Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Widows 8 laptop infected with pop ups & browser hijacking

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Widows 8 laptop infected with pop ups & browser hijacking

Unread postby Knoxy » November 30th, 2015, 4:01 pm

Hi there,

I'm sorry to say this is my second time on here this year thanks to my teenage son downloading free video editing software yet again! :roll:

Whenever you use Google chrome it opens up 5 or 6 new tabs all taking you to random sites that you have no interest in and pop ups follow you around all the time, snap.do & findit appear quite regularly.

I'm really hoping you will be able to help me, although I will understand if you decide not too. :oops:
Below are the logs as requested.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
Ran by user (administrator) on LENOVO (30-11-2015 19:33:39)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\ProgramData\ApphguotoloS\ApphguotoloS.exe
() C:\ProgramData\ApplicationHosting\ApplicationHosting.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe
(drms media group) C:\Windows\Updatesvc.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\calendar.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
() C:\ProgramData\ApphguotoloS\ApphguotoloS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\lenovo\Lenovo Solution Center\LSCNotify.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\cltmng.exe
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\UI\bin\cltmngui.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2015-02-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2015-02-16] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [snp2uvc] => C:\windows\vsnp2uvc.exe
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-10-30] (Qualcomm®Atheros®)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-19] (Spotify Ltd)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-16] (Skype Technologies S.A.)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [8281920 2015-11-19] (Spotify Ltd)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\MountPoints2: {71af1188-3f5d-11e5-827f-d053495aa0a6} - "F:\Startme.exe"
AppInit_DLLs: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll [206152 2014-07-22] (ClientConnect LTD)
AppInit_DLLs: C:\ProgramData\ApphguotoloS\WhiteCom.dll => C:\ProgramData\ApphguotoloS\WhiteCom.dll [518656 2015-11-29] ()
AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll [173896 2014-07-22] (ClientConnect LTD)
AppInit_DLLs-x32: C:\ProgramData\ApphguotoloS\Aireco.dll => C:\ProgramData\ApphguotoloS\Aireco.dll [320512 2015-11-29] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 02 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 03 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 04 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 05 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 06 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 07 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 08 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 09 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 10 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 22 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9-x64 01 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 02 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 03 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 04 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 05 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 06 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 07 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 08 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 09 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 10 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 22 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A016F4B3-C826-4443-9904-47B32C379E4F}: [DhcpNameServer] 150.204.1.2
Tcpip\..\Interfaces\{B6A128FB-AFDC-478E-B606-27388FEFB41B}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... 2a1LoNPwg,,
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> {09F5A092-1826-11E5-8266-D053495AA0A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-05-13] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-06-27] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... 3DGpJCDLQ,,
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-17]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-17]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-17]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-17]
