Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Freezing computer and unable to shut down, malwarebytes realtime always off


  • This topic is locked This topic is locked
38 replies to this topic

#1 bd1000

bd1000

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 25 April 2018 - 03:34 PM

Hello I have a Lenovo laptop runs windows 10 and everything freezes and even pushing the power button to shutdown goes to circulating shutdown forever Until I force power off.  Also my malware bytes constantly gives realtime is off and won't turn on .  I suspect i have some devious malware.  Please help.



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:22 AM

Posted 28 April 2018 - 08:14 PM

Greetings bd1000 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Right click on the icon and select Run as administrator
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:22 AM

Posted 01 May 2018 - 10:09 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:22 AM

Posted 03 May 2018 - 08:09 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:22 AM

Posted 06 May 2018 - 05:49 PM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 bd1000

bd1000
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 06 May 2018 - 06:50 PM

Attached File  FRST.txt   891.37KB   3 downloads


Gary, When I copy and paste this stated too long. So I attached it. I hope that is ok. Bahman
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
Ran by Thinkpad (06-05-2018 15:03:41)
Running from C:\Users\owner\Downloads
Windows 10 Pro Version 1803 17134.1 (X64) (2018-05-06 03:34:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3261126923-531114898-3936066209-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3261126923-531114898-3936066209-503 - Limited - Disabled)
Guest (S-1-5-21-3261126923-531114898-3936066209-501 - Limited - Disabled)
Thinkpad (S-1-5-21-3261126923-531114898-3936066209-1000 - Administrator - Enabled) => C:\Users\owner
WDAGUtilityAccount (S-1-5-21-3261126923-531114898-3936066209-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
AnonVPN 1.0.3 (HKLM-x32\...\AnonVPN) (Version: 1.0.3 - AnonVPN.io)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avira (HKLM-x32\...\{40F72BC9-0C14-4122-8930-4B037EAEAD45}) (Version: 1.2.109.23832 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{4b629f54-1d82-40c9-9979-4485bb58d155}) (Version: 1.2.109.23832 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.8.2.29275 - Avira Operations GmbH & Co. KG)
Avira Privacy Pal (HKLM-x32\...\{F2BC8305-DFBE-4C02-A906-9BBD8EE299A3}_is1) (Version: 1.1.0.1028 - Avira Operations GmbH & Co.KG)
Avira Safe Shopping (HKLM-x32\...\{2F9437C4-C065-4EF8-85D2-03E431DDDB49}) (Version: 1.0.60.2376 - Avira Operations Gmbh & Co. KG)
Avira Scout (HKLM-x32\...\Avira Scout) (Version: 17.6.3071.2851 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{A4DF9D2A-AB95-4F30-9CA4-2F49662BA39D}) (Version: 2.0.2.27024 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.8.0.7455 - Avira Operations GmbH & Co. KG)
BMW Rheingold ISTA 3 (HKLM-x32\...\{93705786-C939-430A-A573-BB8D5AE35A42}) (Version: 3.39.30 - BMW Group)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J835DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
Chromodo (HKLM-x32\...\Chromodo) (Version: 52.15.25.665 - Comodo)
Cisco WebEx Meetings (HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Citrix Receiver (Enterprise) (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 13.3.0.55 - Citrix Systems, Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 57.0.2987.93 - Comodo)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.43.0 - Conexant)
DIRECTV Player (HKLM-x32\...\{04f0c8c0-e0c8-4292-8676-db9174655d7a}) (Version: 12.1 - DIRECTV)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.3.0 - IObit)
EDIABAS 7.3.0 (HKLM-x32\...\{083933AF-00A2-4CFC-BE59-19DC385E8761}) (Version: 7.3.0 - BMW Group)
Fort - File encryption for Windows (HKLM\...\{9A974296-4913-4776-9892-F4EB17B513FB}_is1) (Version: 3.2.0.0 - Niko Rosvall)
GameSessions Data Delivery x86 (HKLM-x32\...\{57054855-A4CE-48F6-BCD5-CB38797456EF}) (Version: 1.28.481.0 - Tangentix Ltd)
GameSessions Runtime x86 (HKLM-x32\...\{7F63BEB5-519A-420C-AEDC-E161FDEDE9DF}) (Version: 1.28.481.0 - Tangentix Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoToMeeting 8.8.0.7297 (HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\GoToMeeting) (Version: 8.8.0.7297 - LogMeIn, Inc.)
Infinite HD™ App (HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Identity Protection Technology 1.2.32.0 (HKLM-x32\...\{2D793E41-F598-1014-9984-F3B169A93F79}) (Version: 1.2.32.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1211 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{78091D68-706D-4893-B287-9F1DFB24F7AF}) (Version: 1.6.3.70 - Intel Corporation) Hidden
Intel® WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a2a04474-104a-49b3-9bf5-33afee260030}) (Version: 17.14.0 - Intel Corporation)
iPadian version 1.5 (HKLM-x32\...\{0DB90A1C-2C08-429C-8595-FD9848121D28}_is1) (Version: 1.5 - iPadian, Inc.)
iPadian version 10.1 (HKLM-x32\...\{31593709-9939-49BD-AA38-E74735EC43A4}_is1) (Version: 10.1 - iPadian)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Kodi (HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\Kodi) (Version: - XBMC-Foundation)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.24 - Lenovo) Hidden
Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.16 - Lenovo)
Lenovo Solution Center (HKLM\...\{06913C0C-88EB-42AF-9D94-3E9136CEE9BC}) (Version: 3.6.002.003 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Men of War: Assault Squad - GameSessions Edition (HKLM-x32\...\{c42c5c97-275e-4735-9746-8d0d770626fd}) (Version: 2.2.6477.23413 - GameSessions)
Men of War: Assault Squad (HKLM-x32\...\{F08E13DB-418A-4083-BC74-65FB555E74EB}) (Version: 2.2.0.0 - GameSessions) Hidden
Message Center Plus (HKLM\...\{EE4D9822-C7F3-4386-8703-889CDDA22FAA}) (Version: 3.4.0001.00 - Lenovo Group Limited)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0008.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0011.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.5023.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Firefox 55.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.3 (x64 en-US)) (Version: 55.0.3 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Mystical (HKLM\...\{DDADF9FD-A283-4838-88AC-A75F7B37F320}) (Version: 4.3.0 - Auto FX Software)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5023.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5023.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5023.1000 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{234AB115-C6C4-4ACB-A029-8845120E4F37}) (Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Opera developer 43.0.2431.0 (HKLM-x32\...\Opera 43.0.2431.0) (Version: 43.0.2431.0 - Opera Software)
