Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to remove the Autolt error


  • This topic is locked This topic is locked
37 replies to this topic

#1 vin_012

vin_012

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 26 November 2017 - 12:33 AM

My laptop looked like infected by a worm that caused Autolt error every start up. I'm using Comodo but it seems not able to protect me from this worm. I've attached the screenshot of this error here. How do I get rid of this error?

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:14 PM

Posted 26 November 2017 - 03:37 AM

Hello vin_012 and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please follow these instructions in the order given.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista/7/8/10, instead of double-clicking, right-mouse click JRT.exe and select ‘Run as Administrator’
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:14 PM

Posted 28 November 2017 - 04:17 AM

Hi vin_012

It has been a couple of days since I replied to your request for help with your computer problems.

Please let me know if you are having problems and still need help.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:14 PM

Posted 29 November 2017 - 04:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:14 PM

Posted 30 November 2017 - 04:19 AM

This topic has been re-opened at the request of the original poster.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 vin_012

vin_012
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 01 December 2017 - 01:02 AM

Thanks for re-opening this topic.

 

Still showing the same error at start up. I've included here the logs for your reference.

 

# AdwCleaner 7.0.4.0 - Logfile created on Thu Nov 30 05:29:48 2017
# Updated on 2017/27/10 by Malwarebytes 
# Running on Windows 10 Home Single Language (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\ProgramData\Host App Service
Deleted: C:\ProgramData\Application Data\Host App Service
Deleted: C:\Users\All Users\Host App Service
Deleted: C:\Users\Default\AppData\Local\Host App Service
Deleted: C:\Users\Default User\AppData\Local\Host App Service
Deleted: C:\Users\LENOVO PC\AppData\Local\Host App Service
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
Deleted: App Explorer
 
 
***** [ Registry ] *****
 
Deleted: [Key] - HKU\S-1-5-21-3488062652-1905507521-983585538-1001\Software\Host App Service
Deleted: [Key] - HKU\S-1-5-21-3488062652-1905507521-983585538-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted: [Key] - HKCU\Software\Host App Service
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1728 B] - [2017/11/30 5:23:10]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
 
 
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home Single Language x64 
Ran by LENOVO PC (Administrator) on 30/11/2017 at 13:41:13.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\LENOVO PC\AppData\Local\{0F376500-DFBE-47DE-A1F0-B86761A82BF2} (Empty Folder)
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Free Download Manager (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/11/2017 at 13:45:54.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-11-2017
Ran by LENOVO PC (administrator) on LAPTOP-BCBBVEG2 (30-11-2017 13:53:45)
Running from C:\Users\LENOVO PC\Downloads
Loaded Profiles: LENOVO PC (Available Profiles: LENOVO PC)
Platform: Windows 10 Home Single Language Version 1703 15063.540 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_bde03d8af75e6be5\igfxCUIService.exe
(FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(COMODO) C:\Program Files (x86)\Comodo\COMODO Cloud Antivirus\ccavsrv.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(COMODO) C:\Program Files (x86)\Comodo\COMODO Cloud Antivirus\ccavsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Users\LENOVO PC\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8500.40725.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8500.40725.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2788920 2016-01-09] (NVIDIA Corporation)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1831256 2016-01-08] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [602968 2015-12-08] (Conexant Systems, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-05] (Intel Corporation)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110008 2015-07-21] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492472 2015-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [695528 2015-02-03] (Zbshareware Lab)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [CCAV] => C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe [6360672 2017-11-19] (COMODO)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-07-05] (COMODO)
HKU\S-1-5-21-3488062652-1905507521-983585538-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50615936 2016-01-18] (Skype Technologies S.A.)
HKU\S-1-5-21-3488062652-1905507521-983585538-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4001848 2016-12-24] (Tonec Inc.)
HKU\S-1-5-21-3488062652-1905507521-983585538-1001\...\Run: [AdopeUpdate] => C:\GoogleChrome\GoogleUpdate.lnk [692 2015-03-25] ()
HKU\S-1-5-21-3488062652-1905507521-983585538-1001\...\Run: [AdopeFlash] => C:\GoogleChrome\GoogleChrome.exe [750320 2015-01-05] (AutoIt Team)
Startup: C:\Users\LENOVO PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-19]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.137.1
Tcpip\..\Interfaces\{025e7cad-0899-4b09-921f-4e642e33c5f2}: [DhcpNameServer] 192.168.137.1
Tcpip\..\Interfaces\{21c775e1-e3e7-4149-bcff-b632af31d788}: [DhcpNameServer] 150.204.1.3
 
