07-17 20:44 - 00093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-17 20:44 - 2017-07-17 20:44 - 00045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-17 20:44 - 2017-07-17 20:44 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-17 20:44 - 2017-07-17 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-17 20:44 - 2017-07-17 20:44 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-17 20:44 - 2017-06-27 12:06 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-17 20:43 - 2017-07-17 20:48 - 65033984 _____ (Malwarebytes ) C:\Users\user\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe
2017-07-17 20:39 - 2017-07-17 20:39 - 00002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-17 20:39 - 2017-07-17 20:39 - 00002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-17 20:38 - 2017-07-17 20:38 - 01130328 _____ (Google Inc.) C:\Users\user\Downloads\ChromeSetup.exe
2017-07-17 20:38 - 2017-07-17 20:38 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-17 20:38 - 2017-07-17 20:38 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-17 20:35 - 2017-07-17 21:30 - 00082076 _____ C:\Windows\ZAM.krnl.trace
2017-07-17 20:35 - 2017-07-17 21:30 - 00067460 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-17 20:35 - 2017-07-17 20:35 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-07-17 20:35 - 2017-07-17 20:35 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-07-17 20:28 - 2017-07-17 20:28 - 00000790 _____ C:\Windows\system32\.crusader
2017-07-17 20:26 - 2017-07-17 20:26 - 15579280 _____ (Copyright 2017.) C:\Users\user\Downloads\Zemana.AntiMalware.Portable.exe
2017-07-17 20:26 - 2017-07-17 20:26 - 00000000 ____D C:\Users\user\AppData\Local\Zemana
2017-07-17 20:22 - 2017-07-17 18:06 - 00000050 _____ C:\Program Files\Keys.txt
2017-07-17 20:20 - 2017-07-17 20:30 - 00055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-07-17 20:17 - 2017-07-17 20:29 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-17 20:17 - 2017-07-17 20:17 - 00000000 ____D C:\Program Files\HitmanPro
2017-07-17 20:16 - 2017-07-17 20:35 - 00003754 _____ C:\Users\user\Desktop\Rkill.txt
2017-07-17 20:16 - 2017-07-17 20:17 - 06589840 _____ (Zemana Ltd. ) C:\Users\user\Downloads\Zemana.AntiMalware.Setup.exe
2017-07-17 20:16 - 2017-07-17 20:16 - 11584088 _____ (SurfRight B.V.) C:\Users\user\Downloads\hitmanpro_x64.exe
2017-07-17 20:15 - 2017-07-17 20:15 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\user\Downloads\iExplore.exe
2017-07-17 20:11 - 2017-07-17 20:11 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\02484CFE.sys
2017-07-17 19:59 - 2017-07-17 20:01 - 00000000 ____D C:\AdwCleaner
2017-07-17 19:59 - 2017-07-17 19:59 - 04110280 _____ C:\Users\user\Downloads\adwcleaner_6.047.exe
2017-07-17 19:01 - 2017-07-17 19:12 - 1609039872 _____ C:\Users\user\Downloads\ubuntu-17.04-desktop-amd64.iso
2017-07-17 18:49 - 2017-07-17 19:54 - 00002674 _____ C:\Windows\System32\Tasks\avastBCLS-1-5-21-1904544824-3824733754-4098052484-1001
2017-07-17 18:49 - 2017-07-17 18:49 - 04284888 _____ (AVAST Software) C:\Users\user\Downloads\avast-browser-cleanup-sfx.exe
2017-07-17 18:49 - 2017-07-17 18:49 - 00004388 _____ C:\Windows\System32\Tasks\avast! BCU UpdateS-1-5-21-1904544824-3824733754-4098052484-1001
2017-07-17 18:49 - 2017-07-17 18:49 - 00001158 _____ C:\Users\user\Desktop\Avast Browser Cleanup.lnk
2017-07-17 18:49 - 2017-07-17 18:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup
2017-07-17 18:49 - 2017-07-17 18:49 - 00000000 ____D C:\Users\user\AppData\Roaming\AVAST Software
2017-07-17 18:05 - 2017-07-17 18:05 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2017-07-17 18:05 - 2017-07-17 18:05 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2017-07-17 17:53 - 2017-07-17 17:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-17 17:50 - 2017-07-17 17:50 - 00002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-07-17 17:50 - 2017-07-17 17:50 - 00002662 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-07-17 17:50 - 2017-07-17 17:50 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-07-17 17:50 - 2017-07-17 17:50 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-07-17 17:50 - 2017-07-17 17:50 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-07-17 17:50 - 2017-07-17 17:50 - 00002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-07-17 17:50 - 2017-07-17 17:50 - 00002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-07-17 17:50 - 2017-07-17 17:50 - 00002642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-07-17 17:50 - 2017-07-17 17:50 - 00002628 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-07-17 17:50 - 2017-07-17 17:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-07-17 17:49 - 2017-07-17 17:49 - 00000000 ____D C:\Windows\PCHEALTH
2017-07-17 17:49 - 2017-07-17 17:49 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2017-07-17 17:49 - 2017-07-17 17:49 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-07-17 17:49 - 2017-07-17 17:49 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-07-17 17:47 - 2017-07-17 17:50 - 00000000 ____D C:\Windows\SHELLNEW
2017-07-17 17:47 - 2017-07-17 17:49 - 00000000 ____D C:\Program Files\Microsoft Office
2017-07-17 17:47 - 2017-07-17 17:47 - 00000000 __RHD C:\MSOCache