Opera Stable 52.0.2871.64 (HKLM-x32\...\Opera 52.0.2871.64) (Version: 52.0.2871.64 - Opera Software)
PC Services Optimizer (HKLM\...\{539310DE-1ACC-43DC-97AC-AEF9188104C6}) (Version: 3.1.900 - Smart PC Utilities)
PDFill FREE PDF Tools (HKLM\...\{735A3951-E139-4E4A-AFAE-BA25E9FF5E6A}) (Version: 11.0 - PlotSoft LLC)
PDF-XChange Editor (HKLM\...\{F108F0FC-D04F-412B-AA2D-0920E3E83A6D}) (Version: 5.5.312.1 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (HKLM-x32\...\{5400ac3b-582e-43db-8ce0-dabc2b5f4e69}) (Version: 5.5.309.0 - Tracker Software Products (Canada) Ltd.)
PlayOn (HKLM-x32\...\{6032bab0-8968-4e36-88fd-9801452895ca}) (Version: 4.3.42.19659 - MediaMall Technologies, Inc.)
PlayOn Dependencies (HKLM-x32\...\{0E100B2E-D56C-4BFB-9FD6-894FDEDC10E6}) (Version: 1.0.0.0 - MediaMall Technologies, Inc.) Hidden
QuickBooks (HKLM-x32\...\{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}) (Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Pro 2010 (HKLM-x32\...\{0700E22B-A422-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
ROBLOX Player for Thinkpad (HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Roblox Studio for Thinkpad (HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation)
SeaTools for Windows 1.4.0.5 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.5 - Seagate Technology)
SharewareOnSale Notifier (HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\SharewareOnSale Notifier) (Version: 20 - SharewareOnSale)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.4.0 - IObit)
Soda PDF 8 (HKLM-x32\...\Soda8) (Version: 8.0.39.24931 - LULU Software Limited)
Soda PDF 8 Asian Fonts Pack (HKLM\...\{08B2EB3E-C2A4-4CF4-B5DF-548D22F9A799}) (Version: 8.0.41.24998 - LULU Software Limited) Hidden
Soda PDF 8 Convert Module (HKLM\...\{0370EEBD-92FC-4DAC-AA35-99E65DA6CFBB}) (Version: 8.0.41.24998 - LULU Software Limited) Hidden
Soda PDF 8 Create Module (HKLM\...\{BB9F5C01-CD8E-4D7B-B420-27AE444D4546}) (Version: 8.0.41.24998 - LULU Software Limited) Hidden
Soda PDF 8 Edit Module (HKLM\...\{0922185B-FF7A-431E-92BE-440655329B05}) (Version: 8.0.41.24998 - LULU Software Limited) Hidden
Soda PDF 8 Forms Module (HKLM\...\{7D263DDA-E139-4823-BD58-BDA53627321B}) (Version: 8.0.41.24998 - LULU Software Limited) Hidden
Soda PDF 8 Insert Module (HKLM\...\{6F54C3A1-45BD-44C3-8E82-DE22C6104E14}) (Version: 8.0.41.24998 - LULU Software Limited) Hidden
Soda PDF 8 OCR Module (HKLM\...\{A404EFC6-45D4-4EBC-A804-EF7DE69D1F21}) (Version: 8.0.41.24998 - LULU Software Limited) Hidden
Soda PDF 8 Review Module (HKLM\...\{CD484EFD-4038-481C-B748-13F9C66DA786}) (Version: 8.0.41.24998 - LULU Software Limited) Hidden
Soda PDF 8 Secure Module (HKLM\...\{A67386E5-5984-46D7-868A-9A538B7D8B51}) (Version: 8.0.41.24998 - LULU Software Limited) Hidden
Soda PDF 8 View Module (HKLM\...\{43609CB0-4F46-4FC7-9A83-08F32CD336AA}) (Version: 8.0.41.24998 - LULU Software Limited) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: - )
Syncios 5.0.5 (HKLM-x32\...\Syncios) (Version: 5.0.5 - Anvsoft)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3200 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.8.50 - Conexant Systems)
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
UnHackMe GE 9.60 release (HKLM-x32\...\UnHackMe Giveaway Edition_is1) (Version: - Greatis Software, LLC.)
Virtual Account Numbers (HKLM-x32\...\{0134662F-5B97-4D60-9A24-B81B6A56DEF7}) (Version: 1.0.6.0 - Citi) Hidden
Virtual Account Numbers (HKLM-x32\...\{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}) (Version: 4.0.0.2260 - Citi)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Intel (MEIx64) System (03/28/2016 11.0.5.1189) (HKLM\...\63CEF5543DBF9887E6220C5C2F7F85C2D4C726D5) (Version: 03/28/2016 11.0.5.1189 - Intel)
Wise Care 365 4.6.9 (HKLM-x32\...\Wise Care 365_is1) (Version: 4.6.9 - WiseCleaner.com, Inc.)
Wise Driver Care 2.2 (HKLM-x32\...\Wise Driver Care_is1) (Version: 2.2 - WiseCleaner.com, Inc.)
Wise Force Deleter 1.4.6 (HKLM-x32\...\Wise Force Deleter_is1) (Version: 1.4.6 - WiseCleaner.com, Inc.)
Wise JetSearch 2.33 (HKLM-x32\...\Wise JetSearch_is1) (Version: 2.33 - WiseCleaner.com, Inc.)
Wise Memory Optimizer 3.5.2 (HKLM-x32\...\Wise Memory Optimizer_is1) (Version: 3.5.2 - WiseCleaner.com, Inc.)
Wise Program Uninstaller 2.1.3 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 2.1.3 - WiseCleaner.com, Inc.)
Wise Reminder 1.2.7 (HKLM-x32\...\Wise Reminder_is1) (Version: 1.2.7 - WiseCleaner.com, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3261126923-531114898-3936066209-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\owner\AppData\Local\Citrix\GoToMeeting\6519\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Extension] -> {40cda93c-e99c-3939-a7c5-178205d00ce0} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers1: [SodaPDF8_ManagerExt] -> {3515E187-6607-4A1B-B616-26C7A7B4B32A} => C:\Program Files\Soda PDF 8\creator-context-menu.dll [2015-09-25] (LULU SOFTWARE LIMITED)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [Extension] -> {40cda93c-e99c-3939-a7c5-178205d00ce0} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {021B7F76-4CBA-489B-B68D-1A613E2FF2FC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {047ADCED-1152-444B-8C66-2E599AE66751} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0618210D-0C6E-4934-BD02-E5B59376C2C7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {0909030C-C718-471D-9096-A7850C1E4CB2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {13495A24-A3D9-4DAB-B159-650354301A2E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-04-12] (Microsoft Corporation)
Task: {17EFD553-A8A9-4A64-BC96-39FBC06D4C5C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {27F3F094-EFC4-4BC9-87FC-D900A8C0E629} - System32\Tasks\Lenovo\Lenovo Settings Power => "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {300B3630-2D15-454B-A2B6-CAD9B79DC04B} - System32\Tasks\Avira\Safe Shopping\Update => C:\Program Files (x86)\Avira\Safe Shopping\Updater\Updater.exe [2018-03-08] (Avira Operations Gmbh & Co. KG)
Task: {3313F1DC-B28B-4C5D-90B7-9A38C6E61B20} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {3A11F3D5-254D-41E3-9396-110E785D78EE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4A4ED3EB-9DD9-4B87-B965-AB47EA8C66DA} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2018-02-02] (Greatis Software)
Task: {4A9303DA-3EFC-40EB-AF79-1FE351681E18} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4F83036C-CA8E-4E9A-B480-2355B71BD6EA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {4FA6E115-7568-452E-9B70-F91DC80DF976} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {51B501BB-21B0-4533-B3B0-B4AF17003F2B} - System32\Tasks\WiseCleaner\WJSSkipUAC => C:\Program Files (x86)\Wise\Wise JetSearch\WiseJetSearch.exe [2017-05-19] (WiseCleaner.com)