Internet Explorer:
==================
HKU\S-1-5-21-3488062652-1905507521-983585538-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ph.yahoo.com/?fr=fp-comodo&type=19_25050030005_52.15.25.664_i_hp
HKU\S-1-5-21-3488062652-1905507521-983585538-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3488062652-1905507521-983585538-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-3488062652-1905507521-983585538-1001 -> DefaultScope {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=42_33220003005_1.13.429196.569_u_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3488062652-1905507521-983585538-1001 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=42_33220003005_1.13.429196.569_u_ds_sp&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-23] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-23] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-07-11] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\LENOVO PC\AppData\Roaming\Mozilla\Firefox\Profiles\xWnuOiFI.default [2017-01-03]
FF Extension: (Avira Browser Safety) - C:\Users\LENOVO PC\AppData\Roaming\Mozilla\Firefox\Profiles\xWnuOiFI.default\Extensions\abs@avira.com [2017-01-03]
FF HKU\S-1-5-21-3488062652-1905507521-983585538-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\LENOVO PC\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\LENOVO PC\AppData\Roaming\IDM\idmmzcc5 [2017-11-30] [Lagacy] [not signed]
FF HKU\S-1-5-21-3488062652-1905507521-983585538-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16] [Lagacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-15] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-23] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-08] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://ph.yahoo.com/?fr=fpc-comodo&type=19_25050030006_55.0.2883.59_u_hp_sp","hxxps://ph.yahoo.com/?fr=fpc-comodo&type=42_33220003006_1.13.429196.569_u_hp_sp","hxxps://ph.yahoo.com/?fr=fpc-comodo&type=42_33220003006_1.14.432369.594_u_hp_sp","hxxps://ph.yahoo.com/?fr=fpc-comodo&type=42_33220003006_1.14.433704.601_u_hp_sp"
CHR Profile: C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default [2017-11-30]
CHR Extension: (Docs) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-16]
CHR Extension: (YouTube) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-16]
CHR Extension: (Google Search) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-12-16]
CHR Extension: (HTTPS Everywhere) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-11-24]
CHR Extension: (Google Docs Offline) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-16]
CHR Extension: (Save to Google Drive) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2017-04-29]
CHR Extension: (Ears: Bass Boost, EQ Any Audio!) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfdfiepdkbnoanddpianalelglmfooik [2017-11-25]
CHR Extension: (IDM Integration Module) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-09-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-16]
CHR Extension: (Chrome Media Router) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKU\S-1-5-21-3488062652-1905507521-983585538-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 ccavsrv; C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe [6360672 2017-11-19] (COMODO)
S3 ccavvirth; C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavvirth.exe [2857144 2017-11-19] (COMODO)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-30] (Lenovo)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163328 2016-01-27] () [File not signed]
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2273432 2017-09-27] (Comodo)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-11-15] (Foxit Software Inc.)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (Lenovo)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-01-09] (NVIDIA Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-05] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68416 2017-09-08] (Lenovo Group Limited)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-07-05] (COMODO)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-08-08] (Lenovo)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-01-09] (NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [267352 2017-03-23] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows ® Win 7 DDK provider) [File not signed]
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-13] (CyberLink)
R0 cmdccav; C:\WINDOWS\System32\drivers\CmdCCAV.sys [436216 2017-10-25] (COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-30] (COMODO)
S3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-12-22] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [408280 2015-10-15] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3094272 2015-12-30] (Realtek Semiconductor Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-30 13:53 - 2017-11-30 13:54 - 000020918 _____ C:\Users\LENOVO PC\Downloads\FRST.txt
2017-11-30 13:53 - 2017-11-30 13:53 - 000000000 ____D C:\FRST
2017-11-30 13:50 - 2017-11-30 13:50 - 002391552 _____ (Farbar) C:\Users\LENOVO PC\Downloads\FRST64.exe
2017-11-30 13:45 - 2017-11-30 13:45 - 000001116 _____ C:\Users\LENOVO PC\Desktop\JRT.txt
2017-11-30 13:39 - 2017-11-30 13:39 - 001790024 _____ (Malwarebytes) C:\Users\LENOVO PC\Downloads\JRT.exe
2017-11-30 13:34 - 2017-11-30 13:34 - 000001777 _____ C:\Users\LENOVO PC\Desktop\AdwCleaner[C0].txt
