Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Huge Computer Slowdown, and Random App crashes


  • This topic is locked This topic is locked
3 replies to this topic

#1 Lillydawg12

Lillydawg12

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 11 January 2018 - 02:13 PM

Hello, recently my computer has significantly slowed down and has become very very slow. It is a year or two old only, with lots of ram and a fast i7. However, now even using internet explorer or things like skype take a long time to load, and everything seems to work very slowly. The apps also sometimes randomly crash, and sometimes there is a delay when exiting or trying to minimize applications. This is making me think that the computer is infected, and i have pasted both the logs below. Thank you in advance for any help:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by sima (administrator) on CLOUDS (11-01-2018 13:08:53)
Running from C:\Users\sima\Downloads
Loaded Profiles: sima (Available Profiles: sima & sima's guest & Administrator)
Platform: Windows 10 Home Version 1607 14393.1944 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Viber Media S.à r.l.) C:\Users\sima\AppData\Local\Viber\Viber.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_3.34.25004.0_x64__8wekyb3d8bbwe\MessagingApplication.exe
() C:\Program Files\WindowsApps\Microsoft.BingSports_4.22.3254.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Sports.exe
() C:\Program Files\WindowsApps\Microsoft.Getstarted_5.12.2691.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe
() C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.34.12002.0_x64__8wekyb3d8bbwe\CallsApp.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8827.20991.0_x64__8wekyb3d8bbwe\onenoteim.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.22.3254.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21725.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21725.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\sima\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-11-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-11-22] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-04-24] (IDT, Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-07-08] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1118936 2016-04-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-908730288-2600402917-2939569958-1001\...\Run: [Viber] => C:\Users\sima\AppData\Local\Viber\Viber.exe [34472016 2017-12-12] (Viber Media S.à r.l.)
HKU\S-1-5-21-908730288-2600402917-2939569958-1001\...\Run: [GoogleChromeAutoLaunch_966042C54CCFA7BE5AF4943A785F3790] => C:\Users\sima\AppData\Local\Chromium\Application\chrome.exe [663552 2015-06-28] (The Chromium Authors)
HKU\S-1-5-21-908730288-2600402917-2939569958-1001\...\Run: [GoogleChromeAutoLaunch_970714B7021012528157D3049344D344] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2018-01-03] (Google Inc.)
HKU\S-1-5-21-908730288-2600402917-2939569958-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27021952 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-908730288-2600402917-2939569958-1001\...\MountPoints2: {9c26f781-ffb5-11e6-bf0d-0c54a52b6929} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-908730288-2600402917-2939569958-1001\...\MountPoints2: {e20ce48e-78c6-11e7-bf2b-0c54a52b6929} - "E:\LaunchU3.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-03-13]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\Users\sima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2017-10-06]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\sima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk [2017-12-23]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\sima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-06-08]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a7b00ffb-7129-4ba2-a0d5-ba143bcd7ab3}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{e25822ee-0ae9-4e25-b885-111a0b21472f}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-908730288-2600402917-2939569958-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-908730288-2600402917-2939569958-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={88EF20CD-ADAF-412E-A975-B807EA58EE5A}&mid=e56e188adf8a47cc9d6f511fb40ee571-2dba64a0f28650f6894190cdc6c14089166e8d98&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-03-13 21:29:37&v=4.2.9.726&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-908730288-2600402917-2939569958-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-908730288-2600402917-2939569958-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = 
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = 
SearchScopes: HKU\S-1-5-21-908730288-2600402917-2939569958-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={88EF20CD-ADAF-412E-A975-B807EA58EE5A}&mid=e56e188adf8a47cc9d6f511fb40ee571-2dba64a0f28650f6894190cdc6c14089166e8d98&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-03-13 21:29:37&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-908730288-2600402917-2939569958-1001 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US400D20151031&p={searchTerms}
SearchScopes: HKU\S-1-5-21-908730288-2600402917-2939569958-1001 -> {263EFA13-B530-4B11-A019-0A1136F048DA} URL = 
SearchScopes: HKU\S-1-5-21-908730288-2600402917-2939569958-1001 -> {67BF19CA-988C-4FC8-95F8-B4FE50FB4CCF} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_15_48_orgnl&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuzztByDyC0FtB0E0AtD0CzztC0DzztDzztN0D0Tzu0StCyEtByEtN1L2XzutAtFtCtAtFyBtFtDtN1L1Czu1M1Q1CtCyDtN1L1G1B1V1N2Y1L1Qzu2SyD0D0AzztCtDyD0BtGyDyDyEtAtGzytB0D0AtGyC0FyCyEtGzz0CyEyBtB0BzytDtC0FyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEyCyE0BtAyEtAtG0C0A0EtBtGyEtAyEyCtG0BzyyEyBtG0AyByCtDtA0BzytCyCzz0D0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtBtD%26cr%3D976339706%26a%3Dhdr_s_15_48_orgnl%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-908730288-2600402917-2939569958-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={88EF20CD-ADAF-412E-A975-B807EA58EE5A}&mid=e56e188adf8a47cc9d6f511fb40ee571-2dba64a0f28650f6894190cdc6c14089166e8d98&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-03-13 21:29:37&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-908730288-2600402917-2939569958-1001 -> {EF09CB0C-9880-4256-A9D9-2ABB39D09087} URL = hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_otbrw1_15_11&cd=2XzuyEtN2Y1L1QzuzztByDyC0FtB0E0AtD0CzztC0DzztDzztN0D0Tzu0StCtCyCyBtN1L2XzutAtFzztFtAtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0E0EtC0ByBzzyEtGyE0AyC0AtGtDyE0C0FtGyEyBtAtDtGtA0E0AtCtAtCtA0ByBzz0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEyCyE0BtAyEtAtG0C0A0EtBtGyEtAyEyCtG0BzyyEyBtG0AyByCtDtA0BzytCyCzz0D0D2QtN1B2Z1V1T1S1NzuyDzytA&cr=752701567&ir=