Task: {56E536D7-03F7-4AED-B6CC-05EE4CE64607} - System32\Tasks\Opera scheduled Autoupdate 1461282284 => C:\Program Files (x86)\Opera developer\launcher.exe [2016-12-05] (Opera Software)
Task: {5975967D-A957-473F-859D-33F9381084F7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {61D943D2-52C9-4D7B-804C-59269D5C6558} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {632BB5CE-FC79-4CE1-B032-0FF0F00F5B7A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {69D46510-6261-4E7E-85BD-9D38B561ADE6} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2015-04-17] (Lenovo Group Limited)
Task: {6B51F640-3F10-4FE7-A9D5-0B7ECFCF474C} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2017-06-09] (Lenovo)
Task: {701C1B88-676C-4F85-B736-16D56E7038E5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [2017-09-18] (Adobe Systems Incorporated)
Task: {71553970-2CE1-4CB4-8B82-A231C91E8F43} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2012-06-06] (Brother Industries, Ltd.)
Task: {7395DCFE-EF43-4F8B-B8CD-28B16E0CBDD1} - System32\Tasks\G2MUpdateTask-S-1-5-21-3261126923-531114898-3936066209-1000 => C:\Users\owner\AppData\Local\GoToMeeting\7297\g2mupdate.exe [2017-07-31] (LogMeIn, Inc.)
Task: {76674116-67F9-4EA9-A1AF-7A809334F115} - System32\Tasks\{CA9A5450-E16D-4870-851F-302360FB99B5} => C:\Users\owner\Downloads\83a120ww.exe [2016-11-29] (Lenovo Group Limited )
Task: {7A4A6C8B-FC71-47C0-B6B1-4E24A4AE2601} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2017-06-09] (Lenovo)
Task: {7F3FA439-8F47-4334-8CD5-35DA68012292} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-06] (Adobe Systems Incorporated)
Task: {7FDC50BA-CC41-4494-9885-E5A623226B85} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2018-03-28] (Avira Operations GmbH & Co. KG )
Task: {8AA15877-26C1-4321-8987-F50F48843E61} - System32\Tasks\Opera scheduled Autoupdate 1461277856 => C:\Program Files (x86)\Opera\launcher.exe [2018-04-10] (Opera Software)
Task: {90E39C32-B26B-49FD-A058-A5E4CFB9C442} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {96BA092B-3BCC-4606-885B-313D2A33ECEE} - System32\Tasks\AviraScoutUpdateTaskMachineCore => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2016-10-20] (Avira Operations GmbH & Co. KG)
Task: {9ABA98DD-0544-4B4D-BED5-D6B205AF03A1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9B348967-551E-4F7A-B7E2-B22B5C830072} - System32\Tasks\AviraScoutUpdateTaskMachineUA => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2016-10-20] (Avira Operations GmbH & Co. KG)
Task: {9EE62ADA-57DC-430E-9B40-727E4859C937} - System32\Tasks\G2MUploadTask-S-1-5-21-3261126923-531114898-3936066209-1000 => C:\Users\owner\AppData\Local\GoToMeeting\7297\g2mupload.exe [2017-07-31] (LogMeIn, Inc.)
Task: {A5B753DB-0451-4C4E-9F88-0192EB62F3F9} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {A7BD4917-6F93-4CAE-A675-B3065D2EC8A6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AA5F3822-62E5-4252-9B0C-34382EC6B629} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-04-12] (Piriform Ltd)
Task: {AD9C16D4-8736-4B08-8DDF-E3FF99E51AB0} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {AF905F53-0366-4D90-A389-3A0C1662548D} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {B23F4714-0000-4044-B4F8-BAB548000CB2} - System32\Tasks\Driver Booster SkipUAC (Thinkpad) => C:\Program Files (x86)\IObit\Driver Booster\5.3.0\DriverBooster.exe [2018-03-22] (IObit)
Task: {B33AECA1-0E1D-490C-98C1-141AAB9846C0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {B42219B4-0FD0-4EBC-BB0A-B0B447B27827} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B436D40E-1CC4-48C3-B2E0-3CC7C5B6AE2B} - System32\Tasks\Avira\Safe Shopping\Check => C:\Program Files (x86)\Avira\Safe Shopping\Updater\Updater.exe [2018-03-08] (Avira Operations Gmbh & Co. KG)
Task: {B54DA524-F80F-4940-B2AE-51B5B05D3970} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\5.3.0\Scheduler.exe [2017-08-23] (IObit)
Task: {C239289F-D66F-4586-94FC-E31915F53440} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\3 => C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26] ()
Task: {C6ED146C-2915-4D0A-86D7-224135AC9AF1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CBE7D3AA-4CE3-420C-BFAE-17814B1D6970} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2015-03-23] (Lenovo)
Task: {D4E6CDE0-889D-4876-8777-9C79FBA32F25} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {D6006951-E81C-44BE-9256-C21CC534C05F} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-12-19] (Oracle Corporation)
Task: {D6EC9417-3CFB-47CF-8AB7-25B559BC4A1C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2016-01-08] (Lenovo)
Task: {E2AFE36A-B08C-44B3-A9D8-D9394263BA6C} - System32\Tasks\Avira\System Speedup\Delayed Startup\Thinkpad\1 => C:\Users\owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [2015-08-23] (Cisco) <==== ATTENTION
Task: {E56F7DCC-6F6B-4551-9F18-E18559AB1D1D} - System32\Tasks\Lenovo\SROptimizer => C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\\SRORest.exe [2012-03-05] (Lenovo Group Limited)
Task: {E882A80F-3E09-4C60-A0CC-6727244E5DE5} - System32\Tasks\S-1-5-21-3261126923-531114898-3936066209-1000\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {EE786DC1-DF1F-403E-8856-A53870F4A12E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-05-06] (Adobe Systems Incorporated)
Task: {F0289FD9-E1CF-4741-8A61-1284B026735A} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2017-06-09] ()
Task: {F4A69B94-A452-4315-A6C9-9A3BB9526536} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2018-03-22] (Avira Operations GmbH & Co. KG)
Task: {F73F773F-67FF-4752-883B-760058852015} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [2016-04-04] ()
Task: {F8AE82DE-D0DF-4BBA-9B69-F09FFAE20CFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {FB10EF8E-18FB-4909-B053-F1A811E322FB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {FD94D2C2-4CF2-4F7B-9EE3-D73B194E9A9A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FEFBA37F-B35D-4DA6-831E-817256525736} - System32\Tasks\Avira\Safe Shopping\Launch => C:\Program Files (x86)\Avira\Safe Shopping\Updater\Updater.exe [2018-03-08] (Avira Operations Gmbh & Co. KG)
Task: {FF748D64-F085-49CD-B206-E170D0ECB098} - System32\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe [2017-08-17] (WiseCleaner.com)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3261126923-531114898-3936066209-1000.job => C:\Users\owner\AppData\Local\GoToMeeting\7297\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3261126923-531114898-3936066209-1000.job => C:\Users\owner\AppData\Local\GoToMeeting\7297\g2mupload.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\395fbb84ca74fb25\Comodo Dragon.lnk -> C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-10-17 14:37 - 2015-09-07 09:00 - 000106496 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2017-03-20 20:30 - 2017-01-31 07:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 02:48 - 2017-12-08 02:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-08 21:09 - 2015-11-08 21:09 - 000133480 _____ () C:\Program Files (x86)\AnonVPN\bin\AnonVPNService.exe