2017-11-30 13:06 - 2017-11-30 13:26 - 000000000 ____D C:\AdwCleaner
2017-11-30 13:00 - 2017-11-30 13:02 - 008261584 _____ (Malwarebytes) C:\Users\LENOVO PC\Downloads\adwcleaner_7.0.4.0.exe
2017-11-19 19:17 - 2017-11-19 19:17 - 000908640 _____ C:\Users\LENOVO PC\Downloads\ScrewConveyor v2.f3d
2017-11-19 13:42 - 2017-11-19 13:42 - 000053597 _____ C:\Users\LENOVO PC\Downloads\Screw_Conveyor.f3d
2017-11-19 12:43 - 2017-11-19 12:43 - 000027982 _____ C:\Users\LENOVO PC\Documents\Hardware-Scan-2017-11-19T12_42_26.HTML
2017-11-19 03:36 - 2017-11-19 03:41 - 000000446 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-11-15 18:08 - 2017-11-15 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-11-15 18:08 - 2017-11-15 18:08 - 000000000 ____D C:\Program Files\7-Zip
2017-11-15 17:50 - 2017-11-15 17:50 - 000148918 _____ C:\Users\LENOVO PC\Downloads\Gear_Housing_iges.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-30 13:50 - 2016-12-31 11:55 - 000584472 _____ C:\WINDOWS\system32\Drivers\ccavsfi.dat
2017-11-30 13:37 - 2016-12-17 16:46 - 000478620 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-11-30 13:34 - 2017-04-29 17:26 - 000000000 ____D C:\Users\LENOVO PC\AppData\Local\Free Download Manager
2017-11-30 13:34 - 2016-12-16 09:55 - 000000000 __SHD C:\Users\LENOVO PC\IntelGraphicsProfiles
2017-11-30 13:31 - 2017-09-10 08:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-30 13:31 - 2016-05-16 10:51 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-30 13:30 - 2017-03-18 19:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-11-30 13:29 - 2015-10-30 15:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-11-30 12:59 - 2017-09-10 08:20 - 000004174 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{460720CC-811C-40AF-8AA1-33FAEC218664}
2017-11-29 20:03 - 2016-12-23 20:36 - 000000000 ____D C:\Users\LENOVO PC\AppData\Roaming\DMCache
2017-11-29 19:37 - 2017-09-10 07:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-29 19:03 - 2016-12-16 09:55 - 000000000 ____D C:\Users\LENOVO PC\AppData\Local\Packages
2017-11-28 17:16 - 2017-03-25 17:20 - 000000000 ____D C:\Users\LENOVO PC\AppData\Local\ElevatedDiagnostics
2017-11-28 15:59 - 2017-03-19 04:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-27 09:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-26 13:53 - 2016-12-25 04:45 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-26 13:52 - 2017-03-18 19:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-26 13:17 - 2016-12-31 11:45 - 000002195 _____ C:\Users\Public\Desktop\COMODO Cloud Antivirus.lnk
2017-11-26 13:17 - 2016-12-31 11:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2017-11-25 17:11 - 2015-11-04 03:28 - 000935170 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-25 00:20 - 2016-12-16 18:59 - 000000000 ____D C:\Users\LENOVO PC\AppData\Roaming\vlc
2017-11-22 16:08 - 2016-05-16 10:09 - 000000000 ____D C:\Program Files (x86)\Lenovo
2017-11-22 16:07 - 2016-12-16 10:01 - 000000000 ____D C:\Users\LENOVO PC\AppData\Local\Lenovo
2017-11-22 16:07 - 2016-05-16 10:25 - 000000000 ____D C:\ProgramData\Lenovo
2017-11-19 18:40 - 2016-12-16 18:57 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-11-19 12:51 - 2017-03-19 05:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-19 07:14 - 2017-01-25 09:49 - 000441016 _____ (COMODO) C:\WINDOWS\system32\ccavvrt64.dll
2017-11-19 07:14 - 2017-01-25 09:49 - 000342712 _____ (COMODO) C:\WINDOWS\SysWOW64\ccavvrt32.dll
2017-11-19 07:14 - 2017-01-25 09:48 - 000494624 _____ (COMODO) C:\WINDOWS\system32\CcavGuard64.dll
2017-11-19 07:14 - 2017-01-25 09:48 - 000382288 _____ (COMODO) C:\WINDOWS\SysWOW64\CcavGuard32.dll
2017-11-18 12:34 - 2017-03-27 22:37 - 000000000 ____D C:\Users\LENOVO PC\Desktop\Movies
2017-11-16 08:52 - 2017-09-10 08:20 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-16 08:52 - 2017-09-10 08:20 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-15 17:10 - 2017-09-09 07:49 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-15 17:08 - 2017-09-10 08:20 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-15 17:06 - 2017-09-10 08:20 - 000004560 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-15 17:06 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-15 17:06 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-13 21:44 - 2017-09-10 07:56 - 000000000 ____D C:\Users\LENOVO PC
2017-11-13 18:52 - 2016-12-16 18:57 - 000000000 ____D C:\ProgramData\Adobe
2017-11-13 18:52 - 2016-12-16 18:56 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-13 18:52 - 2016-12-16 09:55 - 000000000 ____D C:\Users\LENOVO PC\AppData\Roaming\Adobe
2017-11-13 16:50 - 2017-10-24 11:33 - 000000000 ____D C:\Users\LENOVO PC\Desktop\Fusion 360 Tutorial
2017-11-13 14:48 - 2017-10-25 10:37 - 000000000 ___RD C:\Users\LENOVO PC\Creative Cloud Files
2017-11-13 14:48 - 2017-01-02 17:39 - 000000000 ____D C:\Users\LENOVO PC\AppData\Local\Adobe
2017-11-12 19:20 - 2017-10-22 16:02 - 000002828 _____ C:\Users\LENOVO PC\Desktop\Autodesk Fusion 360.lnk
2017-11-08 13:23 - 2017-09-11 07:47 - 000003384 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3488062652-1905507521-983585538-1001
2017-11-08 13:23 - 2016-12-16 09:59 - 000002382 _____ C:\Users\LENOVO PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-08 13:23 - 2016-12-16 09:59 - 000000000 ___RD C:\Users\LENOVO PC\OneDrive
 