2017-07-17 17:47 - 2017-07-17 17:47 - 00000000 ____D C:\Users\user\AppData\Local\Microsoft Help
2017-07-17 17:47 - 2017-07-17 17:47 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2017-07-17 17:47 - 2017-07-17 17:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2017-07-17 17:46 - 2017-07-17 17:46 - 01710680 _____ C:\Users\user\Downloads\SetupVCD5500.exe
2017-07-17 17:46 - 2017-07-17 17:46 - 00001334 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2017-07-17 17:46 - 2017-07-17 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2017-07-17 17:46 - 2017-07-17 17:46 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2017-07-17 17:37 - 2017-07-17 20:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-17 16:42 - 2017-07-17 21:29 - 00000000 ____D C:\Users\user\Downloads\Microsoft Office 2016 Final Nov. Update [Incl Crack][64-Bit]
2017-07-17 16:39 - 2017-07-17 16:41 - 00000000 ____D C:\Users\user\Downloads\[crackzsoft.com]Microsoft Office Professional Plus 2016 v16.0.4498.1000 (x64.x86) [May 2017
2017-07-17 16:38 - 2017-07-17 20:31 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2017-07-17 16:32 - 2017-07-17 21:22 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-07-17 13:07 - 2017-07-17 13:07 - 00003257 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo App Explorer.lnk
2017-07-17 13:05 - 2017-07-17 13:05 - 00001058 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-07-17 13:03 - 2017-07-17 20:39 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-17 13:03 - 2017-07-17 16:45 - 00000000 ____D C:\Users\user\AppData\Local\Google
2017-07-17 13:03 - 2017-07-17 13:03 - 00000000 ____D C:\Users\user\AppData\Local\Razer_Inc
2017-07-17 13:03 - 2017-07-17 10:27 - 00000000 ____D C:\Users\user\AppData\Roaming\NVIDIA
2017-07-17 13:02 - 2017-07-17 13:03 - 00000000 ____D C:\Users\user\AppData\Local\MicrosoftEdge
2017-07-17 13:02 - 2017-07-17 13:02 - 00001240 _____ C:\Users\Public\Desktop\Lenovo Nerve Sense.lnk
2017-07-17 13:02 - 2017-04-28 19:00 - 00046576 _____ (Lenovo(beijing) Limited) C:\Windows\system32\Drivers\FBNetFlt.sys
2017-07-17 13:02 - 2016-10-08 14:56 - 00137840 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2017-07-17 13:02 - 2016-09-17 08:12 - 00044144 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2017-07-17 13:00 - 2017-07-17 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-07-17 12:58 - 2017-07-17 12:58 - 00000000 ____D C:\Users\user\AppData\Local\Comms
2017-07-17 12:56 - 2017-07-17 12:56 - 00000000 ____D C:\Users\user\AppData\Local\Lenovo
2017-07-17 12:55 - 2017-07-17 13:02 - 00000000 ____D C:\ProgramData\Razer
2017-07-17 12:55 - 2017-07-17 00:31 - 00000000 ____D C:\Program Files (x86)\Razer
2017-07-17 12:53 - 2017-07-17 20:36 - 00012031 _____ C:\Windows\system32\InstallUtil.InstallLog
2017-07-17 12:52 - 2017-07-17 12:52 - 00000000 ____D C:\Users\user\AppData\Local\NetworkTiles
2017-07-17 12:51 - 2017-07-17 12:51 - 00000000 ____D C:\Users\user\AppData\Local\CEF
2017-07-17 12:50 - 2017-07-17 12:50 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2017-07-17 12:30 - 2017-07-17 12:30 - 00000000 ____D C:\ProgramData\BitDefender
2017-07-17 12:17 - 2017-07-17 12:17 - 00000000 ____D C:\Users\user\AppData\Roaming\adaware
2017-07-17 12:17 - 2017-07-17 12:17 - 00000000 ____D C:\Users\user\AppData\Local\AdAwareDesktop
2017-07-17 12:16 - 2017-07-17 12:16 - 00002423 _____ C:\Users\Public\Desktop\adaware antivirus.lnk
2017-07-17 12:16 - 2017-07-17 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adaware
2017-07-17 12:13 - 2017-07-17 12:51 - 00002371 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-17 12:13 - 2017-07-17 12:51 - 00000000 ___RD C:\Users\user\OneDrive
2017-07-17 12:13 - 2017-07-17 12:13 - 00000000 ____D C:\Users\Public\Lenovo App Explorer
2017-07-17 12:11 - 2017-07-17 12:11 - 00000000 ____D C:\Users\user\AppData\Local\Publishers
2017-07-17 12:10 - 2017-07-17 20:31 - 00000000 __SHD C:\Users\user\IntelGraphicsProfiles
2017-07-17 12:10 - 2017-07-17 14:08 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2017-07-17 12:10 - 2017-07-17 13:01 - 00000000 ____D C:\Users\user\AppData\Local\ConnectedDevicesPlatform
2017-07-17 12:10 - 2017-07-17 12:57 - 00000000 ____D C:\Users\user\AppData\Local\NVIDIA
2017-07-17 12:10 - 2017-07-17 12:10 - 00000020 ___SH C:\Users\user\ntuser.ini
2017-07-17 12:10 - 2017-07-17 12:10 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
2017-07-17 12:10 - 2017-07-17 12:10 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2017-07-17 12:10 - 2017-07-17 12:10 - 00000000 ____D C:\Users\user\AppData\Local\TileDataLayer
2017-07-17 12:10 - 2017-07-17 12:10 - 00000000 ____D C:\Program Files\Common Files\adaware
2017-07-17 12:10 - 2017-07-17 10:04 - 00000000 ____D C:\Users\user\AppData\Local\NVIDIA Corporation
2017-07-17 12:09 - 2017-07-17 12:09 - 00000020 ___SH C:\Users\defaultuser0\ntuser.ini
2017-07-17 12:09 - 2017-07-17 12:09 - 00000000 __SHD C:\Users\defaultuser0\IntelGraphicsProfiles
2017-07-17 12:09 - 2017-07-17 12:09 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2017-07-17 12:09 - 2017-07-17 12:09 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2017-07-17 12:09 - 2017-07-17 12:09 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2017-07-17 12:09 - 2017-07-17 12:09 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\NVIDIA Corporation