CHR Extension: (Video Balance) - C:\Users\user\AppData\Local\Video Balance\Component [2015-11-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ApphguotoloS; C:\ProgramData\\ApphguotoloS\\ApphguotoloS.exe [466944 2015-11-29] () [File not signed]
R2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe [466944 2015-11-29] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [317568 2013-10-30] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-10] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe [2538824 2014-07-22] (ClientConnect LTD)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-08-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-23] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-07] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-02-16] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-04] ()
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1871784 2015-08-30] (Maxthon)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe [151688 2015-11-23] ()
R2 UpdateSvc; C:\windows\Updatesvc.exe [221184 2015-07-27] (drms media group) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2015-02-16] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-10-30] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-30] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 CXPLRCAP; C:\Windows\system32\drivers\CxPlrCap.sys [236672 2014-08-26] (Conexant Systems, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [24808 2013-12-06] (Lenovo Group Limited (R))
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [2852504 2013-12-21] (Sonix Co. Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R1 swsedrvr_vw_1_10_0_25; system32\drivers\swsedrvr_vw_1_10_0_25.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-30 19:33 - 2015-11-30 19:34 - 00028648 _____ C:\Users\user\Downloads\FRST.txt
2015-11-30 19:33 - 2015-11-30 19:33 - 00000000 ____D C:\FRST
2015-11-30 19:30 - 2015-11-30 19:31 - 02350080 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2015-11-30 17:42 - 2015-11-30 17:42 - 00000136 _____ C:\windows\version.ini
2015-11-29 19:43 - 2015-11-29 19:43 - 00000512 _____ C:\windows\ads.js
2015-11-29 18:06 - 2015-11-29 19:20 - 00000000 ____D C:\ProgramData\ApphguotoloS
2015-11-29 18:06 - 2015-11-29 18:06 - 00003604 _____ C:\windows\System32\Tasks\snp
2015-11-29 18:06 - 2015-11-29 18:06 - 00003290 _____ C:\windows\System32\Tasks\psv_Isfinity
2015-11-29 18:06 - 2015-11-29 18:06 - 00003282 _____ C:\windows\System32\Tasks\psv_Canfix
2015-11-29 18:06 - 2015-11-29 18:06 - 00003272 _____ C:\windows\System32\Tasks\psv_Isnix
2015-11-29 18:06 - 2015-11-29 18:06 - 00003240 _____ C:\windows\System32\Tasks\snf
2015-11-29 18:06 - 2015-11-29 18:06 - 00000000 ____D C:\ProgramData\ApphguotoloSs
2015-11-29 18:02 - 2015-11-29 18:02 - 00003264 _____ C:\windows\System32\Tasks\psv_Holdair
2015-11-29 18:00 - 2015-11-29 18:00 - 00003562 _____ C:\windows\System32\Tasks\{A6111735-B653-471D-91BF-23EDA81C75E0}
2015-11-29 17:56 - 2015-11-29 17:56 - 00003274 _____ C:\windows\System32\Tasks\psv_Superfresh
2015-11-29 17:42 - 2015-11-29 17:42 - 00003136 _____ C:\windows\System32\Tasks\Video Balance
2015-11-29 17:42 - 2015-11-29 17:42 - 00000000 ____D C:\Users\user\AppData\Local\Video Balance
2015-11-29 17:31 - 2015-11-29 17:31 - 00003276 _____ C:\windows\System32\Tasks\psv_K-Sailphase
2015-11-29 17:29 - 2015-11-29 17:29 - 00000000 ____D C:\ProgramData\tXCBvhCCZ
2015-11-29 17:29 - 2015-11-29 17:29 - 00000000 ____D C:\ProgramData\HealthAlert
2015-11-29 17:28 - 2015-11-30 17:31 - 00000000 ____D C:\Users\user\AppData\Roaming\CalendarTool
2015-11-29 17:28 - 2015-11-29 17:28 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-11-29 17:28 - 2015-11-29 17:28 - 00000000 ____D C:\Program Files (x86)\CalendarTool
2015-11-29 17:27 - 2015-11-29 18:06 - 00002389 _____ C:\windows\SysWOW64\findit.xml
2015-11-29 17:27 - 2015-11-29 17:27 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2015-11-29 17:27 - 2015-11-29 17:27 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-11-29 17:27 - 2015-11-29 17:27 - 00000000 ____D C:\ProgramData\Solotoughs
2015-11-29 17:26 - 2015-11-29 18:48 - 00000000 ____D C:\Users\user\AppData\Local\EFA41481-1448817998-11E4-A961-68F7288A9A41
2015-11-29 17:26 - 2015-11-29 18:05 - 00000000 ____D C:\ProgramData\ApplicationHosting
2015-11-29 17:25 - 2015-11-29 17:25 - 00000000 ____D C:\Users\user\Documents\DailyPCClean
2015-11-29 17:25 - 2015-11-29 17:25 - 00000000 ____D C:\Program Files (x86)\EFA41481-1448817932-11E4-A961-68F7288A9A41
2015-11-29 17:24 - 2015-11-29 18:00 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support