Some files in TEMP:
====================
2017-11-08 14:07 - 2017-11-08 15:53 - 000000000 _____ () C:\Users\LENOVO PC\AppData\Local\Temp\{A16ADE2F-502A-4274-97C8-10BDDAE98A6C}-62.0.3202.89_61.0.3163.100_chrome_updater.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-26 13:59
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-11-2017
Ran by LENOVO PC (30-11-2017 13:55:05)
Running from C:\Users\LENOVO PC\Downloads
Windows 10 Home Single Language Version 1703 15063.540 (X64) (2017-09-10 00:30:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3488062652-1905507521-983585538-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3488062652-1905507521-983585538-503 - Limited - Disabled)
Guest (S-1-5-21-3488062652-1905507521-983585538-501 - Limited - Disabled)
LENOVO PC (S-1-5-21-3488062652-1905507521-983585538-1001 - Administrator - Enabled) => C:\Users\LENOVO PC
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Cloud Antivirus (Disabled - Up to date) {0C515E80-E355-69BD-3445-A511E5C186FD}
AS: COMODO Sandbox (Disabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.2 - Arduino LLC)
Autodesk Fusion 360 (HKU\S-1-5-21-3488062652-1905507521-983585538-1001\...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.3706 - Autodesk, Inc.)
CodeBlocks (HKU\S-1-5-21-3488062652-1905507521-983585538-1001\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
COMODO Cloud Antivirus (HKLM-x32\...\{9E04F23D-3E2E-4A62-AEBF-8BC952433704}) (Version: 1.14.601.0 - COMODO) Hidden
COMODO Cloud Antivirus (HKLM-x32\...\COMODO Cloud Antivirus_list_uninstall) (Version: 1.14.433704.601 - COMODO)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 58.0.3029.115 - Comodo)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.31.55 - Conexant)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.5521 - CyberLink Corp.)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.6.3.44 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.6.3.48 - Dolby Laboratories, Inc.)
EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10240.11163 - Realtek Semiconductor Corp.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.4.1208 - Foxit Software Inc.)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version:  - FreeDownloadManager.ORG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Helical Gear Generator (HKLM\...\{069FD09B-730F-DDB9-229D-0B4F18A1F3FC}) (Version: 1.0.2 - Hobbyist: Ross Korsky)
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4352 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.422025.92 - Comodo)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java SE Development Kit 8 Update 111 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180111}) (Version: 8.0.1110.14 - Oracle Corporation)
JetBrains PyCharm Community Edition 2016.3.2 (HKLM-x32\...\PyCharm Community Edition 2016.3.2) (Version: 163.10154.50 - JetBrains s.r.o.)
KB4023057 (HKLM\...\{ED06689A-33B7-4D35-8F76-36A82CD03406}) (Version: 2.3.0.0 - Microsoft Corporation)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.1.3330.01 - CyberLink Corp.)
Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{F925868A-2F2C-414B-A5A7-C613039CE9E4}) (Version: 3.1.001.00 - Lenovo)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3488062652-1905507521-983585538-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.20 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Python 3.5.2 (Anaconda3 4.2.0 64-bit) (HKLM\...\Python 3.5.2 (Anaconda3 4.2.0 64-bit)) (Version: 4.2.0 - Continuum Analytics, Inc.)
Python 3.5.2 (Anaconda3 4.2.0 64-bit) (HKU\S-1-5-21-3488062652-1905507521-983585538-1001\...\Python 3.5.2 (Anaconda3 4.2.0 64-bit)) (Version: 4.2.0 - Continuum Analytics, Inc.)
Python 3.6.0 (32-bit) (HKU\S-1-5-21-3488062652-1905507521-983585538-1001\...\{8ba65a8c-cb48-4716-bc24-47c148808015}) (Version: 3.6.150.0 - Python Software Foundation)
Python 3.6.0 Core Interpreter (32-bit) (HKLM-x32\...\{FC638B75-E969-4496-A546-9D78EA7D8F35}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Development Libraries (32-bit) (HKLM-x32\...\{F2A430F2-A7AC-4B46-808A-FC6E8419ABDE}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Documentation (32-bit) (HKLM-x32\...\{A66771E3-430A-40A7-B00C-94A239396BEE}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Executables (32-bit) (HKLM-x32\...\{3C182441-3C75-4113-A28D-D3AEAD85B320}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 pip Bootstrap (32-bit) (HKLM-x32\...\{1D427483-31FE-4ED4-AD39-AB78BBF7D22D}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Standard Library (32-bit) (HKLM-x32\...\{4CB36E4F-EC00-479B-AA25-0B9EC5385B0C}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C7D63030-7738-499A-A0D2-8549174D2B70}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Test Suite (32-bit) (HKLM-x32\...\{6EAD5F85-97EC-4AFB-84D2-D52AC41D3C66}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Utility Scripts (32-bit) (HKLM-x32\...\{7C3DAC9E-E229-415C-A600-5974B5D9DE7F}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{A674B2CB-13CA-437B-A215-9DD257959A49}) (Version: 3.6.5835.0 - Python Software Foundation)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10232 - Qualcomm Atheros)
Qualcomm Atheros QCA6174_9377 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.149 - Qualcomm Atheros)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.1.0.11 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version:  - Microsoft)
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
User Manuals (HKLM-x32\...\{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.2.5 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.5 - The Wireshark developer community, hxxps://www.wireshark.org)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3488062652-1905507521-983585538-1001_Classes\CLSID\{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 -> C:\Users\LENOVO PC\AppData\Local\Autodesk\webdeploy\production\49d03f9fc343664d5942b9c34209b4f6b73c6c2d\NPreview10.dll ()