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-05-29] (AVG)
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-03-13] (McAfee)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-03-13] (McAfee)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-03-13] (McAfee)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-03-13] (McAfee)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-04-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-04-28] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-22]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-06-06] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-04-28] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-04-28] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-18] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "","hxxp://mysearch.avg.com/?cid={763382EB-1ED5-499F-8472-0CA4B6C709B5}&mid=20b2b710ae7c47d18de9d16fffe6e50c-055904156af1a3b07b74cb06e072fbac2c71dc8d&lang=en&ds=co011&pr=sa&d=2013-08-26 12:03:45&v=15.6.1.2&pid=safeguard&sg=0&sap=hp","
hxxp://mysearch.avg.com/?cid={763382EB-1ED5-499F-8472-0CA4B6C709B5}&mid=20b2b710ae7c47d18de9d16fffe6e50c-055904156af1a3b07b74cb06e072fbac2c71dc8d&lang=en&ds=co011&pr=sa&d=2013-08-26 12:03:45&v=17.1.2.1&pid=safeguard&sg=89&sap=hp","
hxxp://mysearch.avg.com/?cid={763382EB-1ED5-499F-8472-0CA4B6C709B5}&mid=20b2b710ae7c47d18de9d16fffe6e50c-055904156af1a3b07b74cb06e072fbac2c71dc8d&lang=en&ds=co011&pr=sa&d=2013-08-26 12:03:45&v=17.1.3.2&pid=safeguard&sg=18&sap=hp
hxxp://mysearch.avg.com/?cid={763382EB-1ED5-499F-8472-0CA4B6C709B5}&mid=20b2b710ae7c47d18de9d16fffe6e50c-055904156af1a3b07b74cb06e072fbac2c71dc8d&lang=en&ds=co011&pr=sa&d=2013-08-26 12:03:45&v=17.1.2.1&pid=safeguard&sg=89&sap=hp
hxxp://mysearch.avg.com/?cid={763382EB-1ED5-499F-8472-0CA4B6C709B5}&mid=20b2b710ae7c47d18de9d16fffe6e50c-055904156af1a3b07b74cb06e072fbac2c71dc8d&lang=en&ds=co011&pr=sa&d=2013-08-26 12:03:45&v=17.1.2.1&pid=safeguard&sg=0&sap=hp
hxxp://mysearch.avg.com/?cid={763382EB-1ED5-499F-8472-0CA4B6C709B5}&mid=20b2b710ae7c47d18de9d16fffe6e50c-055904156af1a3b07b74cb06e072fbac2c71dc8d&lang=en&ds=co011&pr=sa&d=2013-08-26 12:03:45&v=17.1.3.2&pid=safeguard&sg=0&sap=hp
hxxp://mysearch.avg.com/?cid={763382EB-1ED5-499F-8472-0CA4B6C709B5}&mid=20b2b710ae7c47d18de9d16fffe6e50c-055904156af1a3b07b74cb06e072fbac2c71dc8d&lang=en&ds=co011&pr=sa&d=2013-08-26 12:03:45&v=17.1.2.1&pid=safeguard&sg=89&sap=hp","hxxp://search.findwide.com/?guid={5E4F7914-8E56-475E-9235-D0A4CE5A9325}&serpv=22","hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={6A7C58E0-A718-11E2-94FC-806B31BE776F}","hxxps://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_01_orgnl&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuzztByDyC0FtB0E0AtD0CzztC0DzztDzztN0D0Tzu0StCyEyCzytN1L2XzutAtFtCtAtFyBtFtDtN1L1Czu1M1Q1CtCyDtN1L1G1B1V1N2Y1L1Qzu2StA0C0CyB0D0CyC0CtGyByDzyyEtG0D0Azz0DtGyEyDtByBtGtBtDzztDtCtBzz0EtByCzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEyCyE0BtAyEtAtG0C0A0EtBtGyEtAyEyCtG0BzyyEyBtG0AyByCtDtA0BzytCyCzz0D0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtBtD%26cr%3D742036616%26a%3Dhdr_s_16_01_orgnl%26os%3DWindows%2B8.1","hxxps://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_08_orgnl&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuzztByDyC0FtB0E0AtD0CzztC0DzztDzztN0D0Tzu0StCyDtCyDtN1L2XzutAtFtCyBtFzytFtCtN1L1Czu1M1Q1CtBtBtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StCyByB0C0E0AyC0BtGyCzyyEtDtGyEyE0EzytGyC0FyEzztGtA0EyDyCtC0ByE0AyDyD0ByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEyCyE0BtAyEtAtG0C0A0EtBtGyEtAyEyCtG0BzyyEyBtG0AyByCtDtA0BzytCyCzz0D0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEyBtB%26cr%3D89153886%26a%3Dhdr_s_16_08_orgnl%26os_ver%3D6.3%26os%3DWindows%2B8.1"
CHR NewTab: Default ->  Active:"chrome-extension://ajcmdlkeklfmbjffnlofgfkjcnpfckab/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US400D20151210&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\sima\AppData\Local\Google\Chrome\User Data\Default [2018-01-11]
CHR Extension: (BestY NewTab) - C:\Users\sima\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajcmdlkeklfmbjffnlofgfkjcnpfckab [2016-02-24]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\sima\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sima\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Chrome Media Router) - C:\Users\sima\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-18]
CHR HKLM\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-18]
CHR HKU\S-1-5-21-908730288-2600402917-2939569958-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0007411515188689mcinstcleanup; C:\WINDOWS\TEMP\000741~1.EXE [1031928 2018-01-05] (McAfee, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-07-08] (AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [312712 2017-07-08] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7481648 2017-07-08] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-09-17] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-12-13] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-04-28] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe [1903320 2016-04-18] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1029856 2016-04-21] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-24] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-08] (Microsoft Corporation)
S2 vToolbarUpdater40.3.7; "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe" [X]
S2 WtuSystemSupport; "C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166624 2017-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [313616 2017-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192584 2017-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336896 2017-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [51336 2017-07-08] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39424 2017-07-08] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [139112 2017-07-18] (AVG Technologies CZ, s.r.o.)