2017-07-17 12:09 - 2017-07-17 12:09 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\NVIDIA
2017-07-17 12:09 - 2017-07-17 12:09 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2017-07-17 12:09 - 2017-04-21 12:16 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Host App Service
2017-07-17 12:08 - 2017-07-17 12:09 - 00000000 ____D C:\Users\defaultuser0
2017-07-17 12:07 - 2017-07-17 12:07 - 00000000 _SHDL C:\Documents and Settings
2017-07-17 11:41 - 2017-07-17 11:41 - 00000258 __RSH C:\Users\user\ntuser.pol
2017-07-17 11:00 - 2017-07-17 11:42 - 00000000 ____D C:\Windows.old
2017-07-17 10:44 - 2017-07-17 10:44 - 00002686 _____ C:\Users\user\Desktop\µTorrent.lnk
2017-07-17 10:44 - 2017-07-17 10:44 - 00002686 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-07-17 10:40 - 2017-07-17 21:32 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2017-07-17 10:35 - 2017-07-17 10:35 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-07-17 10:35 - 2017-07-17 10:35 - 00000000 ____D C:\Users\user\AppData\Local\AdAwareUpdater
2017-07-17 10:35 - 2017-07-17 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-07-17 10:35 - 2017-07-17 10:35 - 00000000 ____D C:\Program Files\CCleaner
2017-07-17 10:35 - 2017-07-17 10:35 - 00000000 ____D C:\Program Files\adaware
2017-07-17 10:34 - 2017-07-17 10:34 - 00000000 ____D C:\ProgramData\adaware
2017-07-17 10:28 - 2017-01-12 21:49 - 02235392 _____ C:\Windows\SysWOW64\cuda_tromp_75.dll
2017-07-17 10:28 - 2017-01-12 21:49 - 00045056 _____ C:\Windows\SysWOW64\cpu_tromp_SSE2.dll
2017-07-17 10:28 - 2017-01-12 21:48 - 02235392 _____ C:\Windows\SysWOW64\cuda_tromp.dll
2017-07-17 10:28 - 2017-01-12 21:48 - 00044032 _____ C:\Windows\SysWOW64\cpu_tromp_AVX.dll
2017-07-17 10:28 - 2017-01-12 19:18 - 00986112 _____ C:\Windows\SysWOW64\cuda_djezo.dll
2017-07-17 10:28 - 2016-09-05 15:51 - 00366016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\cudart64_80.dll
2017-07-17 10:28 - 2016-09-05 15:51 - 00297408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\cudart32_80.dll
2017-07-17 10:28 - 2015-08-16 01:21 - 00360736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\cudart64_75.dll
2017-07-17 10:28 - 2015-08-16 01:21 - 00291632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\cudart32_75.dll
2017-07-17 10:27 - 2017-07-17 16:25 - 00000000 ____D C:\ProgramData\WindowsErrorReporting
2017-07-17 10:27 - 2017-07-17 10:27 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-07-17 10:25 - 2017-07-17 10:25 - 00000000 ____D C:\Users\user\AppData\Roaming\WinRAR
2017-07-17 10:25 - 2017-07-17 10:25 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-07-17 10:25 - 2017-07-17 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-07-17 10:25 - 2017-07-17 10:25 - 00000000 ____D C:\Program Files\WinRAR
2017-07-17 10:13 - 2017-07-17 10:13 - 00000000 ____D C:\Users\user\AppData\Local\Private Internet Access
2017-07-17 10:13 - 2017-07-17 10:13 - 00000000 ____D C:\Users\user\AppData\Local\Crashpad
2017-07-17 10:12 - 2017-07-17 21:20 - 00000000 ____D C:\Program Files\pia_manager
2017-07-17 10:12 - 2017-07-17 10:12 - 00027136 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2017-07-17 10:09 - 2017-07-17 10:09 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-07-17 09:49 - 2017-07-17 09:49 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-07-17 09:27 - 2017-07-17 09:27 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-07-17 09:27 - 2017-06-21 15:07 - 00179320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-07-17 09:27 - 2017-06-21 15:07 - 00146552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-07-17 09:27 - 2017-06-21 15:07 - 00057976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-07-17 09:27 - 2017-06-21 04:58 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-07-17 09:19 - 2017-01-18 09:15 - 00198568 _____ (Qualcomm®Atheros®) C:\Windows\system32\BtContextMenu.dll
2017-07-17 09:19 - 2017-01-18 09:15 - 00019976 _____ (Qualcomm®Atheros®) C:\Windows\system32\BtContextMenu.dll.muien-US
2017-07-17 09:19 - 2017-01-18 05:13 - 00057624 _____ C:\Windows\system32\Drivers\AthrBT_0x00000300.dfu
2017-07-17 09:19 - 2017-01-18 05:13 - 00036044 _____ C:\Windows\system32\Drivers\AthrBT_0x00000302.dfu
2017-07-17 08:01 - 2017-07-17 08:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Macromedia
2017-07-17 00:35 - 2017-07-17 00:35 - 02373944 _____ (Microsoft Corporation) C:\Windows\system32\WudfUpdate_01011.dll
2017-07-17 00:32 - 2017-07-17 00:32 - 00000000 ____D C:\Users\user\AppData\Local\UNP
2017-07-17 00:32 - 2017-07-17 00:32 - 00000000 ____D C:\Users\user\AppData\Local\Razer
2017-07-17 00:17 - 2017-07-17 00:18 - 00000000 ___SD C:\Windows\UpdateAssistantV2
2017-07-16 23:44 - 2017-07-16 23:47 - 00000000 ____D C:\Windows\system32\MRT
2017-07-16 23:41 - 2017-07-16 23:42 - 00000000 ____D C:\Program Files\UNP
2017-07-16 23:41 - 2017-07-16 23:41 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-16 23:41 - 2017-07-16 23:41 - 00000000 ____D C:\Windows\system32\UNP
2017-07-16 22:56 - 2016-12-21 15:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-07-16 22:56 - 2016-12-21 12:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-07-16 22:11 - 2017-07-16 22:11 - 00000000 ____D C:\Users\user\AppData\Roaming\Google