2015-09-07 12:42 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-09-18 07:15 - 2005-04-21 23:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2018-03-14 15:10 - 2018-03-01 10:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-03-14 15:10 - 2018-02-05 14:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-06-07 11:14 - 2015-12-10 06:14 - 000249384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2018-04-11 18:35 - 2018-04-12 04:20 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-04 20:27 - 2016-04-04 20:27 - 001868800 _____ () C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
2015-10-31 09:57 - 2010-10-26 10:40 - 000049056 _____ () C:\Program Files\Conexant\ForteConfig\fmapp.exe
2015-12-10 22:50 - 2015-12-10 22:50 - 001419776 _____ () C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
2014-12-21 11:07 - 2014-12-21 11:07 - 000119822 _____ () C:\Program Files (x86)\AnonVPN\bin\libgcc_s_dw2-1.dll
2014-12-21 11:07 - 2014-12-21 11:07 - 001026062 _____ () C:\Program Files (x86)\AnonVPN\bin\libstdc++-6.dll
2015-07-15 18:28 - 2015-05-11 15:56 - 000286424 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000224984 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000290520 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000122584 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000347864 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000483032 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000069336 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2015-07-15 18:28 - 2015-05-11 15:56 - 000691928 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2015-07-15 18:28 - 2015-02-26 00:00 - 002403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000286424 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000966360 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000278232 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000110296 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000155352 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000253656 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2015-07-15 18:28 - 2015-05-11 15:55 - 000175832 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2015-09-18 07:15 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000080936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 001296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2016-06-07 11:14 - 2016-02-24 17:59 - 000027408 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2016-06-07 11:14 - 2016-02-24 17:59 - 000191248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2016-06-07 11:14 - 2016-02-24 17:59 - 000177424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2016-06-07 11:14 - 2016-02-24 17:59 - 000058640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2016-06-07 11:14 - 2016-02-24 17:59 - 000020752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2016-06-07 11:14 - 2016-02-24 17:59 - 000131856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000485416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EULicenseDLL.DLL
2016-06-07 11:14 - 2015-12-10 06:04 - 000077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000030760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2016-06-07 11:14 - 2016-02-24 17:59 - 000042256 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000769064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000443944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000111656 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000169512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000501800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000025128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2016-06-07 11:14 - 2016-01-26 08:27 - 000427560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\uexper.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000059944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000201768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2016-06-07 11:14 - 2016-02-24 17:59 - 000023824 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000136232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-11-12 20:27 - 2015-12-23 17:17 - 000625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-06-07 11:14 - 2015-12-10 06:04 - 000224808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2016-05-22 22:37 - 2016-05-22 22:37 - 000398848 _____ () C:\Program Files (x86)\Anvsoft\Syncios\DuiLib.dll
2015-11-20 00:27 - 2015-11-20 00:27 - 000073728 _____ () C:\Program Files (x86)\Anvsoft\Syncios\generalFunc_pdt.dll
2016-04-15 02:14 - 2016-04-15 02:14 - 000966656 _____ () C:\Program Files (x86)\Anvsoft\Syncios\androidSyncCore_pdm.dll
2016-04-01 03:51 - 2016-04-01 03:51 - 000177152 _____ () C:\Program Files (x86)\Anvsoft\Syncios\driverMgr4Transfer_pdt.dll
2015-07-09 19:43 - 2015-07-09 19:43 - 000571392 _____ () C:\Program Files (x86)\Anvsoft\Syncios\sqlite3.dll
2015-11-20 00:27 - 2015-11-20 00:27 - 000059904 _____ () C:\Program Files (x86)\Anvsoft\Syncios\zlib.dll
2017-12-08 02:49 - 2017-12-08 02:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 02:49 - 2017-12-08 02:49 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-20 00:26 - 2015-11-20 00:26 - 000671744 _____ () C:\Program Files (x86)\Anvsoft\Syncios\hashAB.dll
2017-12-08 02:48 - 2017-12-08 02:48 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2018-03-08 18:08 - 2018-03-08 18:08 - 000014984 _____ () C:\Program Files (x86)\Avira\Safe Shopping\ScreenClick.dll
2017-03-20 20:30 - 2017-01-31 05:14 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2018-05-06 14:15 - 000017443 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 JPSILVA-MOBL1.amr.corp.intel.com # LMS GENERATED LINE
0.0.0.0 0x1f4b0.com
0.0.0.0 1q2w3.fun
0.0.0.0 1q2w3.website
0.0.0.0 2giga.dowload
0.0.0.0 2giga.link
0.0.0.0 8jd2lfsq.me
0.0.0.0 aalbbh84.info
0.0.0.0 adless.io
0.0.0.0 ad-miner.com
0.0.0.0 adplusplus.fr
0.0.0.0 adrenali.gq
0.0.0.0 afflow.18-plus.net
0.0.0.0 afminer.com
0.0.0.0 ajcryptominer.com
0.0.0.0 ajplugins.com
0.0.0.0 akvideo.stream
0.0.0.0 allfontshere.press
0.0.0.0 altavista.ovh
0.0.0.0 amhixwqagiz.ru
0.0.0.0 analytics.blue
0.0.0.0 andlache.com
0.0.0.0 anime.reactor.cc
0.0.0.0 a-o.ninja
0.0.0.0 api.inwemo.com
0.0.0.0 appelamule.com
0.0.0.0 arizona-miner.tk
0.0.0.0 aservices.party
0.0.0.0 aster18cdn.nl
0.0.0.0 audioknigi.club