R1 avgNetSec; C:\WINDOWS\system32\drivers\avgNetSec.sys [546968 2017-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [102792 2017-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76832 2017-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [1008288 2017-07-08] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [578048 2017-07-08] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [191208 2017-07-08] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [353744 2017-07-08] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7585280 2016-07-16] (Broadcom Corporation)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [78632 2016-03-11] (McAfee, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83608 2016-03-11] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
U5 ssmirrdr; C:\Windows\System32\Drivers\ssmirrdr.sys [10112 2014-10-05] (support.com, Inc)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-11 13:07 - 2018-01-11 13:07 - 002393088 _____ (Farbar) C:\Users\sima\Downloads\FRST64 (1).exe
2018-01-11 11:17 - 2018-01-11 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-01-10 14:09 - 2018-01-10 14:09 - 000023890 _____ C:\Users\sima\Downloads\AUT067444063Auto Change ID   Card_2018010908220307002 (3).PDF
2018-01-10 14:08 - 2018-01-10 14:08 - 000023890 _____ C:\Users\sima\Downloads\AUT067444063Auto Change ID   Card_2018010908220307002.PDF
2018-01-10 14:08 - 2018-01-10 14:08 - 000023890 _____ C:\Users\sima\Downloads\AUT067444063Auto Change ID   Card_2018010908220307002 (2).PDF
2018-01-10 14:08 - 2018-01-10 14:08 - 000023890 _____ C:\Users\sima\Downloads\AUT067444063Auto Change ID   Card_2018010908220307002 (1).PDF
2017-12-23 09:55 - 2017-12-23 09:55 - 000000000 ___HD C:\OneDriveTemp
2017-12-22 23:02 - 2017-12-26 05:07 - 000000000 ____D C:\Users\sima\AppData\Local\Viber
2017-12-22 22:39 - 2017-12-20 21:41 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-22 22:39 - 2017-12-20 21:41 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-22 22:29 - 2017-12-22 22:29 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVG
2017-12-22 22:29 - 2017-12-22 22:29 - 000000000 ____D C:\Program Files\Common Files\avg
2017-12-18 17:26 - 2017-11-30 03:45 - 000982392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-18 17:26 - 2017-11-30 03:33 - 005688320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-12-18 17:26 - 2017-11-30 03:29 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-18 17:26 - 2017-11-30 03:28 - 007625728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-18 17:26 - 2017-11-30 03:28 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-12-18 17:26 - 2017-11-30 03:28 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-18 17:26 - 2017-11-30 03:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-18 17:26 - 2017-11-30 03:26 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-12-18 17:26 - 2017-11-30 03:25 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2017-12-18 17:26 - 2017-11-30 03:25 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-18 17:26 - 2017-11-30 03:25 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-18 17:26 - 2017-11-30 03:25 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-12-18 17:26 - 2017-11-30 03:25 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-18 17:26 - 2017-11-30 03:24 - 000822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-18 17:26 - 2017-11-30 03:24 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-18 17:26 - 2017-11-30 03:24 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-12-18 17:26 - 2017-11-30 03:24 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshext.dll
2017-12-18 17:26 - 2017-11-30 03:23 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-12-18 17:26 - 2017-11-30 03:23 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-12-18 17:26 - 2017-11-30 03:23 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-18 17:26 - 2017-11-30 03:22 - 019411968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-18 17:26 - 2017-11-30 03:22 - 018366976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-18 17:26 - 2017-11-30 03:22 - 012205056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-18 17:26 - 2017-11-30 03:21 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-12-18 17:26 - 2017-11-30 03:17 - 000858624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-12-18 17:26 - 2017-11-30 03:17 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-12-18 17:26 - 2017-11-30 03:16 - 006066688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-18 17:26 - 2017-11-30 03:16 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-18 17:26 - 2017-11-30 03:16 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-18 17:26 - 2017-11-30 03:16 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-12-18 17:26 - 2017-11-30 03:15 - 001599488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-18 17:26 - 2017-11-30 03:15 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2017-12-18 17:26 - 2017-11-30 03:14 - 002028032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-12-18 17:26 - 2017-11-30 03:14 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2017-12-18 17:26 - 2017-11-30 03:14 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-18 17:26 - 2017-11-30 02:22 - 007780184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-18 17:26 - 2017-11-30 02:17 - 000983896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-18 17:26 - 2017-11-30 02:16 - 001090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-18 17:26 - 2017-11-30 02:16 - 000947544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-12-18 17:26 - 2017-11-30 02:16 - 000811864 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-12-18 17:26 - 2017-11-30 02:15 - 001072240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-18 17:26 - 2017-11-30 01:53 - 022571520 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-18 17:26 - 2017-11-30 01:50 - 007219200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-12-18 17:26 - 2017-11-30 01:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-18 17:26 - 2017-11-30 01:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-18 17:26 - 2017-11-30 01:44 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-18 17:26 - 2017-11-30 01:42 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-12-18 17:26 - 2017-11-30 01:42 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-18 17:26 - 2017-11-30 01:41 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-18 17:26 - 2017-11-30 01:40 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-18 17:26 - 2017-11-30 01:39 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-12-18 17:26 - 2017-11-30 01:38 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-18 17:26 - 2017-11-30 01:38 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-18 17:26 - 2017-11-30 01:38 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-12-18 17:26 - 2017-11-30 01:37 - 008118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-18 17:26 - 2017-11-30 01:37 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-12-18 17:26 - 2017-11-30 01:37 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-12-18 17:26 - 2017-11-30 01:37 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-12-18 17:26 - 2017-11-30 01:37 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-18 17:26 - 2017-11-30 01:37 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2017-12-18 17:26 - 2017-11-30 01:37 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2017-12-18 17:26 - 2017-11-30 01:37 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshext.dll