2015-11-29 17:21 - 2015-11-29 17:21 - 00000000 ____D C:\windows\Provider32
2015-11-29 17:21 - 2015-11-29 17:21 - 00000000 ____D C:\Program Files (x86)\UniqueApps
2015-11-29 17:21 - 2015-07-27 18:52 - 00221184 _____ (drms media group) C:\windows\Updatesvc.exe
2015-11-29 17:21 - 2015-07-27 18:51 - 00270848 _____ (drms media group) C:\windows\Provider.dll
2015-11-29 17:21 - 2015-07-27 18:51 - 00102912 _____ (drms media group) C:\windows\Installer.exe
2015-11-29 17:19 - 2015-11-29 17:19 - 00166799 _____ C:\Users\user\Desktop\adobe-lightroom-6.exe
2015-11-29 17:08 - 2015-11-29 17:08 - 23532272 _____ C:\Users\user\Downloads\_MG_4591.CR2
2015-11-29 16:45 - 2015-11-29 17:07 - 156258182 _____ C:\Users\user\Downloads\wetransfer-f73987.zip
2015-11-29 16:13 - 2015-11-29 16:43 - 200728550 _____ C:\Users\user\Downloads\wetransfer-bba56b.zip
2015-11-29 16:11 - 2015-11-29 17:03 - 285761018 _____ C:\Users\user\Downloads\wetransfer-02867c.zip
2015-11-28 14:49 - 2015-11-28 14:55 - 126364805 _____ C:\Users\user\Desktop\Popping to Asda.mp4
2015-11-28 14:26 - 2015-11-30 15:12 - 00000000 ____D C:\Users\user\Desktop\Alge videos
2015-11-26 21:29 - 2015-11-26 21:30 - 00000000 ____D C:\Users\user\Desktop\from 1gb card
2015-11-26 17:40 - 2015-11-19 13:27 - 00000428 _____ C:\Users\user\AppData\Roaming\ham.txt
2015-11-26 17:39 - 2015-11-26 17:39 - 00042496 _____ C:\Users\user\AppData\Roaming\Moses.dat
2015-11-26 17:39 - 2015-11-26 17:39 - 00005568 _____ C:\Users\user\AppData\Roaming\md.xml
2015-11-26 17:37 - 2015-11-29 16:40 - 00466944 _____ C:\Users\user\AppData\Roaming\moses.exe
2015-11-26 09:34 - 2015-11-29 16:40 - 09545216 _____ C:\Users\user\AppData\Roaming\agent.dat
2015-11-26 09:34 - 2015-11-29 16:40 - 00060000 _____ C:\Users\user\AppData\Roaming\Config.xml
2015-11-26 09:34 - 2015-11-29 16:40 - 00017920 _____ C:\Users\user\AppData\Roaming\Main.dat
2015-11-23 16:34 - 2015-11-23 16:39 - 61408366 _____ C:\Users\user\Downloads\wetransfer-76339f.zip
2015-11-19 20:33 - 2015-11-19 20:33 - 00033529 _____ C:\Users\user\Downloads\CUMmxBDWcAAQgjf.jpg-large
2015-11-13 12:47 - 2015-11-03 00:23 - 00810488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-13 12:47 - 2015-11-03 00:23 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 18:22 - 2015-11-11 18:23 - 00000000 ____D C:\Users\user\Desktop\Alan's phone
2015-11-11 14:32 - 2015-11-11 23:41 - 00029391 _____ C:\Users\user\Desktop\Untitled 1.odt
2015-11-11 12:36 - 2015-10-30 23:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-11 12:36 - 2015-10-30 23:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-11 12:36 - 2015-10-30 23:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-11 12:36 - 2015-10-30 23:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-11 12:36 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-11 12:36 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-11 12:36 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-11 12:36 - 2015-10-30 22:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-11 12:36 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-11 12:36 - 2015-10-20 21:54 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-11 12:36 - 2015-10-20 14:53 - 03705856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-11 12:36 - 2015-10-20 14:36 - 02243072 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-11 12:36 - 2015-10-20 14:35 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-11 12:36 - 2015-10-20 14:34 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-11-11 12:36 - 2015-10-20 14:34 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-11 12:36 - 2015-10-20 14:34 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-11 12:36 - 2015-10-20 14:33 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-11 12:36 - 2015-10-20 14:14 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-11 12:36 - 2015-10-20 14:13 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-11 12:36 - 2015-10-20 14:13 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-11 12:36 - 2015-10-20 14:13 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-11 12:36 - 2015-10-15 16:08 - 00990208 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-11 12:36 - 2015-10-15 15:46 - 00803328 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-11 12:36 - 2015-10-14 23:02 - 07455064 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-11 12:36 - 2015-10-14 23:02 - 01659560 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-11-11 12:36 - 2015-10-14 23:02 - 01519592 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-11-11 12:36 - 2015-10-14 23:02 - 01487008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-11-11 