There are 643 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3261126923-531114898-3936066209-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.11.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: SpeedupService => 2
MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
MSCONFIG\startupreg: BingSvc => c:\users\owner\appdata\local\microsoft\bingsvc\bingsvc.exe
MSCONFIG\startupreg: EaseUS TB Tray Agent => "C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWMTRV => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM\...\StartupApproved\StartupFolder: => "Receiver.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "Virtual Account Numbers"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
HKLM\...\StartupApproved\Run32: => "Avira Safe Shopping"
HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\StartupApproved\StartupFolder: => "zSpeedup.lnk"
HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_BFB1AAC9AD5759BCC5B883652DF33E69"
HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\StartupApproved\Run: => "SharewareOnSale Notifier"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D58E013D-C633-4503-B3A4-337ACE948420}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D4CC3C50-08BD-4ACE-9136-ED8D361CDE31}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.3.0\AutoUpdate.exe
FirewallRules: [{4CECB948-457B-4595-BBC7-DDAE20541F81}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.3.0\AutoUpdate.exe
FirewallRules: [{7607DE1A-0017-4AC8-A396-D891F88FFCFE}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.3.0\DBDownloader.exe
FirewallRules: [{8B9FC949-31B0-44F6-881F-27F249C80580}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.3.0\DBDownloader.exe
FirewallRules: [{B6216D71-C3C3-43CA-9046-4B1D746FC2C7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.3.0\DriverBooster.exe
FirewallRules: [{0849F4F2-7FE5-4A5A-9403-7922F2F47EFC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.3.0\DriverBooster.exe
FirewallRules: [{3E492DB3-1482-4C60-9467-019B1010F8BC}] => (Allow) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe
FirewallRules: [{8073D3BD-4343-4C58-8E14-5E3D7972926C}] => (Allow) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
FirewallRules: [{91614658-4E74-43FE-8F53-0A24B3821A79}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{83FFFC94-9877-4B72-830D-2C330FB49CF4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{85D5FC75-985E-4C92-A959-5037C074586B}] => (Allow) C:\Program Files (x86)\Avira\Scout\Application\scout.exe
FirewallRules: [{5F571876-9530-4D81-855E-CFE9F0B1D828}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A8B87D84-60E9-4A1F-8740-EE005ADAE485}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{2E5F203E-C449-439F-880F-5781DAB71BEA}C:\users\owner\downloads\ipcameratool version 1.0.0.1 - 20131120\ipcamera.exe] => (Allow) C:\users\owner\downloads\ipcameratool version 1.0.0.1 - 20131120\ipcamera.exe
FirewallRules: [TCP Query User{8AD89F6B-5F2D-4DFF-8266-A9E89B489CDC}C:\users\owner\downloads\ipcameratool version 1.0.0.1 - 20131120\ipcamera.exe] => (Allow) C:\users\owner\downloads\ipcameratool version 1.0.0.1 - 20131120\ipcamera.exe
FirewallRules: [{836218D0-7137-4F43-812B-2BF7510704B8}] => (Allow) C:\Program Files (x86)\Opera developer\43.0.2431.0\opera.exe
FirewallRules: [{6A78AA59-3148-47F9-81FF-B1152F7B6C1D}] => (Allow) C:\Program Files (x86)\Opera developer\43.0.2423.0\opera.exe
FirewallRules: [{206C1564-57BA-4330-8301-87D8A78A9719}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{98E1636F-F0AB-4BD8-9439-92B55051E286}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F6B1B76E-9359-4D0B-882E-BC2A4B334072}] => (Block) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{2CC73E53-D891-4074-96E3-7099E5598995}] => (Block) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{FDDBB38B-DE82-42A2-B5D0-8AD1CA40F221}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{9EE78F80-9397-4D21-A66A-611203212F53}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{7A31C3E6-CEE7-4B4D-BE51-CA83C2B0BDFA}] => (Allow) C:\Program Files (x86)\Rheingold\TesterGUI\bin\Release\ISTAGUI.exe
FirewallRules: [{F0B158F6-C841-412E-9662-6AD4B8BDDDBE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B87C0AF0-1E93-485F-A638-D57A5669D669}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C6AA5238-7F70-4143-861F-FF106B0494ED}] => (Allow) LPort=54925
FirewallRules: [{7E86696C-D495-4311-8B48-4A9AF11BDB2D}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{78ECF11D-E4DA-4CC7-B2C4-03FC46342AC4}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{9691DCA3-3640-4D42-949A-7F2760131C1E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{AEC05127-D552-4B44-97ED-EC99B4BBAA65}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{6EF54ADD-70AE-4542-B5C1-D25E23247B91}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{650917DD-E0CA-414E-B751-E354022BBC72}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AD4718CD-7D4C-4B84-AA72-A4E4CCC160D7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C9DA599B-28B9-4778-8545-8CE2C6F6C287}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{CE64496F-82E4-44C0-8C2C-DE58E89CDA77}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{F7232EDB-869B-4F2D-B4E7-41613006F2FD}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{F5ED2DC8-2DAF-41AD-89D7-8F6255FC3BC3}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [{C2B39D14-210F-4C99-B7BC-651C7E401F57}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{1BD96441-30C7-4BCD-A655-D3D526B25268}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{343C272D-12E7-4B23-9166-3DA1D23F769D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [TCP Query User{DB696830-45A6-46A5-93AA-F007FA2D81F3}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe
FirewallRules: [UDP Query User{9CD477FE-2703-47A8-9A5A-BD593B375FA3}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe
FirewallRules: [TCP Query User{46542DB9-D011-4B67-B341-2AC419B04C4B}C:\users\owner\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe] => (Block) C:\users\owner\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe
FirewallRules: [UDP Query User{86DD73D4-5F1D-4084-B099-F8BA3313B894}C:\users\owner\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe] => (Block) C:\users\owner\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe
FirewallRules: [TCP Query User{F21A7166-5689-4F80-8F78-80546459AD44}C:\users\owner\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe] => (Allow) C:\users\owner\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe
FirewallRules: [UDP Query User{75717184-FCBE-4682-B67A-B57A6936BB69}C:\users\owner\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe] => (Allow) C:\users\owner\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe
FirewallRules: [{5E71FE47-9C85-42BB-9FB4-72E27D4D6C93}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4D4606B2-965D-48C6-BE4E-66DA9873B741}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{45B05EFF-8B4E-46AB-9CA5-99B38F88A2E8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EC1868E7-F2E9-46A1-B958-CE1F33403495}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1AF4AFFC-D578-482D-AB11-7EAB158AAB44}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CFCD7DC0-67F4-4BAD-9181-5B657722B20B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB37232E-D636-4744-8303-A16BE95068A5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{88740557-DF38-4946-B91E-0B50AF3DC530}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{FE36FA3A-D785-433E-B40F-9CFC00C5CDCF}C:\ediabas\bin\ifhsrv32.exe] => (Block) C:\ediabas\bin\ifhsrv32.exe
FirewallRules: [UDP Query User{0E43474B-9CC1-4E8A-8BB5-1D3D0D79C2A1}C:\ediabas\bin\ifhsrv32.exe] => (Block) C:\ediabas\bin\ifhsrv32.exe
FirewallRules: [TCP Query User{48AE299B-EE49-4771-9B60-1F1C619B6056}C:\users\owner\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\owner\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [UDP Query User{1D0FE27F-2639-41B1-9B29-0E89D9C0DD9F}C:\users\owner\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\owner\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [TCP Query User{E77CADA2-CCDA-4D43-AEC9-FCC33CDF2080}C:\users\owner\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\owner\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [UDP Query User{78CDDB43-7FBF-48B2-90CC-EEBBA2E7AB50}C:\users\owner\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\owner\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [{520DFFF4-A049-424F-8C1F-1AE380B89B50}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{13B871B5-33A5-46B6-B5BA-28D1F8969C39}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{29C82817-BC91-4701-AF6F-4E36ACD22338}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{2D3964E7-14A1-4C0B-AB9F-4090881683F4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{8C8C9828-8350-4F96-AAD6-C512697F6D15}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{37A1F9EB-B0E6-4727-AB09-79D939FDA302}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{22769EA6-D639-4650-B00C-CEBFE4E6C9CC}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{E6984A7A-007E-4BF9-86CE-929F7C27CFB7}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{427DC2CE-461C-45A3-A7F1-16100420269A}] => (Allow) C:\Program Files (x86)\GameSessions\Men of War Assault Squad\mow_assault_squad.exe
FirewallRules: [{ED5F96A1-75F3-4B20-A0B4-C8B33DD18D22}] => (Allow) C:\Program Files (x86)\GameSessions\Men of War Assault Squad\DataTools\DLM.exe
FirewallRules: [{09A4B5A3-8904-47D7-BCFB-B114B8911D28}] => (Allow) C:\Program Files (x86)\Tangentix\DDRuntime\GSLauncher.exe
FirewallRules: [{8636AE26-8775-4944-A67D-7E3AA36412DE}] => (Allow) LPort=8733