2017-12-18 17:26 - 2017-11-30 01:36 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-18 17:26 - 2017-11-30 01:36 - 013108224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-18 17:26 - 2017-11-30 01:36 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-12-18 17:26 - 2017-11-30 01:36 - 001146880 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-12-18 17:26 - 2017-11-30 01:36 - 000761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-12-18 17:26 - 2017-11-30 01:36 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-12-18 17:26 - 2017-11-30 01:34 - 004739584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-18 17:26 - 2017-11-30 01:33 - 002097664 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-12-18 17:26 - 2017-11-30 01:33 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-18 17:26 - 2017-11-30 01:33 - 001013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2017-12-18 17:26 - 2017-11-30 01:33 - 000583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-18 17:26 - 2017-11-30 01:32 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-18 17:26 - 2017-11-30 01:32 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2017-12-18 17:26 - 2017-11-17 22:23 - 000038744 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-12-18 17:26 - 2017-11-17 22:20 - 000219024 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-12-18 17:26 - 2017-11-17 22:18 - 002254688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-12-18 17:26 - 2017-11-17 22:16 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-12-18 17:26 - 2017-11-17 22:14 - 002187616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-12-18 17:26 - 2017-11-17 22:14 - 000658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-12-18 17:26 - 2017-11-17 22:14 - 000402776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-12-18 17:26 - 2017-11-17 22:13 - 007213968 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-12-18 17:26 - 2017-11-17 22:13 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-18 17:26 - 2017-11-17 22:13 - 000573792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-12-18 17:26 - 2017-11-17 22:13 - 000430424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-12-18 17:26 - 2017-11-17 22:12 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-18 17:26 - 2017-11-17 22:12 - 008178816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-18 17:26 - 2017-11-17 22:11 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-12-18 17:26 - 2017-11-17 22:10 - 000453536 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-12-18 17:26 - 2017-11-17 22:08 - 000222048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2017-12-18 17:26 - 2017-11-17 22:03 - 000195936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll
2017-12-18 17:26 - 2017-11-17 22:01 - 005722312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-12-18 17:26 - 2017-11-17 21:59 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-12-18 17:26 - 2017-11-17 21:59 - 006672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-18 17:26 - 2017-11-17 21:43 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-12-18 17:26 - 2017-11-17 21:43 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\socialapis.dll
2017-12-18 17:26 - 2017-11-17 21:42 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlancfg.dll
2017-12-18 17:26 - 2017-11-17 21:42 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-12-18 17:26 - 2017-11-17 21:42 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-12-18 17:26 - 2017-11-17 21:40 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanui.dll
2017-12-18 17:26 - 2017-11-17 21:38 - 002750976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-12-18 17:26 - 2017-11-17 21:38 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-12-18 17:26 - 2017-11-17 21:38 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-12-18 17:26 - 2017-11-17 21:38 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-12-18 17:26 - 2017-11-17 21:38 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-12-18 17:26 - 2017-11-17 21:37 - 003291648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-12-18 17:26 - 2017-11-17 21:37 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-12-18 17:26 - 2017-11-17 21:37 - 000854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-12-18 17:26 - 2017-11-17 21:37 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-12-18 17:26 - 2017-11-17 21:36 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-12-18 17:26 - 2017-11-17 21:36 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-12-18 17:26 - 2017-11-17 21:35 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-12-18 17:26 - 2017-11-17 21:35 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2017-12-18 17:26 - 2017-11-17 21:34 - 002002944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-12-18 17:26 - 2017-11-17 21:33 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-12-18 17:26 - 2017-11-17 21:33 - 000296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlancfg.dll
2017-12-18 17:26 - 2017-11-17 21:33 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-12-18 17:26 - 2017-11-17 21:32 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-12-18 17:26 - 2017-11-17 21:32 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanui.dll
2017-12-18 17:26 - 2017-11-17 21:32 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\socialapis.dll
2017-12-18 17:26 - 2017-11-17 21:32 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-12-18 17:26 - 2017-11-17 21:32 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-12-18 17:26 - 2017-11-17 21:31 - 002997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-18 17:26 - 2017-11-17 21:31 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-12-18 17:26 - 2017-11-17 21:31 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-12-18 17:26 - 2017-11-17 21:31 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-12-18 17:26 - 2017-11-17 21:30 - 002278912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-18 17:26 - 2017-11-17 21:30 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-12-18 17:26 - 2017-11-17 21:30 - 001010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-12-18 17:26 - 2017-11-17 21:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-12-18 17:26 - 2017-11-17 21:30 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2017-12-18 17:26 - 2017-11-17 21:29 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-12-18 17:26 - 2017-11-17 21:29 - 002512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-12-18 17:26 - 2017-11-17 21:29 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-18 17:26 - 2017-11-17 21:29 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-12-18 17:26 - 2017-11-17 21:29 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-12-18 17:26 - 2017-11-17 21:28 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-12-18 17:26 - 2017-11-17 21:28 - 001512448 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-12-18 17:26 - 2017-11-17 21:28 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-12-18 17:26 - 2017-11-17 21:28 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-12-18 17:26 - 2017-11-17 21:27 - 003616256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-18 17:26 - 2017-11-17 21:27 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2017-12-18 17:26 - 2017-11-17 21:26 - 002065408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-12-18 17:26 - 2017-11-06 20:59 - 000449050 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-12-18 17:26 - 2017-03-04 00:19 - 000635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-12-18 17:26 - 2017-03-04 00:13 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-12-18 17:26 - 2017-03-04 00:10 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-12-18 17:26 - 2016-09-06 22:56 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-11 13:09 - 2015-11-26 19:54 - 000033416 _____ C:\Users\sima\Downloads\FRST.txt
2018-01-11 13:08 - 2015-11-26 19:53 - 000000000 ____D C:\FRST