CustomCLSID: HKU\S-1-5-21-3488062652-1905507521-983585538-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-22] (Cyberlink)
ContextMenuHandlers1: [Comodo Cloud Antivirus] -> {299C868F-0FB0-46B2-8973-205982E04C7D} => C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavhelper64.dll [2017-11-19] (COMODO)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-11-14] (Foxit Software Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-22] (Cyberlink)
ContextMenuHandlers2: [Comodo Cloud Antivirus] -> {299C868F-0FB0-46B2-8973-205982E04C7D} => C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavhelper64.dll [2017-11-19] (COMODO)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_bde03d8af75e6be5\igfxDTCM.dll [2017-01-04] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [Comodo Cloud Antivirus] -> {299C868F-0FB0-46B2-8973-205982E04C7D} => C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavhelper64.dll [2017-11-19] (COMODO)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-11-14] (Foxit Software Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03886379-4F00-400B-A3C7-26EC7F6A184C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-09] (Google Inc.)
Task: {152C0344-CAE0-4F44-B5B0-AB98B52270E8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {29060427-006F-49D5-B4ED-6A00170ED5F1} - System32\Tasks\AdobeAAMUpdater-1.0-LAPTOP-BCBBVEG2-LENOVO PC => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {33A0F7F3-C1CB-40CF-8E10-AE78A80F9ECA} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {3662DA55-D1DD-473D-8059-425CD5F444FD} - System32\Tasks\{87315614-EE1D-402E-8082-25240754E625} => C:\Windows\system32\pcalua.exe -a "C:\Users\LENOVO PC\Downloads\PC Games - Resident Evil 3\RegSetup.exe" -d "C:\Users\LENOVO PC\Downloads\PC Games - Resident Evil 3"
Task: {39AB6406-9D17-47A8-91FF-D50703F9BDC1} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {3A24E3B4-0B0B-4685-9EE5-DE7159132562} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\013be3da-e6c1-4642-bd86-4e038a26479f => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)
Task: {3A6D3880-6EFE-4E9E-9FE7-3938C18A6DC3} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-06-13] (Lenovo)
Task: {54270556-D000-4D40-845B-C6282BE7270A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {55224C60-BE6B-41A9-B7FC-C127B5B01988} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8affaa8d-5608-4f6f-baa2-3341acc6e2a1 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)
Task: {6B04395C-C30A-4778-A4A6-A60E2C6DC1A0} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2015-09-30] (CyberLink Corp.)
Task: {7D95131E-E3AD-4348-BF48-648A2180CEA2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c7c125cd-98f4-4b65-aa2b-65c0f3507fd2 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)
Task: {7FC2F796-B747-4048-84AE-68A5311A2BA4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {86742620-FB7D-404A-87B1-637C3629C7F0} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-08-08] (Lenovo)
Task: {9032C0D1-1983-4ED6-8D78-466853788FE4} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {971A9D2F-ADD6-438F-9319-A53150220E75} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {AE8CCC9D-5648-4E4C-97B5-9E96EEC0040A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B8A4D924-E977-477B-BFFE-04CEBB18E974} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {BC9445F9-5913-4BA5-81FA-1528DE1FE21D} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-09-11] (CyberLink Corp.)
Task: {C2CCA6EF-8C17-47B6-B239-5432F259592E} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-06-13] (Lenovo)
Task: {C4268BE0-6CF1-4D51-B8C3-C2C5BEFB498B} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-08-08] (Lenovo)
Task: {C5DF67A3-109D-444F-B67C-0213CA39AF64} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [2017-07-26] (FreeDownloadManager.org)
Task: {CD4D7737-598C-4BB0-87E7-CA6B28A4403A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {D91B7CDC-926F-4405-AA28-554BCC162DEC} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3b609fef-4b61-42d8-83aa-1413132f1440 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)
Task: {E1075CA4-4C52-43EF-9AD2-B4E589531F31} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-08] ()
Task: {F77773F0-7E0E-45DA-A944-48EA6C48FC21} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-09] (Google Inc.)
Task: {F938A11F-4AD7-485F-A127-F61FDCA8C717} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-08] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\LENOVO PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" "C:\Users\LENOVO PC\Anaconda3\Scripts\activate.bat" "C:\Users\LENOVO PC\Anaconda3"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-04-29 17:26 - 2017-07-26 10:16 - 000029696 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\WinDivert.dll
2016-01-27 20:04 - 2016-01-27 20:04 - 000163328 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-03-19 04:58 - 2017-03-19 04:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-19 04:59 - 2017-03-19 10:32 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-10 17:01 - 2017-09-10 17:08 - 001226440 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8500.40725.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2017-11-15 17:10 - 2017-11-10 17:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-15 17:10 - 2017-11-10 17:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2016-05-16 10:12 - 2015-02-13 07:02 - 000224696 _____ () C:\Program Files (x86)\Lenovo\CCSDK\SDKClient.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 15:24 - 2015-10-30 15:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3488062652-1905507521-983585538-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\LENOVO PC\Pictures\Saved Pictures\cAtRY5H.jpg