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-17 20:51 - 2016-07-16 19:47 - 00000000 ____D C:\Windows\AppReadiness
2017-07-17 20:40 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-17 20:32 - 2017-04-21 12:32 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-17 20:30 - 2016-07-30 01:26 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-17 20:29 - 2016-07-16 14:04 - 00262144 _____ C:\Windows\system32\config\BBI
2017-07-17 19:49 - 2016-07-30 01:26 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-07-17 18:40 - 2016-07-16 19:47 - 00000000 ____D C:\Windows\system32\NDF
2017-07-17 18:34 - 2016-07-16 19:45 - 00000000 ____D C:\Windows\INF
2017-07-17 18:26 - 2016-07-30 01:25 - 00386392 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-17 17:49 - 2016-07-16 19:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-17 17:49 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-17 17:47 - 2017-04-21 12:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-17 17:47 - 2016-07-16 19:47 - 00000167 _____ C:\Windows\win.ini
2017-07-17 17:47 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Common Files\System
2017-07-17 17:35 - 2016-07-16 14:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-07-17 13:02 - 2017-04-21 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-07-17 12:33 - 2016-07-16 14:04 - 00000000 ____D C:\Program Files\StartCompounds Board
2017-07-17 12:14 - 2017-04-21 12:33 - 00000000 ____D C:\ProgramData\Intel
2017-07-17 12:12 - 2016-07-16 19:47 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2017-07-17 12:08 - 2017-04-21 12:34 - 00003118 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2017-07-17 11:47 - 2017-04-21 12:34 - 00376270 _____ C:\Windows\system32\prfh0404.dat
2017-07-17 11:47 - 2017-04-21 12:34 - 00137328 _____ C:\Windows\system32\prfc0404.dat
2017-07-17 11:47 - 2017-04-21 12:27 - 00386262 _____ C:\Windows\system32\prfh0804.dat
2017-07-17 11:47 - 2017-04-21 12:27 - 00141624 _____ C:\Windows\system32\prfc0804.dat
2017-07-17 11:47 - 2016-07-30 01:31 - 01874264 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-17 10:37 - 2016-07-30 02:19 - 00000000 ____D C:\Windows\Panther
2017-07-17 10:27 - 2017-04-21 12:25 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-17 10:27 - 2016-07-16 19:47 - 00000000 ____D C:\Windows\system32\GroupPolicy
2017-07-17 09:42 - 2016-07-16 19:47 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-07-17 09:28 - 2017-04-21 12:32 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-17 09:27 - 2017-04-21 12:32 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-07-17 09:27 - 2017-04-21 12:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-07-17 09:26 - 2017-04-21 12:07 - 00000000 ____D C:\Program Files\Lenovo
2017-07-17 09:21 - 2016-07-16 22:11 - 00000000 ____D C:\Windows\OCR
2017-07-17 09:20 - 2017-04-21 12:30 - 00000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2017-07-17 09:16 - 2017-04-21 11:57 - 00000000 ____D C:\ProgramData\Lenovo
2017-07-17 07:51 - 2016-07-16 19:36 - 00000000 ____D C:\Windows\CbsTemp
2017-07-17 00:31 - 2016-07-30 01:27 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-17 00:22 - 2017-04-21 12:35 - 00000000 ____D C:\Program Files\Elantech
2017-06-30 22:46 - 2016-07-16 19:49 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-30 22:46 - 2016-07-16 19:49 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-21 15:07 - 2017-04-21 12:32 - 01903224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-06-21 15:07 - 2017-04-21 12:32 - 01755256 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-06-21 15:07 - 2017-04-21 12:32 - 01489528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-06-21 15:07 - 2017-04-21 12:32 - 01317496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-06-21 15:07 - 2017-04-21 12:32 - 00121464 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-06-21 15:07 - 2017-04-21 12:31 - 00048248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