2018-01-11 12:46 - 2016-09-16 07:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-10 21:26 - 2016-07-16 05:45 - 000000000 ____D C:\WINDOWS\INF
2018-01-10 15:42 - 2016-07-16 05:47 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-10 15:42 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-10 15:41 - 2016-07-16 05:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-10 15:37 - 2015-03-13 07:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-10 15:34 - 2017-10-10 21:54 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-10 15:34 - 2015-03-13 07:37 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-10 14:40 - 2016-09-21 15:57 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2018-01-10 13:59 - 2015-03-13 19:51 - 000000000 ____D C:\Users\sima\AppData\Roaming\Skype
2018-01-04 15:41 - 2015-09-18 16:49 - 000002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-04 15:41 - 2015-09-18 16:49 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-04 15:39 - 2017-06-02 07:33 - 000004282 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-12-26 05:06 - 2015-03-13 20:01 - 000000000 ____D C:\Users\sima\AppData\Roaming\ViberPC
2017-12-23 21:01 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\rescache
2017-12-23 20:12 - 2013-12-30 17:12 - 000000000 ____D C:\ldiag
2017-12-23 19:46 - 2014-04-21 16:55 - 000000000 __RDO C:\Users\sima\OneDrive
2017-12-23 19:42 - 2015-03-13 12:50 - 000000000 __SHD C:\Users\sima\IntelGraphicsProfiles
2017-12-23 19:41 - 2016-09-16 07:30 - 000000000 ____D C:\Users\sima
2017-12-23 19:39 - 2016-09-16 07:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-22 22:59 - 2016-09-16 10:21 - 000000000 ___DC C:\WINDOWS\Panther
2017-12-22 22:59 - 2013-11-22 12:23 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-22 22:36 - 2016-09-16 07:22 - 000291240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-22 22:35 - 2016-07-16 00:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-12-22 22:34 - 2017-06-19 20:07 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-12-22 22:34 - 2016-07-16 05:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-12-22 22:34 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-22 22:28 - 2016-03-10 09:55 - 001760324 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-18 20:01 - 2016-07-16 00:04 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2017-12-18 19:51 - 2016-09-16 08:07 - 000032388 _____ C:\WINDOWS\diagwrn.xml
2017-12-18 19:51 - 2016-09-16 08:07 - 000032388 _____ C:\WINDOWS\diagerr.xml
2017-12-18 19:28 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\Registration
2017-12-18 19:27 - 2017-09-29 09:18 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-18 16:28 - 2017-10-10 20:25 - 000000000 ____D C:\Program Files\rempl
2017-12-18 16:18 - 2017-08-01 20:36 - 000003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-908730288-2600402917-2939569958-1001
2017-12-18 16:18 - 2016-03-10 10:19 - 000002371 _____ C:\Users\sima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
 
==================== Files in the root of some directories =======
 
2015-03-13 09:29 - 2015-03-13 09:29 - 032372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-03-13 20:26 - 2016-02-24 09:00 - 000000352 _____ () C:\Users\sima\AppData\Roaming\WB.CFG
2015-03-16 11:23 - 2015-05-30 20:15 - 000274045 _____ () C:\Users\sima\AppData\Local\dsi1.dat
2015-03-16 11:23 - 2015-05-30 20:15 - 000161916 _____ () C:\Users\sima\AppData\Local\dsi2.dat
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-01-10 14:15
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by sima (11-01-2018 13:10:06)
Running from C:\Users\sima\Downloads
Windows 10 Home Version 1607 14393.1944 (X64) (2016-09-16 14:10:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-908730288-2600402917-2939569958-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-908730288-2600402917-2939569958-503 - Limited - Disabled)
Guest (S-1-5-21-908730288-2600402917-2939569958-501 - Limited - Disabled)
sima (S-1-5-21-908730288-2600402917-2939569958-1001 - Administrator - Enabled) => C:\Users\sima
sima's guest (S-1-5-21-908730288-2600402917-2939569958-1004 - Limited - Enabled) => C:\Users\sima's guest
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
FW: AVG Antivirus (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Air Globe (HKLM\...\Air Globe) (Version: 2015.03.14.000414 - Air Globe) <==== ATTENTION
Alcor Micro USB Card Reader (HKLM-x32\...\{073E8A29-B106-4E64-9B06-D8B381077D66}) (Version: 3.1.1245.72250 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.1245.72250 - Alcor Micro Corp.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AVG (HKLM\...\{BE1A8A5D-8197-48D3-8A41-4360888B7306}) (Version: 1.231.2 - AVG Technologies) Hidden
AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 17.5.3021 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.7.452 - AVG Technologies)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Chromium (HKU\S-1-5-21-908730288-2600402917-2939569958-1001\...\Chromium) (Version: 45.0.2444.0 - Chromium)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.165 - Google Inc.) Hidden
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6431.0 - IDT)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
KNCTR (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.) <==== ATTENTION
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6400 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{F02F4A8B-1A5F-45B8-9B74-AAF21A2B1BCC}) (Version: 2.1.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5987 - Lenovo)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.9029 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.149 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-908730288-2600402917-2939569958-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Outlook Social Connector (KB2289116) ªº§ó·s (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}) (Version:  - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)
Search Provided by Yahoo (HKLM-x32\...\YahooProvidedSearch) (Version:  - ) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Sling (HKLM-x32\...\{A0C306FE-01A5-4B94-A037-EF5403F8CE41}) (Version: 5.0.174 - Echostar)
StormWatch (HKLM-x32\...\StormWatch) (Version: 1.0.2.22 - StormWatch) <==== ATTENTION
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
Viber (HKU\S-1-5-21-908730288-2600402917-2939569958-1001\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WSE_Taplika (HKLM-x32\...\WSE_Taplika) (Version:  - WSE_Taplika) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-908730288-2600402917-2939569958-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-08] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2016-04-28] (McAfee, Inc.)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2012-12-14] (Nitro PDF)
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-08] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2016-04-28] (McAfee, Inc.)
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0604391A-3D7F-44EA-8256-2436A3FA452A} - System32\Tasks\UpdateTask => C:\Users\sima\AppData\Local\{6CDC5~1\UNINST~1.EXE
Task: {0999CB22-70E3-4E52-A871-40AF71021461} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-18] (Google Inc.)
Task: {0DE977E7-BE2D-4814-A219-9CC84C15F88E} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {0E376225-ACB1-4180-B64B-62A115FC2E24} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {1AE619DF-2671-43FC-BA82-B0A71BEA9BDB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {215E7041-16C7-4D58-BF7D-2D4502ED0BDE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-15] (Lenovo)
Task: {225596D4-E709-4ED6-B8E8-302029DD74DB} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {2516E5F3-48F6-4403-B786-8167D3677A6B} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-07-08] (AVG Technologies CZ, s.r.o.)