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/06/2018 02:32:12 PM) (Source: MsiInstaller) (EventID: 11923) (User: LENOVOT420)
Description: Product: Avira -- Error 1923. Service 'Avira Service Host' (Avira.ServiceHost) could not be installed. Verify that you have sufficient privileges to install system services.

Error: (05/06/2018 02:31:07 PM) (Source: MsiInstaller) (EventID: 11923) (User: LENOVOT420)
Description: Product: Avira -- Error 1923. Service 'Avira Service Host' (Avira.ServiceHost) could not be installed. Verify that you have sufficient privileges to install system services.

Error: (05/06/2018 02:31:05 PM) (Source: MsiInstaller) (EventID: 11923) (User: LENOVOT420)
Description: Product: Avira -- Error 1923. Service 'Avira Service Host' (Avira.ServiceHost) could not be installed. Verify that you have sufficient privileges to install system services.

Error: (05/06/2018 02:31:05 PM) (Source: MsiInstaller) (EventID: 11923) (User: LENOVOT420)
Description: Product: Avira -- Error 1923. Service 'Avira Service Host' (Avira.ServiceHost) could not be installed. Verify that you have sufficient privileges to install system services.

Error: (05/06/2018 02:31:04 PM) (Source: MsiInstaller) (EventID: 11923) (User: LENOVOT420)
Description: Product: Avira -- Error 1923. Service 'Avira Service Host' (Avira.ServiceHost) could not be installed. Verify that you have sufficient privileges to install system services.

Error: (05/06/2018 02:31:02 PM) (Source: MsiInstaller) (EventID: 11923) (User: LENOVOT420)
Description: Product: Avira -- Error 1923. Service 'Avira Service Host' (Avira.ServiceHost) could not be installed. Verify that you have sufficient privileges to install system services.

Error: (05/06/2018 02:31:01 PM) (Source: MsiInstaller) (EventID: 11923) (User: LENOVOT420)
Description: Product: Avira -- Error 1923. Service 'Avira Service Host' (Avira.ServiceHost) could not be installed. Verify that you have sufficient privileges to install system services.

Error: (05/06/2018 02:29:22 PM) (Source: MsiInstaller) (EventID: 11923) (User: LENOVOT420)
Description: Product: Avira -- Error 1923. Service 'Avira Service Host' (Avira.ServiceHost) could not be installed. Verify that you have sufficient privileges to install system services.


System errors:
=============
Error: (05/06/2018 02:12:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The W3SVC service depends on the WAS service which failed to start because of the following error:
The system cannot find the file specified.

Error: (05/06/2018 02:12:05 PM) (Source: DCOM) (EventID: 10016) (User: LENOVOT420)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user LENOVOT420\Thinkpad SID (S-1-5-21-3261126923-531114898-3936066209-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/06/2018 02:12:03 PM) (Source: DCOM) (EventID: 10016) (User: LENOVOT420)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user LENOVOT420\Thinkpad SID (S-1-5-21-3261126923-531114898-3936066209-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/06/2018 02:12:02 PM) (Source: DCOM) (EventID: 10016) (User: LENOVOT420)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user LENOVOT420\Thinkpad SID (S-1-5-21-3261126923-531114898-3936066209-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/06/2018 02:12:01 PM) (Source: DCOM) (EventID: 10016) (User: LENOVOT420)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user LENOVOT420\Thinkpad SID (S-1-5-21-3261126923-531114898-3936066209-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/06/2018 02:11:58 PM) (Source: DCOM) (EventID: 10016) (User: LENOVOT420)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user LENOVOT420\Thinkpad SID (S-1-5-21-3261126923-531114898-3936066209-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/06/2018 02:11:58 PM) (Source: DCOM) (EventID: 10016) (User: LENOVOT420)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user LENOVOT420\Thinkpad SID (S-1-5-21-3261126923-531114898-3936066209-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/06/2018 02:11:57 PM) (Source: DCOM) (EventID: 10016) (User: LENOVOT420)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user LENOVOT420\Thinkpad SID (S-1-5-21-3261126923-531114898-3936066209-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2018-05-05 22:35:18.860
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-05-05 22:35:18.210
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-05-05 22:35:08.322
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-05-05 22:35:08.316
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 64%
Total physical RAM: 3979.23 MB
Available physical RAM: 1404.9 MB
Total Virtual: 8075.23 MB
Available Virtual: 4977.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.59 GB) (Free:63.13 GB) NTFS

\\?\Volume{45384e79-44ef-11e4-91df-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{9bda9acf-0000-0000-0000-30ac37000000}\ () (Fixed) (Total:0.87 GB) (Free:0.46 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:22 AM

Posted 07 May 2018 - 06:24 AM

Greetings.

There are a lot of things I would like to remove but before doing so I want to make sure we create a System Restore Point.

Please do this.

===================================================

Enabling System Restore in Windows 10 and Creating System Restore Point

--------------------
  • Press the Windows Key + R at the same time
  • Type sysdm.cpl and hit Enter
  • Click System Protection
  • Under Protection Settings left click on Local Disk (C:) (System) to highlight the entry
  • Click Configure
  • Select Turn on system protection
  • Click Apply, then OK
  • On the System Properties window Click Create...
  • Type BC Restore Point then click Create
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Restore Point?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 bd1000

bd1000
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 07 May 2018 - 09:43 AM

Hello,

I am still not getting any email which I check religiously that a post has occurred here. So I am checking back every so often. Is there something I can do to get these email alerts?

I have done as requested and successfully made the restore point. Also I do not understand why old restore points are never available, I wish there was a way to make a point not to be deleted by the system. Thanks.

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:22 AM

Posted 07 May 2018 - 11:43 AM

Thank you Bahman.

Please send me a Personal Message with your email address and I will follow up on it.

By default System Restore is disabled in Windows 10. If you go back through the steps I posted earlier when you get to the System Protection tab you can manage the Max Usage size in order to retain as many Restore Points as you'd like.