DNS Servers: 192.168.137.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKU\S-1-5-21-3488062652-1905507521-983585538-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3488062652-1905507521-983585538-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{64C74F41-7EA4-4ED8-B705-70529EA236D7}C:\users\lenovo pc\appdata\local\temp\rar$exa0.478\processing-3.3.5\java\bin\java.exe] => (Allow) C:\users\lenovo pc\appdata\local\temp\rar$exa0.478\processing-3.3.5\java\bin\java.exe
FirewallRules: [TCP Query User{4108392D-B595-4D4C-A9ED-C731F26493F8}C:\users\lenovo pc\appdata\local\temp\rar$exa0.478\processing-3.3.5\java\bin\java.exe] => (Allow) C:\users\lenovo pc\appdata\local\temp\rar$exa0.478\processing-3.3.5\java\bin\java.exe
FirewallRules: [UDP Query User{4CB3437D-D96B-465A-84BF-47C1A81FED05}C:\users\lenovo pc\anaconda3\pythonw.exe] => (Allow) C:\users\lenovo pc\anaconda3\pythonw.exe
FirewallRules: [TCP Query User{DDF26021-3A75-450D-BDDC-4BE65AF1745F}C:\users\lenovo pc\anaconda3\pythonw.exe] => (Allow) C:\users\lenovo pc\anaconda3\pythonw.exe
FirewallRules: [UDP Query User{73CA9851-E09F-4E28-BF4D-95DEDB27F2AE}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{2D74730D-83D8-4107-866C-9E6C1023828B}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{A1AB6296-AEC9-483A-8C8B-2703381DD5BD}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{26A9331B-29FA-4686-A851-E2832FB9C7E7}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [UDP Query User{65179C42-DA7A-4AD3-9A03-8F6D7C6F58F0}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{E72FCA0A-D788-49E8-BE2D-F35A2837BABB}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{3F49C10D-E2A7-4F81-B999-BCA691B8B41B}C:\program files\anaconda3\python.exe] => (Block) C:\program files\anaconda3\python.exe
FirewallRules: [TCP Query User{A3E368EE-D2EB-4E29-9665-BB309D61E8B8}C:\program files\anaconda3\python.exe] => (Block) C:\program files\anaconda3\python.exe
FirewallRules: [UDP Query User{93D0F9E8-B11C-4E3E-990A-1E7534F31CA8}C:\program files (x86)\jetbrains\pycharm community edition 2016.3.2\bin\pycharm64.exe] => (Block) C:\program files (x86)\jetbrains\pycharm community edition 2016.3.2\bin\pycharm64.exe
FirewallRules: [TCP Query User{5FFE97BD-2D16-4719-91FD-CA9C8260A3C2}C:\program files (x86)\jetbrains\pycharm community edition 2016.3.2\bin\pycharm64.exe] => (Block) C:\program files (x86)\jetbrains\pycharm community edition 2016.3.2\bin\pycharm64.exe
FirewallRules: [{7F7621E6-535F-4EC0-B563-60ED5EE51D89}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A7C6BD1D-4438-4AE3-BC08-42F793655927}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D5A457FE-7143-4F5D-AB00-C69CB532BB9F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2E661F28-4C23-47BA-ACFB-7B4A233EC020}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{8D8E2D5C-D89D-42FB-87CF-EE2C634DF1C6}C:\program files (x86)\jetbrains\pycharm community edition 2016.3.2\bin\pycharm64.exe] => (Block) C:\program files (x86)\jetbrains\pycharm community edition 2016.3.2\bin\pycharm64.exe
FirewallRules: [TCP Query User{3AA8F0C0-66BA-4B76-8D76-C0C9CC69F4C8}C:\program files (x86)\jetbrains\pycharm community edition 2016.3.2\bin\pycharm64.exe] => (Block) C:\program files (x86)\jetbrains\pycharm community edition 2016.3.2\bin\pycharm64.exe
FirewallRules: [UDP Query User{40181901-4133-4A06-BB1B-BAD5563D2109}C:\westwood\ra2\cncnet.exe] => (Allow) C:\westwood\ra2\cncnet.exe
FirewallRules: [TCP Query User{0A7589D6-2DDB-46AD-BD57-0C76D2368D12}C:\westwood\ra2\cncnet.exe] => (Allow) C:\westwood\ra2\cncnet.exe
FirewallRules: [UDP Query User{BF3A7E45-68B7-472B-851A-1C7957645EEB}C:\users\lenovo pc\eclipse\java-neon5\eclipse\eclipse.exe] => (Allow) C:\users\lenovo pc\eclipse\java-neon5\eclipse\eclipse.exe
FirewallRules: [TCP Query User{1531720C-28D0-45EA-8B88-B5372BD171D0}C:\users\lenovo pc\eclipse\java-neon5\eclipse\eclipse.exe] => (Allow) C:\users\lenovo pc\eclipse\java-neon5\eclipse\eclipse.exe
FirewallRules: [UDP Query User{41C5CB30-492D-40A3-B502-96CFC9CF17E4}C:\program files (x86)\zhyper network\zhypermu s8\main.exe] => (Allow) C:\program files (x86)\zhyper network\zhypermu s8\main.exe
FirewallRules: [TCP Query User{4067E7C5-5CC2-49A2-BEFB-73FE8D72D7E2}C:\program files (x86)\zhyper network\zhypermu s8\main.exe] => (Allow) C:\program files (x86)\zhyper network\zhypermu s8\main.exe
FirewallRules: [{8F1D3197-764C-4432-A4D8-76FDAEE066D4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{386FDD64-7ACF-4720-BFC3-2F1D3380E974}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{887019FE-8EF9-40CD-A8E4-FE5DFBB43572}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C988D383-04E9-4454-A011-2B47E2313C55}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A5794D9C-9E3B-4CF4-BF09-CD296B75817F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AD3A9107-670A-4EE2-83FE-688776ED4EBD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8CD12A8F-BF8C-4CAB-B57C-DCFF544E7D20}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AAC3B695-B569-4D07-B6A7-F2863C5083D3}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{90CB950D-36E7-471C-B5C0-B266BB608148}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
FirewallRules: [{1F5A7B83-3513-4F48-9AC5-DB70CF83B673}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AC271917-354A-4870-99BC-35479B4806D4}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{78FA890A-1E90-4E37-B7B3-12DE91EA88A6}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{48791A57-8C73-446B-8F38-2BAEE71058D4}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{7E247D0B-88BA-48E8-97CD-F7059535F287}] => (Allow) %systemroot%\system32\alg.exe
 