Task: {2B62583E-11A1-4FD3-ADB9-FC81D18DFE7C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2B941E77-511F-46F4-994B-F3A618F4F755} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-01-10] (Microsoft Corporation)
Task: {308EBFD7-33A5-483D-8C32-B203E9851C28} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3E5A6094-D96A-403E-A55D-451182DEB543} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-15] (Lenovo)
Task: {424CD601-3633-46F8-B37C-A28EC9864316} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4397E36E-38F1-4D02-AD31-F5DFA408FCF2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4783A20C-3829-470C-8613-408195024EB5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-10-05] (McAfee, Inc.)
Task: {47DF6214-A32A-416E-96BE-CC4776AB9146} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {5804C684-2D77-4217-ACC8-CEEE20A7F14A} - System32\Tasks\Taplika sosa => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\{6A1B82D8-3A99-535E-8B1F-23DC5B9DF052}\1.9.3.1\fiber.js" "433a2f50726f6772616d446174612f7b36413142383244382d334139392d353335452d384231462d3233444335423944463035327d2f312e392e332e312f736f73612e646c6c" "687474703a2f2f73616f2e7461627072742e636f6d2f" "--IsErIk"
Task: {5B3D1BDB-7832-439B-8A44-D65A892DDCEA} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-15] ()
Task: {660FD3AB-5C70-4183-830C-D48F61D777EB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6B250E91-5EFC-4C52-BF0A-42794E5A7478} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6C1F4FFD-F4E6-46EE-81A5-893B8FB8666D} - System32\Tasks\Wse_taplika => C:\Users\sima\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {6F2A97CC-5EA0-448A-AA79-9E97953FBFE5} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-04-23] (McAfee, Inc.)
Task: {72059FD4-1654-4115-BC3C-FE1634B413F6} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\avg\overseer\overseer.exe [2017-12-22] (AVG Technologies CZ, s.r.o.)
Task: {73434BC9-3A62-43D3-AA83-26EF46CE7B43} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {81AA6E7B-3CA1-42B4-B901-894BD04FD747} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {993BEAE0-5BE0-48B4-A200-BF71530BF2A0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {AD2BB22E-3308-4BB7-A8A7-6FCE5FC505B6} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B92766C3-AEEF-44DC-A71E-6401D1CCD0F1} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {C0C1D90F-00EB-4FE2-8304-83C27BE91976} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-908730288-2600402917-2939569958-1001 -> No File <==== ATTENTION
Task: {D462C840-CDEF-407E-9B62-022CAD5E0CBF} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
Task: {D5A55050-9A56-4E50-9C67-CBE9EAFBCEDA} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {DB959F7A-DE4F-4B22-9158-F086A183D0F6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E4032B5D-26BF-4589-B025-54786D96C013} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\sima\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {E70E2F14-A710-417C-9C54-57EA342EEF6B} - System32\Tasks\0216scUpdateInfo => C:\ProgramData\Avg_Update_0216sc\0216sc_{3645A77B-2DB1-4DA0-A06B-DBD6258BE7BF}.exe [2016-03-29] ()
Task: {F770B649-EB8A-4773-9B11-BF60D1F6761D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-18] (Google Inc.)
Task: {FCA5CF58-9AC9-40B1-80DF-125A83CC36D4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FF267C13-B1A7-4A66-A16E-AFEE1D1681E6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Dolby Selector.job => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
Task: C:\WINDOWS\Tasks\Taplika sosa.job => Wscript.exe  C:\ProgramData\{6A1B82D8-3A99-535E-8B1F-23DC5B9DF052}\1.9.3.1\fiber.js <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdateTask.job => C:\Users\sima\AppData\Local\{6CDC5~1\UNINST~1.EXE
Task: C:\WINDOWS\Tasks\Wse_taplika.job => C:\Users\sima\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 05:42 - 2016-07-16 05:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-13 19:30 - 2017-09-07 00:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 000085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-22 09:32 - 2012-04-24 04:43 - 000390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-12-23 20:07 - 2017-12-23 20:09 - 000015872 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_3.34.25004.0_x64__8wekyb3d8bbwe\MessagingApplication.exe
2017-12-23 20:07 - 2017-12-23 20:09 - 009766400 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_3.34.25004.0_x64__8wekyb3d8bbwe\MessagingApplication.dll
2017-12-23 20:07 - 2017-12-23 20:09 - 002354176 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_3.34.25004.0_x64__8wekyb3d8bbwe\MessagingNativeBase.dll
2017-12-23 20:07 - 2017-12-23 20:09 - 004542976 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_3.34.25004.0_x64__8wekyb3d8bbwe\MessagingNativeCore.dll
2017-12-23 20:07 - 2017-12-23 20:09 - 000792064 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_3.34.25004.0_x64__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll
2017-12-23 20:07 - 2017-12-23 20:09 - 000494080 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_3.34.25004.0_x64__8wekyb3d8bbwe\MessagingNativeStubExternal.dll
2017-11-04 21:34 - 2017-11-04 21:35 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_3.34.25004.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-23 20:07 - 2017-12-23 20:09 - 002108416 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_3.34.25004.0_x64__8wekyb3d8bbwe\Microsoft.People.AutoSuggest.dll
2016-07-16 08:30 - 2016-07-16 08:30 - 000258560 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_3.34.25004.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-12-23 20:10 - 2017-12-23 20:11 - 000017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_4.22.3254.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Sports.exe
2017-12-23 20:10 - 2017-12-23 20:11 - 017418752 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_4.22.3254.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Sports.dll
2017-12-23 20:11 - 2017-12-23 20:13 - 005221768 _____ () C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1712.5.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-03-10 14:14 - 2016-03-10 14:15 - 000291328 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_4.22.3254.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-12-23 20:52 - 2017-12-23 20:54 - 000015360 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_5.12.2691.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe
2017-12-23 20:52 - 2017-12-23 20:54 - 006813184 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_5.12.2691.0_x64__8wekyb3d8bbwe\WhatsNew.Store.dll
2017-12-23 21:01 - 2017-12-23 21:03 - 001903616 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.34.12002.0_x64__8wekyb3d8bbwe\CallsApp.exe
2017-12-23 21:01 - 2017-12-23 21:03 - 004036608 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.34.12002.0_x64__8wekyb3d8bbwe\CallsCore.dll
2017-12-23 21:01 - 2017-12-23 21:03 - 000332800 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.34.12002.0_x64__8wekyb3d8bbwe\CallsPresenters.dll
2017-12-23 21:01 - 2017-12-23 21:03 - 000433664 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.34.12002.0_x64__8wekyb3d8bbwe\PersonPicture.UAP.dll
2017-12-23 21:40 - 2017-12-23 21:41 - 026507776 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-12-23 21:40 - 2017-12-23 21:41 - 008370176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-25 20:28 - 2017-09-25 20:28 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-23 21:40 - 2017-12-23 21:41 - 010137600 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\EntPlat.dll