==================== Files in the root of some directories =======

2017-07-17 20:22 - 2017-07-17 18:06 - 0000050 _____ () C:\Program Files\Keys.txt
2017-04-21 12:35 - 2017-04-21 12:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-04-21 12:35 - 2017-04-21 12:35 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
2017-07-17 10:27 - 2017-07-17 10:27 - 4021600 _____ (Easeware ) C:\Users\user\AppData\Local\Temp\949F.tmp.exe
2017-07-17 10:27 - 2017-07-17 10:27 - 0636003 _____ (DEvTCeAPPaRUKsrqMoFa ) C:\Users\user\AppData\Local\Temp\browmodule.exe
2017-07-17 10:27 - 2017-07-17 10:27 - 1199825 _____ () C:\Users\user\AppData\Local\Temp\unins000.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-17 07:50

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2017
Ran by user (17-07-2017 21:32:22)
Running from C:\Users\user\Downloads
Windows 10 Home Version 1607 (X64) (2017-07-17 04:09:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1904544824-3824733754-4098052484-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1904544824-3824733754-4098052484-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1904544824-3824733754-4098052484-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1904544824-3824733754-4098052484-501 - Limited - Disabled)
user (S-1-5-21-1904544824-3824733754-4098052484-1001 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: adaware antivirus (Enabled - Up to date) {2C8A0DAA-E78D-4944-DB01-263173C8FFD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: adaware antivirus (Enabled - Up to date) {97EBEC4E-C1B7-46CA-E1B1-1D43084FB564}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