12:36 - 2015-10-14 23:02 - 01355848 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-11-11 12:36 - 2015-10-13 17:10 - 00559616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 12:36 - 2015-10-13 17:10 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 12:36 - 2015-10-13 15:59 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00120376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00106952 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00091416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2015-11-11 12:36 - 2015-10-11 06:36 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-11 12:36 - 2015-10-11 06:36 - 00177496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-11 12:36 - 2015-10-10 18:40 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-11 12:36 - 2015-10-10 18:39 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-11 12:36 - 2015-10-10 18:07 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-11-11 12:36 - 2015-10-10 17:33 - 01441280 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-11 12:36 - 2015-10-10 17:27 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-11 12:36 - 2015-10-10 17:11 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-11-11 12:36 - 2015-10-10 16:45 - 00359424 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-11 12:36 - 2015-09-29 12:24 - 00155480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2015-11-11 12:36 - 2015-09-12 13:47 - 00414559 _____ C:\windows\system32\ApnDatabase.xml
2015-11-11 12:36 - 2015-09-07 16:22 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-11-11 12:36 - 2015-09-07 15:54 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-11-11 12:36 - 2015-09-07 15:30 - 01091584 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-11-11 12:36 - 2015-09-04 19:24 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tunnel.sys
2015-11-11 12:36 - 2015-08-28 22:20 - 00183368 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2015-11-11 12:36 - 2015-08-20 20:45 - 01380048 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-11-11 12:36 - 2015-08-20 17:48 - 01096704 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-11-11 12:36 - 2014-11-05 01:41 - 00558080 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2015-11-11 12:36 - 2014-11-05 01:18 - 00507392 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2015-11-11 12:35 - 2015-10-30 23:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-11 12:35 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-11 12:35 - 2015-10-30 22:39 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-11-11 12:35 - 2015-10-30 22:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-11 12:35 - 2015-10-30 22:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-11 12:35 - 2015-10-30 22:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-11 12:35 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-11 12:35 - 2015-10-30 22:14 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-11-11 12:35 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-11 12:35 - 2015-10-30 22:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-11 12:35 - 2015-10-30 21:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-11 12:35 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-11 12:35 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-11 12:35 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-11 12:35 - 2015-10-08 16:08 - 01083904 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2015-11-11 12:35 - 2015-08-10 18:15 - 00845312 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2015-11-11 12:35 - 2015-08-10 18:06 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2015-11-11 12:35 - 2015-08-10 17:49 - 00713216 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2015-11-11 12:35 - 2015-08-10 16:56 - 00272384 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 12:35 - 2015-08-10 16:46 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2015-11-11 12:35 - 2014-11-10 18:06 - 00136512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2015-11-11 12:34 - 2015-10-17 14:19 - 04176384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-08 23:43 - 2015-11-09 01:30 - 1135651626 _____ C:\Users\user\Downloads\wetransfer-2e0a9d.zip
2015-11-02 21:55 - 2015-11-02 22:13 - 184678334 _____ C:\Users\user\Downloads\wetransfer-71bae5.zip
2015-11-01 19:57 - 2015-11-01 20:11 - 183707018 _____ C:\Users\user\Downloads\wetransfer-99bf50.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-30 19:33 - 2013-08-22 13:36 - 00000000 ____D C:\Windows