Please do this now.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer in order to streamline your system.
  • Right click Revo Uninstaller and select Run as administrator
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Avira
Avira Phantom VPN
Avira Privacy Pal
Avira Safe Shopping
Avira Scout
Avira Software Updater
Avira System Speedup
CCleaner
Chromodo
Comodo Dragon
Driver Booster 5
PC Services Optimizer
Smart Defrag 5
UnHackMe GE 9.60
Wise Care 365 4.6.9
Wise Driver Care 2.2
Wise Force Deleter
Wise JetSearch 2.33
Wise Memory Optimizer 3.5.2
Wise Program Uninstaller 2.1.3
Wise Reminder 1.2.7
  • Click Yes to any warning screen that may appear
  • If presented with the program uninstall option click Uninstall
  • If asked to restart now click No
  • Under Scanning Modes select Advanced then select Scan
  • On the Found leftover Registry items window click Select All, Delete, then Yes
  • If prompted click on Next
  • On the Found leftover files and folders window click on Select all, Delete, Yes, OK on any warning screen, then Finish
  • Reboot your computer into Normal Boot and check the performance
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [NoDriveAutoRun-] 0
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0
HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\Policies\Explorer: [NoDriveAutoRun-] 0
HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0
SearchScopes: HKU\.DEFAULT -> DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
Toolbar: HKLM-x32 - No Name - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1}
U3 idsvc; no ImagePath
2018-04-25 09:26 - 2018-04-25 09:26 - 000000000 _____ C:\Users\owner\AppData\Local\{AC5EF75E-AF8D-4B2A-A6DF-9C59A9565D8A}
2018-03-24 16:49 - 2018-03-24 16:49 - 000000000 _____ () C:\Users\owner\AppData\Local\{46C25687-4B27-4361-A40E-104F57B8C8A9}
2018-04-25 09:26 - 2018-04-25 09:26 - 000000000 _____ () C:\Users\owner\AppData\Local\{AC5EF75E-AF8D-4B2A-A6DF-9C59A9565D8A}
2015-11-17 09:32 - 2015-11-17 09:32 - 000000000 _____ () C:\Users\owner\AppData\Local\{BDA924E7-ABBD-4FFD-9000-5C5E51DE540D}
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC}
Task: {021B7F76-4CBA-489B-B68D-1A613E2FF2FC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d 
Task: {047ADCED-1152-444B-8C66-2E599AE66751} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d 
Task: {0618210D-0C6E-4934-BD02-E5B59376C2C7} - \Microsoft\Windows\UNP\RunCampaignManager 
Task: {3A11F3D5-254D-41E3-9396-110E785D78EE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d 
Task: {4A9303DA-3EFC-40EB-AF79-1FE351681E18} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig 
Task: {5975967D-A957-473F-859D-33F9381084F7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd
Task: {90E39C32-B26B-49FD-A058-A5E4CFB9C442} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d
Task: {9ABA98DD-0544-4B4D-BED5-D6B205AF03A1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess
Task: {A7BD4917-6F93-4CAE-A675-B3065D2EC8A6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
Task: {B42219B4-0FD0-4EBC-BB0A-B0B447B27827} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d
Task: {C6ED146C-2915-4D0A-86D7-224135AC9AF1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent
Task: {E2AFE36A-B08C-44B3-A9D8-D9394263BA6C} - System32\Tasks\Avira\System Speedup\Delayed Startup\Thinkpad\1 => C:\Users\owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [2015-08-23] (Cisco)
Task: {FD94D2C2-4CF2-4F7B-9EE3-D73B194E9A9A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent
BootExecute: autocheck autochk /K:CDEFGHIJKLMNOPQRSTUVWXYZ * Partizan
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Programs uninstall?
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 bd1000

bd1000
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 07 May 2018 - 04:10 PM

All programs uninstalled by Revo except Avira privacy pal and system speed up as they were not in the list of programs. 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
Ran by Thinkpad (07-05-2018 15:57:31) Run:1
Running from C:\Users\owner\Downloads
Loaded Profiles: Thinkpad (Available Profiles: Thinkpad & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [NoDriveAutoRun-] 0
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0
HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\Policies\Explorer: [NoDriveAutoRun-] 0
HKU\S-1-5-21-3261126923-531114898-3936066209-1000\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0
SearchScopes: HKU\.DEFAULT -> DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
Toolbar: HKLM-x32 - No Name - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1}
U3 idsvc; no ImagePath
2018-04-25 09:26 - 2018-04-25 09:26 - 000000000 _____ C:\Users\owner\AppData\Local\{AC5EF75E-AF8D-4B2A-A6DF-9C59A9565D8A}
2018-03-24 16:49 - 2018-03-24 16:49 - 000000000 _____ () C:\Users\owner\AppData\Local\{46C25687-4B27-4361-A40E-104F57B8C8A9}
2018-04-25 09:26 - 2018-04-25 09:26 - 000000000 _____ () C:\Users\owner\AppData\Local\{AC5EF75E-AF8D-4B2A-A6DF-9C59A9565D8A}
2015-11-17 09:32 - 2015-11-17 09:32 - 000000000 _____ () C:\Users\owner\AppData\Local\{BDA924E7-ABBD-4FFD-9000-5C5E51DE540D}
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC}
Task: {021B7F76-4CBA-489B-B68D-1A613E2FF2FC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d
Task: {047ADCED-1152-444B-8C66-2E599AE66751} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d
Task: {0618210D-0C6E-4934-BD02-E5B59376C2C7} - \Microsoft\Windows\UNP\RunCampaignManager
Task: {3A11F3D5-254D-41E3-9396-110E785D78EE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d
Task: {4A9303DA-3EFC-40EB-AF79-1FE351681E18} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig
Task: {5975967D-A957-473F-859D-33F9381084F7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd
Task: {90E39C32-B26B-49FD-A058-A5E4CFB9C442} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d
Task: {9ABA98DD-0544-4B4D-BED5-D6B205AF03A1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess
Task: {A7BD4917-6F93-4CAE-A675-B3065D2EC8A6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
Task: {B42219B4-0FD0-4EBC-BB0A-B0B447B27827} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d
Task: {C6ED146C-2915-4D0A-86D7-224135AC9AF1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent
Task: {E2AFE36A-B08C-44B3-A9D8-D9394263BA6C} - System32\Tasks\Avira\System Speedup\Delayed Startup\Thinkpad\1 => C:\Users\owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [2015-08-23] (Cisco)
Task: {FD94D2C2-4CF2-4F7B-9EE3-D73B194E9A9A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent
BootExecute: autocheck autochk /K:CDEFGHIJKLMNOPQRSTUVWXYZ * Partizan
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDriveAutoRun-" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDriveTypeAutoRun-" => removed successfully
"HKU\S-1-5-21-3261126923-531114898-3936066209-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks" => removed successfully
"HKU\S-1-5-21-3261126923-531114898-3936066209-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDriveAutoRun-" => removed successfully
"HKU\S-1-5-21-3261126923-531114898-3936066209-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDriveTypeAutoRun-" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{9A87E478-A2BD-44C4-9F8C-D3989A5271B1}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9A87E478-A2BD-44C4-9F8C-D3989A5271B1} => not found
"HKLM\System\CurrentControlSet\Services\idsvc" => removed successfully
idsvc => service removed successfully
C:\Users\owner\AppData\Local\{AC5EF75E-AF8D-4B2A-A6DF-9C59A9565D8A} => moved successfully
C:\Users\owner\AppData\Local\{46C25687-4B27-4361-A40E-104F57B8C8A9} => moved successfully
"C:\Users\owner\AppData\Local\{AC5EF75E-AF8D-4B2A-A6DF-9C59A9565D8A}" => not found
C:\Users\owner\AppData\Local\{BDA924E7-ABBD-4FFD-9000-5C5E51DE540D} => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
HKLM\Software\Classes\CLSID\ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{021B7F76-4CBA-489B-B68D-1A613E2FF2FC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{021B7F76-4CBA-489B-B68D-1A613E2FF2FC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{047ADCED-1152-444B-8C66-2E599AE66751}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{047ADCED-1152-444B-8C66-2E599AE66751}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0618210D-0C6E-4934-BD02-E5B59376C2C7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0618210D-0C6E-4934-BD02-E5B59376C2C7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3A11F3D5-254D-41E3-9396-110E785D78EE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A11F3D5-254D-41E3-9396-110E785D78EE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A9303DA-3EFC-40EB-AF79-1FE351681E18}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A9303DA-3EFC-40EB-AF79-1FE351681E18}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5975967D-A957-473F-859D-33F9381084F7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5975967D-A957-473F-859D-33F9381084F7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90E39C32-B26B-49FD-A058-A5E4CFB9C442}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90E39C32-B26B-49FD-A058-A5E4CFB9C442}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9ABA98DD-0544-4B4D-BED5-D6B205AF03A1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ABA98DD-0544-4B4D-BED5-D6B205AF03A1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7BD4917-6F93-4CAE-A675-B3065D2EC8A6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7BD4917-6F93-4CAE-A675-B3065D2EC8A6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B42219B4-0FD0-4EBC-BB0A-B0B447B27827}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B42219B4-0FD0-4EBC-BB0A-B0B447B27827}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6ED146C-2915-4D0A-86D7-224135AC9AF1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6ED146C-2915-4D0A-86D7-224135AC9AF1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E2AFE36A-B08C-44B3-A9D8-D9394263BA6C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2AFE36A-B08C-44B3-A9D8-D9394263BA6C}" => removed successfully
C:\WINDOWS\System32\Tasks\Avira\System Speedup\Delayed Startup\Thinkpad\1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup\Delayed Startup\Thinkpad\1" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD94D2C2-4CF2-4F7B-9EE3-D73B194E9A9A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD94D2C2-4CF2-4F7B-9EE3-D73B194E9A9A}" => removed successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37018245 B
Java, Flash, Steam htmlcache => 1317 B
Windows/system/drivers => 12733358 B
Edge => 8970320 B
Chrome => 7706585 B
Firefox => 395417386 B
Opera => 332056 B