adaware antivirus (HKLM\...\{BECD7155-DC57-4F89-B1A8-A90B033C6209}_AdAwareUpdater) (Version: 12.0.649.11190 - adaware)
AdAwareInstaller (HKLM\...\{D7BF2029-EB2D-4523-AFA0-95CE605E696E}) (Version: 12.0.649.11190 - adaware) Hidden
AdAwareProxyEngine (HKLM\...\{7F7C8AE0-961B-4AED-B99A-D9BE29C0F24C}) (Version: 1.0.0.8 - adaware) Hidden
AdAwareUpdater (HKLM\...\{BECD7155-DC57-4F89-B1A8-A90B033C6209}) (Version: 12.0.649.11190 - adaware) Hidden
AntimalwareEngine (HKLM\...\{06D33B93-9458-4E28-BDEA-F5ECB2C3C30E}) (Version: 3.0.144.0 - adaware) Hidden
AntispamEngine (HKLM\...\{7DE129E5-BB4A-4517-A6CD-C69EEB346781}) (Version: 2.5.337.0 - adaware) Hidden
Avast Browser Cleanup (HKU\S-1-5-21-1904544824-3824733754-4098052484-1001\...\Avast Browser Cleanup) (Version: 12.1.2272.125 - AVAST Software)
AvcEngine (HKLM\...\{3E5BEF30-3962-4B47-AECA-937B6CBB0A68}) (Version: 3.12.15976.0 - adaware) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Dolby Audio X2 Windows API SDK (HKLM\...\{AA950AA4-CD9B-4D81-B6C0-BFABB7A24261}) (Version: 0.7.5.65 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.)
FirewallEngine (HKLM\...\{AAF4B2C1-2E27-46EF-9B9E-2B2130F056F3}) (Version: 2.0.0.20 - adaware) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel® Online Connect Software Asset Manager (HKLM-x32\...\{4FA94F64-1A00-4426-BF58-D08EB592CE1B}) (Version: 3.4.2095 - Intel Corporation) Hidden
Lenovo App Explorer (HKU\S-1-5-21-1904544824-3824733754-4098052484-1000\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo)
Lenovo Nerve Sense (HKLM\...\{DCB4DFB5-93CA-4BDD-9D08-CE880626B46E}_is1) (Version: 2.6.11.8 - Lenovo)
Lenovo System Interface Foundation Driver (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.078.00 - Lenovo)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1904544824-3824733754-4098052484-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA Graphics Driver 373.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 373.50 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OnlineThreatsEngine (HKLM\...\{26F31E12-3722-45FD-903B-49012286BB4C}) (Version: 3.0.1.23 - adaware) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.50 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.5 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers01: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-15] (Elaborate Bytes AG)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-07-14] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers02: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareShellExtension.dll [2017-02-21] ()
ContextMenuHandlers02: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-15] (Elaborate Bytes AG)
ContextMenuHandlers03: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareShellExtension.dll [2017-02-21] ()
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\ki120397.inf_amd64_8c63902cd832fca6\igfxDTCM.dll [2017-01-18] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-01-02] (NVIDIA Corporation)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-07-14] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0944BB49-33C0-41C5-8595-CAE053826136} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-17] (Google Inc.)
Task: {096A8E4D-4CC8-478F-8778-E1EA9CB894C8} - System32\Tasks\avast! BCU UpdateS-1-5-21-1904544824-3824733754-4098052484-1001 => C:\Users\user\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software)
Task: {0EDA81B6-2878-41B9-832E-7E736DD6B5F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {1489AD55-7719-4263-8E9E-129CD8075EE7} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {14D83118-5DF6-4FBA-B26F-8466F1D895CA} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-10-14] (Intel® Corporation)
Task: {1EA45B0C-E51F-483D-B136-DE20CF8F9819} - \StartCompounds Board -> No File <==== ATTENTION
Task: {379A15E0-F0C3-4AE8-9E9F-4C8398CECDA0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {46682472-721B-4734-927B-5E4AF4FE6A44} - System32\Tasks\Microsoft\Windows\Multimedia\Driver => C:\Windows\SysWOW64\Easeware.Driver.exe
Task: {61E4C46F-7E60-42AF-8EDB-9545C909E6E3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\83b76e86-d287-4ded-a68b-68fc81f0c244 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {6A39B35A-B8FA-446A-8A32-70E2A2D1D33A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {8CB464DC-2877-4701-962F-B3B2F8635E0C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e0bafeb7-ac94-40ab-a5ef-779511071c38 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {AE2D3B72-2BFA-4AF8-AC46-C765981B2460} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask_Once => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {B5717442-9265-409F-A4E8-873DE5C892A9} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ce7a387b-5585-4447-b55a-1558ff767d64 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {B629DF56-7443-4915-935B-CE0F8359A5AD} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {C8F17AEA-66AE-4FD8-8406-0402E67A5152} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-17] (Google Inc.)
Task: {E86FF37E-F308-4FC9-8A29-59D6FA37E858} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {ED46052A-CA11-470A-9EB1-6D6CE0DCDD13} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {F0E9D5A9-2251-4FC5-AA5A-55E9870515F2} - System32\Tasks\avastBCLS-1-5-21-1904544824-3824733754-4098052484-1001 => C:\Users\user\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2017-07-17] (AVAST Software)
Task: {FB29DA08-A5F4-421D-9E05-2BC58414AEE5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {FCA9D751-C7B7-4550-87A7-0C5279B16C08} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-07-16 19:42 - 2016-07-16 19:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-07-16 23:09 - 2017-06-21 15:48 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-04-21 12:32 - 2017-01-02 11:25 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-21 14:45 - 2017-02-21 14:45 - 00585784 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareService.exe
2017-02-21 14:50 - 2017-02-21 14:50 - 00121816 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_thread-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00030680 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_system-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00067544 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_date_time-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00144856 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_filesystem-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00733144 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_log-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00524760 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_locale-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00039384 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_chrono-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 11554264 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\rpc_server.dll
2017-02-21 14:51 - 2017-02-21 14:51 - 03712984 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\RCF.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01000920 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_regex-vc140-mt-1_61.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 01142232 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareActivation.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 00633816 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareApplicationUpdater.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00843736 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareGamingMode.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00120280 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareReset.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00142296 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTime.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 01024472 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareDefinitionsUpdater.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 00906712 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareDefinitionsUpdaterScheduler.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01468376 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareIgnoreList.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00261080 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareQuarantine.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 01652184 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareAntiMalwareEngine.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01194456 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareScannerHistory.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01553880 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareScanner.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00039384 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_timer-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01032152 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareScannerScheduler.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01183192 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareRealTimeProtection.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 02887640 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareIncompatibles.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 01525208 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareAntiSpam.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 01456600 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareAntiPhishing.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 03464664 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareParentalControl.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01653720 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareWebProtection.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 01598936 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareEmailProtection.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00073176 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_iostreams-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01712088 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareNetworkProtection.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01067480 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwarePromo.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00475096 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareFeedback.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 03166168 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareThreatWorkAlliance.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00667096 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwarePinCode.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01069528 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareNotice.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 01598424 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareAvcEngine.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01496536 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareRealTimeProtectionHistory.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00774104 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareStatistics.dll
2017-07-17 12:30 - 2017-07-17 12:30 - 01008448 _____ () C:\Program Files\adaware\adaware antivirus\Online Threats Engine\definitions\loc2\ashttpbr.mdl
2017-07-17 12:30 - 2017-07-17 12:30 - 00541952 _____ () C:\Program Files\adaware\adaware antivirus\Online Threats Engine\definitions\loc2\ashttpdsp.mdl
2017-07-17 12:30 - 2017-07-17 12:30 - 03243920 _____ () C:\Program Files\adaware\adaware antivirus\Online Threats Engine\definitions\loc2\ashttpph.mdl
2017-07-17 12:30 - 2017-07-17 12:30 - 01544568 _____ () C:\Program Files\adaware\adaware antivirus\Online Threats Engine\definitions\loc2\ashttprbl.mdl
2016-10-18 11:00 - 2016-10-18 11:00 - 00107752 _____ () C:\Program Files\Intel\Intel® Online Connect Access\libglog.dll
2016-10-18 11:00 - 2016-10-18 11:00 - 00412904 _____ () C:\Program Files\Intel\Intel® Online Connect Access\JsonCpp.dll
2017-04-21 12:32 - 2017-06-21 15:07 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-25 06:20 - 2016-09-25 06:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-10-27 03:46 - 2015-10-27 03:46 - 08901800 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 02687960 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareShellExtension.dll
2016-11-02 08:18 - 2016-11-02 08:18 - 00253664 _____ () C:\Program Files\Intel\Intel® Online Connect\CSLibWrapper.dll
2017-04-21 12:43 - 2017-04-21 12:43 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-07-16 23:08 - 2017-03-04 14:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-07-16 23:09 - 2017-03-04 14:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-07-16 23:09 - 2017-03-04 14:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-16 23:09 - 2017-03-04 14:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-07-16 23:09 - 2017-06-21 14:35 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-07-16 23:09 - 2017-06-21 14:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-24 16:33 - 2016-06-24 16:33 - 00829632 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2017-02-21 14:50 - 2017-02-21 14:50 - 04461016 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe
2017-02-21 14:50 - 2017-02-21 14:50 - 11717592 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\rpc_client.dll
2016-09-19 19:02 - 2016-09-19 19:02 - 00163336 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2017-07-17 20:44 - 2017-06-27 12:06 - 02260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-04-21 12:08 - 2017-04-28 19:09 - 00032096 _____ () C:\Program Files\Lenovo\Nerve Center\bin\x64\res_EN_English_US.dll
2017-04-21 12:08 - 2017-04-28 19:09 - 02783072 _____ () C:\Program Files\Lenovo\Nerve Center\bin\x64\res_UI_OEB.dll
2017-04-21 12:08 - 2017-04-28 19:09 - 01190240 _____ () C:\Program Files\Lenovo\Nerve Center\bin\x64\res_UI.dll
2017-04-21 12:08 - 2017-04-28 19:08 - 01896800 _____ () C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderApi.dll
2017-04-21 12:32 - 2017-06-21 15:07 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-04-21 12:32 - 2017-06-21 15:06 - 66837112 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-11-09 10:40 - 2016-11-09 10:40 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-04-21 12:19 - 2016-12-07 07:09 - 00116064 _____ () C:\Program Files (x86)\Lenovo\CCSDK\Xmlparser.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\user\Downloads\adwcleaner_6.047.exe:BDU [0]
AlternateDataStreams: C:\Users\user\Downloads\avast-browser-cleanup-sfx.exe:BDU [0]
AlternateDataStreams: C:\Users\user\Downloads\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\user\Downloads\EmsisoftEmergencyKit.exe:BDU [0]
AlternateDataStreams: C:\Users\user\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\user\Downloads\GooredFix.exe:BDU [0]
AlternateDataStreams: C:\Users\user\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\user\Downloads\tdsskiller.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 19:47 - 2017-07-17 20:10 - 00000787 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1904544824-3824733754-4098052484-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1904544824-3824733754-4098052484-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EA360110-77D5-4110-9A87-541774FE2061}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{99116B09-3054-4513-8383-45A2ABBE4140}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{177CB452-1838-4A09-92ED-05C80729A50C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{52D58570-1C9F-4070-ADED-3D00F7F82E8D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{72B6C454-80EC-48A2-93FF-D557487037A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5621367E-39D7-43CA-9CDF-8D60B8F2CA21}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{93DCAF6A-C91A-41CD-B7CE-8D35A441A5F8}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0BD876DD-320E-423A-B43A-3D2BCF6A34BA}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CE8DDA48-290C-4FCF-97FD-0EA0A04B2EF0}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4DE2831E-3EAA-4978-AB37-7495DC55FA33}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9106BD7C-F6CC-4E22-809D-DC7CD7394D80}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1A45839E-5FEE-4DF2-BEC4-19E53AE619D2}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E1F4B474-3DD7-484B-877A-48910306A5B6}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{86635279-913B-4E1B-ABC0-A90E23D39F20}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{46DF5B91-9FC1-47A8-A4BC-30DD3BC5A828}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{DB71814A-EF26-4EDF-BC94-B6914B7A8016}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{5041E6BD-DDC9-476A-965C-FA831ECC62ED}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{94AA07A7-749D-460B-B76A-A9121D401A32}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{29E2148B-02A8-4A8B-8003-895681C89386}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{4DFBC906-43E7-43FB-AA80-9B03B52FEC2D}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{3338413E-9732-4865-BC73-01BF4E1480DC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{5A890527-C5ED-417F-B73F-D2551D70149F}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{EEE0C6C7-3A5F-4E45-B618-E105558029AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