2015-11-30 19:04 - 2015-06-17 12:41 - 00000920 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-30 17:28 - 2015-05-29 03:45 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-405398818-1581397194-2991210944-1001
2015-11-30 14:39 - 2014-03-18 09:53 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-30 14:39 - 2013-08-22 13:36 - 00000000 ____D C:\windows\Inf
2015-11-30 13:29 - 2015-06-17 10:32 - 00003914 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{63C84DC5-E145-4787-BEDA-824EAF71F58D}
2015-11-29 18:44 - 2015-06-17 12:41 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-29 18:43 - 2013-08-22 14:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-29 18:42 - 2015-06-22 11:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2015-11-29 18:42 - 2015-02-16 14:18 - 00008704 _____ C:\windows\system32\VfService.trf
2015-11-29 18:06 - 2015-06-17 12:44 - 00002226 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-29 18:06 - 2015-05-29 03:39 - 00001441 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-29 18:02 - 2015-06-22 11:06 - 00000000 ____D C:\Users\user\AppData\Local\Spotify
2015-11-29 17:26 - 2015-06-24 10:14 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2015-11-29 14:58 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-11-28 12:44 - 2015-06-23 16:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-22 13:54 - 2013-08-22 15:36 - 00000000 ____D C:\windows\AppReadiness
2015-11-13 19:19 - 2013-08-22 15:36 - 00000000 ____D C:\windows\rescache
2015-11-13 18:22 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-13 18:19 - 2015-02-16 14:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-13 12:53 - 2013-08-22 14:44 - 00543888 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-13 12:45 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-11-13 12:43 - 2015-02-16 14:11 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-11-13 12:42 - 2013-08-22 15:36 - 00000000 ___RD C:\windows\ToastData
2015-11-12 21:48 - 2015-06-24 00:33 - 00000058 _____ C:\Users\user\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2015-11-12 13:43 - 2013-08-22 15:20 - 00000000 ____D C:\windows\CbsTemp
2015-11-12 13:30 - 2015-06-17 12:19 - 00000000 ____D C:\windows\system32\MRT
2015-11-12 13:21 - 2015-06-17 12:19 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-11 20:41 - 2015-05-29 03:40 - 00000000 ____D C:\Users\user\Documents\Bluetooth Folder
2015-11-11 18:18 - 2015-02-16 14:11 - 00000000 ____D C:\ProgramData\McAfee
2015-11-11 13:42 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-09 19:54 - 2015-07-17 16:57 - 00000000 ____D C:\Users\user\Desktop\Aidy's stuff
2015-11-09 15:46 - 2015-07-21 23:23 - 00003348 _____ C:\windows\System32\Tasks\McAfee Remediation (Prepare)
2015-11-03 13:03 - 2015-06-22 15:34 - 00003090 _____ C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-405398818-1581397194-2991210944-1001
2015-11-03 13:03 - 2015-06-22 15:34 - 00000000 ___RD C:\Users\user\OneDrive
2015-11-02 19:14 - 2013-08-22 15:36 - 00000000 ____D C:\windows\system32\NDF
2015-11-01 20:42 - 2015-06-23 16:54 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2015-11-26 09:34 - 2015-11-29 16:40 - 9545216 _____ () C:\Users\user\AppData\Roaming\agent.dat
2015-11-26 09:34 - 2015-11-29 16:40 - 0060000 _____ () C:\Users\user\AppData\Roaming\Config.xml
2015-11-26 17:40 - 2015-11-19 13:27 - 0000428 _____ () C:\Users\user\AppData\Roaming\ham.txt
2015-11-26 09:34 - 2015-11-29 16:40 - 0017920 _____ () C:\Users\user\AppData\Roaming\Main.dat
2015-11-26 17:39 - 2015-11-26 17:39 - 0005568 _____ () C:\Users\user\AppData\Roaming\md.xml
2015-11-26 17:39 - 2015-11-26 17:39 - 0042496 _____ () C:\Users\user\AppData\Roaming\Moses.dat
2015-11-26 17:37 - 2015-11-29 16:40 - 0466944 _____ () C:\Users\user\AppData\Roaming\moses.exe
2015-11-26 17:40 - 2015-11-19 13:26 - 0004134 _____ () C:\Users\user\AppData\Roaming\shem.jpg
2015-06-24 00:33 - 2015-11-12 21:48 - 0000058 _____ () C:\Users\user\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2015-08-25 18:29 - 2015-08-25 18:29 - 0000000 _____ () C:\Users\user\AppData\Local\{706F095F-B29D-4A09-8D4A-F875D2420C7C}
2015-08-25 18:19 - 2015-08-25 18:19 - 0000000 _____ () C:\Users\user\AppData\Local\{A234AAB2-5E52-4D27-83CE-8487D3CF4C5D}
2015-02-16 13:18 - 2015-02-16 13:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\5B97.exe
C:\Users\user\AppData\Local\Temp\Domdondax.exe
C:\Users\user\AppData\Local\Temp\dotNetFx40_Web_Setup.exe
C:\Users\user\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\user\AppData\Local\Temp\oct1B6C.tmp.exe
C:\Users\user\AppData\Local\Temp\oct3C31.tmp.exe
C:\Users\user\AppData\Local\Temp\oct4FF7.tmp.exe
C:\Users\user\AppData\Local\Temp\oct514.tmp.exe