Temp, IE cache, history, cookies, recent:
Default => 12222 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 14048 B
LocalService => 0 B
NetworkService => 12222 B
NetworkService => 0 B
owner => 516376994 B
DefaultAppPool => 10295 B

RecycleBin => 1146534972 B
EmptyTemp: => 2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:58:27 ====

 

 

computer turn off and on pretty nicely and quickly.  



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:22 AM

Posted 07 May 2018 - 07:39 PM

That is great to hear.

Download Avira Privacy Pal and Avira System Speedup then use Revo to uninstall them both.

Please do this as well.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Programs uninstall?
  • ESET log
  • Security Analysis log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 bd1000

bd1000
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 08 May 2018 - 12:15 PM

I installed the two Avira programs and deleted with Revo

 

 

ESET log:

 

C:\Program Files (x86)\EaseUS\Todo Backup\bin\PxeServer.dll    a variant of Win32/TFTPD32.A potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS\tb\bin\PxeServer.dll    a variant of Win32/TFTPD32.A potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe    a variant of MSIL/WebCompanion.D potentially unwanted application    cleaned by deleting
C:\Users\owner\Downloads\advanced-systemcare-setup.exe    Win32/UwS.AdvancedSystemCare.A application    cleaned by deleting
C:\Users\owner\Downloads\ccsetup501.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\owner\Downloads\defragsetup.exe    a variant of Win32/FusionCore.D potentially unwanted application    cleaned by deleting
C:\Users\owner\Downloads\sd4_setup.exe    a variant of Win32/FusionCore.D potentially unwanted application    cleaned by deleting
C:\Users\owner\Downloads\tbh_trial.exe    a variant of Win32/TFTPD32.A potentially unsafe application    cleaned by deleting
C:\Users\owner\Downloads\tb_free.exe    a variant of Win32/TFTPD32.A potentially unsafe application    cleaned by deleting

 

 

Security Analysis Log:

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 03rd May, 2018
Running from:C:\Users\owner\Desktop (12:13:40 - 05/08/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Pro X64
UAC is Enabled
Internet Explorer 11
Default Browser: Internet Explorer
***------------Antivirus - Antispyware - Firewall-----------***
Malwarebytes (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (29.0.0.140)
Adobe Acrobat Reader DC (18.011.20038)
Google Chrome (66.0.3359.139)
Java (8.0.1610.12) ==> is out of Date
Malwarebytes (3.4.4.2398) ==> is out of Date
Microsoft Silverlight (5.1.50907.0)
Mozilla Firefox (55.0.3) ==> is out of Date
Opera (52.0.2871.64)

***----------------Analysis Complete-------------------------***

 

 

Running good.  I can say that Malwarebytes is up to date and current.  3.4.5
 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:22 AM

Posted 08 May 2018 - 01:11 PM

Thank you.

Are you still not receiving notifications?

Please do this.

===================================================

Updating Java Using Internet Explorer

-------------------

Note: Use Internet Explorer for these steps.
  • Click Start, type Internet Explorer, then hit Enter
  • Copy and paste http://java.com/en/download/testjava.jsp in the address bar then hit Enter
  • If you are notified your Java version is out of date click Update (recommended)
  • Click Agree and Start Free Java Download
  • Click Run
  • Click Install
  • Click Next
  • Once completed you should be notified You have successfully installed Java
  • If Java notifies you older versions of the program need to be removed check each of the versions and click Uninstall
  • Verify the older version(s) was uninstalled then click Next
  • Click Close
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Notifications?
  • Java update?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 bd1000

bd1000
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 08 May 2018 - 01:46 PM

i have not received any notifications.  Before malware bytes constantly said web protection is off and would not turn on.  Now its on and no notification.  I did not get any notification on windows 10 updates.  I did check and there was one so i updated it. In the past there was very slow process to update, this one went fast.  Also when it used to update in the past the rest of the computer was very slow and non responsive at time times.  So I will have to see in the future for that. 

 

Yes to Java update and deleted the old one. 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:22 AM

Posted 08 May 2018 - 03:48 PM

Excellent.

 

I am going to send a message to an Administrator regarding the notification issue. Let's give things a day to see how your computer runs and hopefully during this time the notification issue can be sorted out.

 

Thanks for the great report!


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users