16-07-2017 23:12:55 Windows Update
16-07-2017 23:14:44 Windows Update

==================== Faulty Device Manager Devices =============

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2017 09:20:45 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Lenovo Nerve Center(Sense) Tray - is a Lenovo app custom-developed to enhance your gaming experience because of this error.

Program: Lenovo Nerve Center(Sense) Tray - is a Lenovo app custom-developed to enhance your gaming experience
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: A47A4C80
Disk type: 0

Error: (07/17/2017 09:20:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LenovoNerveCenterTray.exe, version: 2.6.11.8, time stamp: 0x5903220b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000001d
Fault offset: 0x00007ffc373901aa
Faulting process id: 0x1714
Faulting application start time: 0x01d2feff7e242eef
Faulting application path: C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe
Faulting module path: unknown
Report Id: a16156f5-7265-4020-8bd5-ab7ce4facd89
Faulting package full name:
Faulting package-relative application ID:

Error: (07/17/2017 08:47:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GooredFix.exe, version: 2.0.0.687, time stamp: 0x4c2f02ff
Faulting module name: ntdll.dll, version: 10.0.14393.1378, time stamp: 0x594a1295
Exception code: 0xc0000005
Fault offset: 0x00026dc9
Faulting process id: 0x2fcc
Faulting application start time: 0x01d2fefad71a4b75
Faulting application path: C:\Users\user\Downloads\GooredFix.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: bc38dd09-3307-4438-8bf2-53be448258d3
Faulting package full name:
Faulting package-relative application ID:

Error: (07/17/2017 08:18:17 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (07/17/2017 08:11:10 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (07/17/2017 07:23:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRYAN-PC)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/17/2017 07:18:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRYAN-PC)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/17/2017 07:10:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRYAN-PC)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/17/2017 07:05:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRYAN-PC)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/17/2017 06:58:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRYAN-PC)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (07/17/2017 08:44:13 PM) (Source: DCOM) (EventID: 10016) (User: BRYAN-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user BRYAN-PC\user SID (S-1-5-21-1904544824-3824733754-4098052484-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2017 08:31:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2017 08:31:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:
The operation completed successfully.

Error: (07/17/2017 08:30:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2017 08:30:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2017 08:29:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2017 08:14:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2017 08:14:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2017 08:14:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2017 08:14:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-07-17 20:44:30.734
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-07-17 20:44:30.727
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 35%
Total physical RAM: 16259.16 MB
Available physical RAM: 10518.68 MB
Total Virtual: 19203.16 MB
Available Virtual: 13625.35 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:661.12 GB) (Free:591.09 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D1A68B09)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 18 July 2017 - 09:54 PM.
Posted modified logs


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:01 PM

Posted 18 July 2017 - 10:18 PM

Greetings ighost and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Microsoft Office Professional Plus 2016 and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:01 PM

Posted 21 July 2017 - 04:44 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:01 PM

Posted 23 July 2017 - 07:09 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users