C:\Users\user\AppData\Local\Temp\oct6787.tmp.exe
C:\Users\user\AppData\Local\Temp\oct948C.tmp.exe
C:\Users\user\AppData\Local\Temp\octA9F3.tmp.exe
C:\Users\user\AppData\Local\Temp\octEBA0.tmp.exe
C:\Users\user\AppData\Local\Temp\Quotestring.exe
C:\Users\user\AppData\Local\Temp\Ruby.exe
C:\Users\user\AppData\Local\Temp\Uninstall.exe
C:\Users\user\AppData\Local\Temp\Zondontech.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-27 11:23

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-11-2015
Ran by user (2015-11-30 19:35:35)
Running from C:\Users\user\Downloads
Windows 8.1 (X64) (2015-05-29 03:37:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-405398818-1581397194-2991210944-500 - Administrator - Disabled)
Guest (S-1-5-21-405398818-1581397194-2991210944-501 - Limited - Disabled)
user (S-1-5-21-405398818-1581397194-2991210944-1001 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Advanced Calendar 2.0 (HKLM\...\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}) (Version: 2.0.0.11061 - TopTools100) <==== ATTENTION
Amazon 1Button App (HKLM-x32\...\{3E69CC95-C0F6-4C74-8F43-74F9046F20B2}) (Version: 1.0.10 - Amazon)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: 3.5.13.70 - ArcSoft)
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - )
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.4505 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DaVinci Resolve (HKLM\...\{131F8AE4-9933-4C05-8C22-87D5160501A6}) (Version: 11.3.1018 - Blackmagic Design)
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
Fotor 2.0.2 (HKLM-x32\...\Fotor) (Version: 2.0.2 - Everimaging Co., Ltd.)
Free Video Compressor (HKLM-x32\...\{01554C33-4131-4BC7-9E6D-AF85E02BDF4F}_is1) (Version: - freevideocompressor.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3910 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.14.2.9 - ClientConnect LTD) <==== ATTENTION
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1320.2_WHQL - Sonix)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.31.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{13BD494D-9ACD-420B-A291-E145DED92EF6}) (Version: 2.6.001.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
LibreOffice 5.0.1.2 (HKLM-x32\...\{927AE35D-72BC-437D-BAC7-EE47D03DEE54}) (Version: 5.0.1.2 - The Document Foundation)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.0.2.0 - Lightworks)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1076 - McAfee, Inc.)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Screenshot Captor 4.12.0 (HKLM-x32\...\ScreenshotCaptor_is1) (Version: - )
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.8.0 - Lenovo Group Limited)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Spotify) (Version: 1.0.18.60.g5fe0413d - Spotify AB)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
Video Balance (HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\{B01B81F4-8E99-6BC4-EFB0-41B64BA5D3F1}) (Version: 1.2.9 - Buzz Virtual corp)
Video Capture Driver Install 64bit 6.0.113 (HKLM-x32\...\{EFEF320F-538D-4314-BCDB-161AE603A9EA}) (Version: 6.0.113 - geniatech)
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wondershare Video Editor(Build 5.1.1) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

11-11-2015 13:02:22 Windows Update
22-11-2015 13:09:10 Scheduled Checkpoint
30-11-2015 17:37:16 Removed DaVinci Resolve

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0042E4A1-C602-49FF-A96A-AD7C83ECE852} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-405398818-1581397194-2991210944-1001 => C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-11-03] (Microsoft Corporation)
Task: {00A51E89-899E-4707-8BC6-B76BB0BDB388} - System32\Tasks\psv_Holdair => cmd.exe /c regedit.exe /s "C:\ProgramData\Solotough\Cofcom.reg" &amp; del "C:\ProgramData\Solotough\Cofcom.reg" &amp; SCHTASKS /Delete /TN "psv_Holdair" /F <==== ATTENTION
Task: {0AFAE707-7C05-4945-A464-5DD51DDB1E0E} - System32\Tasks\{A6111735-B653-471D-91BF-23EDA81C75E0} => pcalua.exe -a "C:\Program Files (x86)\Common Files\SoftHome\uninstall.exe" -c -f "C:\Program Files (x86)\Common Files\SoftHome\uninstall.dat" -a uninstallme 6D4743CF-008D-4A50-8D5B-ED78480F86A5 DeviceId=782441ee-ed3f-b7bc-6d2d-261a946f05c4 BarcodeId=50081003 ChannelId=3 DistributerName=APSFIMonetizer
Task: {0FB4F08C-8729-4618-AFEC-257C236B9AAE} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {1F618DBE-D14E-4F57-9C03-A7CAC9A1E296} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {3B0392EE-693B-4782-ABBD-0A9F3C7DE671} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-09-01] (McAfee, Inc.)