==================== Restore Points =========================
 
12-11-2017 04:36:14 Removed Blender
15-11-2017 17:18:25 Installed COMODO Cloud Antivirus
23-11-2017 16:04:13 Scheduled Checkpoint
26-11-2017 13:15:46 Installed COMODO Cloud Antivirus
30-11-2017 13:41:20 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/30/2017 01:36:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.8.0.1042, time stamp: 0x5639dd97
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x044ed155
Faulting process id: 0x28b8
Faulting application start time: 0x01d3699d1f4a8f6f
Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 890480b3-b298-4ad5-a2bc-118cb0175995
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/30/2017 01:36:14 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (11/30/2017 01:18:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SecHealthUI.exe, version: 10.0.15063.483, time stamp: 0x595f274a
Faulting module name: SecHealthUIDataModel.dll, version: 0.0.0.0, time stamp: 0x595f2713
Exception code: 0xc0000409
Fault offset: 0x000000000002f700
Faulting process id: 0x2cd8
Faulting application start time: 0x01d3699a989df85d
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
Report Id: 57f99336-a62b-4808-9a4f-ea6a7f43eda4
Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy
Faulting package-relative application ID: SecHealthUI
 
Error: (11/28/2017 02:47:55 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: LAPTOP-BCBBVEG2)
Description: Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe1018
 
Error: (11/26/2017 01:23:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.8.0.1042, time stamp: 0x5639dd97
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x04bece9d
Faulting process id: 0x2608
Faulting application start time: 0x01d366769dc03cca
Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 88770d3d-5bcd-4df4-ad29-3d38cf80375a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/26/2017 01:23:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (11/25/2017 05:11:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.8.0.1042, time stamp: 0x5639dd97
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0669ce9d
Faulting process id: 0x1048
Faulting application start time: 0x01d365cd5ce58216
Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 9a35de7a-f74f-40cc-ac59-b20ad9642530
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/25/2017 05:11:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (11/25/2017 11:32:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-BCBBVEG2)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/25/2017 11:32:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: LAPTOP-BCBBVEG2)
Description: App microsoft.windowscommunicationsapps_17.8500.40725.0_x64__8wekyb3d8bbwe+microsoft.windowslive.mail did not launch within its allotted time.
 
 
System errors:
=============
Error: (11/30/2017 01:36:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/30/2017 01:32:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PcaSvc service.
 
Error: (11/30/2017 01:31:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/30/2017 01:31:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (11/30/2017 01:29:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Interface Foundation Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/30/2017 01:29:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (11/30/2017 01:29:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA GeForce Experience Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/30/2017 01:29:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (11/30/2017 01:29:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dolby DAX2 API Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/30/2017 01:29:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Content Protection HECI Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2017-11-30 13:47:51.251
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-11-30 13:36:50.831
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-30 13:36:47.770
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-30 13:36:47.170
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-30 13:36:37.644
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-30 13:33:23.790
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-30 13:32:57.564
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8414.5925.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-11-30 13:32:45.718
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-11-30 13:31:51.594
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-11-30 13:31:30.688
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\CcavGuard64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 34%
Total physical RAM: 8097.91 MB
Available physical RAM: 5341.2 MB
Total Virtual: 9377.91 MB
Available Virtual: 6711.01 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:884.51 GB) (Free:584.24 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:8.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 75558134)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#7 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:14 PM

Posted 01 December 2017 - 12:21 PM

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

  • right-click FRST/FRST64 and select ‘Run as administrator’
  • highlight the contents of the code box below, then press Ctrl+c):
Start::
CloseProcesses:
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
FF Extension: (Avira Browser Safety) - C:\Users\LENOVO PC\AppData\Roaming\Mozilla\Firefox\Profiles\xWnuOiFI.default\Extensions\abs@avira.com [2017-01-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKU\S-1-5-21-3488062652-1905507521-983585538-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
2017-11-08 14:07 - 2017-11-08 15:53 - 000000000 _____ () C:\Users\LENOVO PC\AppData\Local\Temp\{A16ADE2F-502A-4274-97C8-10BDDAE98A6C}-62.0.3202.89_61.0.3163.100_chrome_updater.exe
CustomCLSID: HKU\S-1-5-21-3488062652-1905507521-983585538-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
EmptyTemp:
End::

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • in the FRST window, press the ‘Fix’ button once and wait
  • please reboot the computer if requested
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

Can you tell me how things are now.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 vin_012

vin_012
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 01 December 2017 - 03:49 PM