2017-11-04 21:37 - 2017-11-04 21:38 - 001921208 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8827.20991.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-12-23 20:43 - 2017-12-23 20:45 - 000017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.22.3254.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2017-12-23 20:43 - 2017-12-23 20:45 - 015909376 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.22.3254.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2016-03-10 14:14 - 2016-03-10 14:15 - 000291328 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.22.3254.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2018-01-10 14:34 - 2018-01-10 15:20 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-10 14:34 - 2018-01-10 15:20 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-10 14:34 - 2018-01-10 15:20 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-10 14:34 - 2018-01-10 15:20 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-10 14:34 - 2018-01-10 15:20 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-01-10 14:34 - 2018-01-10 15:20 - 000138752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.Proxies.dll
2016-07-16 05:42 - 2016-07-16 05:42 - 000361984 _____ () C:\WINDOWS\SYSTEM32\HrtfApo.dll
2018-01-10 14:34 - 2018-01-10 15:20 - 000242176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\Microsoft.Skype.ImageTool.dll
2018-01-10 14:34 - 2018-01-10 15:20 - 000040960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\TraceProvider.dll
2017-11-04 21:52 - 2017-11-04 21:55 - 001919680 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21725.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-01-10 15:40 - 2018-01-10 15:41 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-01-04 15:41 - 2018-01-03 03:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-04 15:41 - 2018-01-03 03:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2016-09-16 10:38 - 2016-09-06 22:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 14:40 - 2017-03-04 00:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 14:38 - 2017-03-04 00:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 14:38 - 2017-03-04 00:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 14:38 - 2017-03-04 00:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-12-18 17:26 - 2017-11-30 01:32 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-12-18 17:26 - 2017-11-30 01:32 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-12-18 17:26 - 2017-11-30 01:34 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-12-22 23:02 - 2017-12-12 07:29 - 000047696 _____ () C:\Users\sima\AppData\Local\Viber\qrencode.dll
2017-12-22 23:02 - 2017-12-12 07:29 - 011120720 _____ () C:\Users\sima\AppData\Local\Viber\ViberRTC.dll
2017-12-22 23:02 - 2017-12-12 07:30 - 000483920 _____ () C:\Users\sima\AppData\Local\Viber\imageformats\qsvg.dll
2017-06-02 07:32 - 2017-06-02 07:32 - 000171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-07-18 20:22 - 2017-07-18 20:22 - 001040072 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
2017-07-08 11:27 - 2017-07-08 11:27 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-07-08 11:27 - 2017-07-08 11:27 - 000193784 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-07-08 11:27 - 2017-07-08 11:27 - 000225376 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-07-08 11:27 - 2017-07-08 11:27 - 000690392 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2016-12-03 09:10 - 2016-12-03 09:10 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-12-18 16:17 - 2017-12-18 16:17 - 000102088 _____ () C:\Users\sima\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2013-11-22 09:18 - 2012-07-18 12:55 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-908730288-2600402917-2939569958-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sima\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Install SafeKey IE RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "DolbyTrayApp"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKU\S-1-5-21-908730288-2600402917-2939569958-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_966042C54CCFA7BE5AF4943A785F3790"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{176D1863-17B7-413D-870A-E08EB73E8C5A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{48D5BC28-1915-4F19-9C5B-5A8C73CCDF39}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{92DC71E2-0880-4E8E-B29B-34AF4924AF9E}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{06EF1D86-386D-4389-A6D0-BE9A88EB9A92}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{06435E94-5B5A-42E0-8139-20FDF03DA978}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{2DB09E4A-2670-41FE-9CF2-CECBA0C573A5}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{089CCC82-DDCE-4E1D-83D4-F6928F285360}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{3F2EE494-316C-43BC-B934-E270952CC70A}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{6940D160-8667-4DEE-9672-A32B01163836}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{31976DBD-E464-44F9-862A-D8D4510A4292}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{7A73C267-248A-4B79-BA82-9720C2EA3C3E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{5E12C1D9-9623-435F-A7EE-3F0A8A50AFA2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{C3C436E8-C1CC-4FE3-92A8-BF257F019671}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{BE6E5F02-E009-40BD-B22F-9BED412E4E28}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{9F49E0A5-D198-4024-9BE2-F3532BD74EAC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{91B85945-38DC-4400-AB23-9A542EE2F1F7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D45931E3-F6D7-496C-B958-4ECB1F6E3E85}] => (Allow) C:\Users\sima\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{B015FA6A-263A-483D-B4D0-F9AA585BB0DA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CE70EEA6-846A-42EA-AAFF-0B535E2046AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{92C4C272-7818-4103-BA89-30BB4BC1DA0F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2ED80760-75FF-4160-93D4-07FEA73DD55C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{95E1EDCB-0F90-4B7C-8C37-8735F1F8E5BE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{37FAFF13-9FFD-4DCD-8B88-1CABC65F6C57}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{3C2CD5A8-5F10-4198-9E4C-DAD7F8BC92F3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{C86AA22E-4845-4968-AD43-841680FFB35A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{65728FC1-2C79-4E8D-A003-466E16B0CB1B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [TCP Query User{70AEEED2-C8CC-4FCD-AFE4-8643A7EE8D03}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [UDP Query User{92383C88-DCD7-4E33-A5A2-196B3D04D420}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [{ED1F26C8-4E0A-4EAD-A517-835E01D9FF2C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{35C613F3-3322-4BC8-8414-9A05D4F2F0EA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [TCP Query User{C342052E-8B84-4F08-8B2D-59E3C60C9C4B}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [UDP Query