Still the same error. Below was the log after running the Farbar in the desktop.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by LENOVO PC (02-12-2017 04:26:50) Run:1
Running from C:\Users\LENOVO PC\Desktop
Loaded Profiles: LENOVO PC (Available Profiles: LENOVO PC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
FF Extension: (Avira Browser Safety) - C:\Users\LENOVO PC\AppData\Roaming\Mozilla\Firefox\Profiles\xWnuOiFI.default\Extensions\abs@avira.com [2017-01-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKU\S-1-5-21-3488062652-1905507521-983585538-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
2017-11-08 14:07 - 2017-11-08 15:53 - 000000000 _____ () C:\Users\LENOVO PC\AppData\Local\Temp\{A16ADE2F-502A-4274-97C8-10BDDAE98A6C}-62.0.3202.89_61.0.3163.100_chrome_updater.exe
CustomCLSID: HKU\S-1-5-21-3488062652-1905507521-983585538-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
EmptyTemp:
 
*****************
 
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key removed successfully
HKLM\Software\Classes\CLSID\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key not found
C:\Users\LENOVO PC\AppData\Roaming\Mozilla\Firefox\Profiles\xWnuOiFI.default\Extensions\abs@avira.com => moved successfully
C:\Users\LENOVO PC\AppData\Roaming\Mozilla\Firefox\Profiles\xWnuOiFI.default\Extensions\abs@avira.com => path removed successfully
CHR Extension: (Chrome Web Store Payments) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\LENOVO PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => key removed successfully
C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx => moved successfully
HKU\S-1-5-21-3488062652-1905507521-983585538-1001\SOFTWARE\Google\Chrome\Extensions\hcjjaajflhellmcfcecojihhmdbjmmlm => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully
C:\Users\LENOVO PC\AppData\Local\Temp\{A16ADE2F-502A-4274-97C8-10BDDAE98A6C}-62.0.3202.89_61.0.3163.100_chrome_updater.exe => moved successfully
HKU\S-1-5-21-3488062652-1905507521-983585538-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed} => key removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 61079250 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 387837080 B
Edge => 3699906 B
Chrome => 398911548 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 41936 B
NetworkService => 89148 B
LENOVO PC => 562841533 B
 
RecycleBin => 573922273 B
EmptyTemp: => 1.9 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 04:34:08 ====


#9 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:14 PM

Posted 01 December 2017 - 04:28 PM

OK, let’s have another look.

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/7/8/10, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on ‘Report’ and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 vin_012

vin_012
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 01 December 2017 - 05:47 PM

Please see below the report:

 

 RogueKiller V12.11.26.0 (x64) [Nov 27 2017] (Free) by Adlice Software

 
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : LENOVO PC [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 12/02/2017 05:38:15 (Duration : 00:52:18)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 7 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3488062652-1905507521-983585538-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3488062652-1905507521-983585538-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{21c775e1-e3e7-4149-bcff-b632af31d788} | DhcpNameServer : 150.204.1.3 ([United Kingdom])  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{64C74F41-7EA4-4ED8-B705-70529EA236D7}C:\users\lenovo pc\appdata\local\temp\rar$exa0.478\processing-3.3.5\java\bin\java.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\lenovo pc\appdata\local\temp\rar$exa0.478\processing-3.3.5\java\bin\java.exe|Name=Java™ Platform SE binary|Desc=Java™ Platform SE binary|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{4108392D-B595-4D4C-A9ED-C731F26493F8}C:\users\lenovo pc\appdata\local\temp\rar$exa0.478\processing-3.3.5\java\bin\java.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\lenovo pc\appdata\local\temp\rar$exa0.478\processing-3.3.5\java\bin\java.exe|Name=Java™ Platform SE binary|Desc=Java™ Platform SE binary|Defer=User| [x] -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3488062652-1905507521-983585538-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3488062652-1905507521-983585538-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPCX-24UE4T0 +++++
--- User ---
[MBR] bdad99978afab444c1929dde4dedfbe8
[BSP] b14cf8cd44117bb9dd977f2aaf274b50 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 905738 MB
3 - Basic data partition | Offset (sectors): 1855518720 | Size: 25600 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1907947520 | Size: 1000 MB
5 - Basic data partition | Offset (sectors): 1909995520 | Size: 20254 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1951475712 | Size: 1000 MB
User = LL1 ... OK
User = LL2 ... OK


#11 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:14 PM

Posted 01 December 2017 - 05:59 PM

You have quite a bit of software on your computer that I'm not overly familiar with and there is also a query about your location.

 

Can you tell me if you live in the UK and if you use Java for programming purposes.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 vin_012

vin_012
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 01 December 2017 - 08:52 PM

I'm a Filipino and I'm here in the Philippines. Before I used Java because it was used during my training before but I think I would rarely use it by now since I'm studying embedded systems and I only use C and Python by now. If the Eclipse IDE which is used for JAVA, needs to be removed, please let me know so I can uninstall it.



#13 vin_012

vin_012
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 01 December 2017 - 09:05 PM

I use JAVA for programming purposes.



#14 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:14 PM

Posted 02 December 2017 - 08:16 AM

Thanks for the information.

We need to deal with what was found by RogueKiller.

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7/10: right-click the program and select Run as Administrator'
  • after it has completed it's prescan, click on Scan
  • when the scan is finished make sure that everything is checked
  • press the Delete button and please post the log it produces.

Please reboot your computer and tell me if there is any improvement.

Thanks

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:14 PM

Posted 03 December 2017 - 07:10 AM

I’m afraid that I will not be able to reply for 24 hours as I have to deal with an urgent situation and won’t have access to a computer.

Apologies for the inconvenience.

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users