User{400187AD-11BE-491E-9525-D9274324A160}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [{79F85D51-7B17-4E44-92E1-486CC10C6D37}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{31ABB12C-BB39-4E50-A3F7-71F0F93776C6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{938E4AB6-5AD4-41C5-A99A-D256FD28D64C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F4233D11-5246-402E-BC25-5975C517F939}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C2F9134D-2736-4EEC-99B2-79CA25CBDA07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1FD5B57D-A3C5-43AF-961E-B89441F280B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{54F4495A-3931-4661-9DD8-A001C65A174E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{D4401B8B-F223-40F2-8776-13E59F8FDB98}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{42CAF276-78A3-4BCE-BBD0-01B53900AE92}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A95E8C89-3CF5-46AF-B490-B1DB371E9689}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A54C39DC-39E2-46AD-9F64-91EFD178F702}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{3C7E4232-83DE-4989-AE1C-CA756043B648}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{35069A47-0C2A-4726-A404-EF3E5AF577D3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
25-12-2017 19:16:36 Scheduled Checkpoint
04-01-2018 16:07:56 Scheduled Checkpoint
10-01-2018 15:22:55 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/11/2018 12:54:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: ntdll.dll, version: 10.0.14393.1715, time stamp: 0x59b0d03e
Exception code: 0xc0000374
Fault offset: 0x00000000000f8363
Faulting process id: 0x39f8
Faulting application start time: 0x01d38b0d6f9a2d7d
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 16213bbf-c041-434c-8b0f-c935ad582bd8
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
Error: (01/11/2018 12:12:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\defs\18011108\aswEngin.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/11/2018 11:11:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\defs\18011108\aswEngin.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/11/2018 11:11:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\defs\18011108\aswEngin.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/11/2018 10:10:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\defs\18011106\aswEngin.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/11/2018 09:10:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\defs\18011106\aswEngin.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/11/2018 08:09:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\defs\18011106\aswEngin.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/11/2018 08:09:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\defs\18011106\aswEngin.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/11/2018 07:09:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\defs\18011006\aswEngin.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/11/2018 06:08:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\defs\18011006\aswEngin.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (01/11/2018 11:16:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (01/11/2018 03:17:39 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (01/10/2018 02:05:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (01/10/2018 01:59:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/06/2018 03:09:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/05/2018 03:39:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (01/04/2018 03:39:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (12/31/2017 05:11:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/31/2017 05:10:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (12/30/2017 05:10:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
 
CodeIntegrity:
===================================
  Date: 2017-06-02 08:53:08.505
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-02 08:53:08.503
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-02 08:53:01.442
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-02 08:53:01.441
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-02 08:52:08.504
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-02 08:52:08.502
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-02 08:51:08.484
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-02 08:51:08.483
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-02 08:50:08.468
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-02 08:50:08.466
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3612QM CPU @ 2.10GHz
Percentage of memory in use: 51%
Total physical RAM: 8071.27 MB
Available physical RAM: 3913.94 MB
Total Virtual: 9351.27 MB
Available Virtual: 4134.12 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:889.75 GB) (Free:802.99 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.25 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 58C561E3)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:48 AM

Posted 11 January 2018 - 09:46 PM

Greetings Lillydawg12 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time for the below reasons.
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
  • Therefore please remove McAfee as instructed below.
===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.
  • Please download and install Revo Uninstaller Free
  • Right click Revo Uninstaller and select Run as administrator
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
McAfee Anti-Virus and Anti-Spyware
McAfee Firewall
McAfee LiveSafe
McAfee SafeKey
McAfee WebAdvisor
Shared C Run-time for x64
KNCTR
Search Provided by Yahoo
StormWatch
WSE_Taplika
  • If presented with the program uninstall option click Uninstall
  • If asked to reboot select Reboot later
  • Under Scanning Modes select Advanced then select Scan
  • On the Found leftover Registry items window click Select All, Delete, then Yes
  • When prompted click on Next
  • On the Found leftover files and folders window click on Select all, Delete, Yes, then Finish
  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = 
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = 
SearchScopes: HKU\S-1-5-21-908730288-2600402917-2939569958-1001 -> {263EFA13-B530-4B11-A019-0A1136F048DA} URL = 
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dl
Task: {0604391A-3D7F-44EA-8256-2436A3FA452A} - System32\Tasks\UpdateTask => C:\Users\sima\AppData\Local\{6CDC5~1\UNINST~1.EXE
C:\Users\sima\AppData\Local\{6CDC5~1
Task: {0DE977E7-BE2D-4814-A219-9CC84C15F88E} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
C:\Program Files (x86)\Pro PC Cleaner
Task: {0E376225-ACB1-4180-B64B-62A115FC2E24} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: {5804C684-2D77-4217-ACC8-CEEE20A7F14A} - System32\Tasks\Taplika sosa
C:\ProgramData\{6A1B82D8-3A99-535E-8B1F-23DC5B9DF052}
Task: {6C1F4FFD-F4E6-46EE-81A5-893B8FB8666D} - System32\Tasks\Wse_taplika => C:\Users\sima\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE
C:\Users\sima\AppData\Roaming\WSE_TA~1
Task: {C0C1D90F-00EB-4FE2-8304-83C27BE91976} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-908730288-2600402917-2939569958-1001
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Programs uninstall?
  • Fixlog
  • AdwCleaner log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:48 AM

Posted 14 January 2018 - 10:23 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:48 AM

Posted 17 January 2018 - 12:01 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users