Task: {40A81613-3C81-47AD-843D-550D9BBEB6E6} - System32\Tasks\Pokki => C:\Users\user\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe
Task: {410DFCE0-E38A-4566-9736-C9554D562AB7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {58F8DE4B-975B-4582-A00C-DB2F0539CDFA} - System32\Tasks\psv_Superfresh => cmd.exe /c regedit.exe /s "C:\ProgramData\Solotough\Faxtech.reg" &amp; del "C:\ProgramData\Solotough\Faxtech.reg" &amp; SCHTASKS /Delete /TN "psv_Superfresh" /F <==== ATTENTION
Task: {5CBA88D0-149D-4CCE-BC95-BC8FFC058659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-17] (Google Inc.)
Task: {5E1B6E89-32B8-44A4-AA07-2F1D5804A437} - System32\Tasks\snp => C:\ProgramData\ApphguotoloS\ApphguotoloS.exe [2015-11-29] () <==== ATTENTION
Task: {69A052FA-60CD-4519-84B0-E87502CCF91D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6A519A9F-5808-47AC-9346-9EF1BF6C3E7D} - System32\Tasks\psv_Canfix => cmd.exe /c regedit.exe /s "C:\ProgramData\ApphguotoloS\Villadox.reg" &amp; del "C:\ProgramData\ApphguotoloS\Villadox.reg" &amp; SCHTASKS /Delete /TN "psv_Canfix" /F <==== ATTENTION
Task: {6CEC0E39-9CE7-46DE-9205-A12DB8588111} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {793772A6-78AD-4D53-AD47-D53412C60E6E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-08-19] (Lenovo)
Task: {7B0D50CC-F77B-4850-8529-0B8CFCA19E36} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {9874D8D0-16F7-4153-95C5-4CEEE12DCE7B} - System32\Tasks\psv_Isnix => cmd.exe /c regedit.exe /s "C:\ProgramData\ApphguotoloS\Medfix.reg" &amp; del "C:\ProgramData\ApphguotoloS\Medfix.reg" &amp; SCHTASKS /Delete /TN "psv_Isnix" /F <==== ATTENTION
Task: {9D720787-F4BC-4865-A975-8A81AEF9D822} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-04] (Lenovo)
Task: {A94D406B-674B-4FB1-82B1-2F96A74D0D89} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-07] ()
Task: {AED853EE-B990-4B3C-A3FD-36EDDB7299D8} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-09-04] (Lenovo)
Task: {B760FEB1-125D-4E45-8084-ACAA2100FFC5} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2015-05-06] (McAfee, Inc.)
Task: {BD5266BF-D859-4BF8-AE8E-41FC8F4A0840} - System32\Tasks\Video Balance => Rundll32.exe "C:\Users\user\AppData\Local\Video Balance\{A52D30DE-54D0-EDAB-0134-CE64634DAB11}\VideoBalance.dll",#3
Task: {BFB5167C-90CE-493A-A130-7E9ED2CE10C3} - System32\Tasks\psv_K-Sailphase => cmd.exe /c regedit.exe /s "C:\ProgramData\Solotough\ScotLux.reg" &amp; del "C:\ProgramData\Solotough\ScotLux.reg" &amp; SCHTASKS /Delete /TN "psv_K-Sailphase" /F <==== ATTENTION
Task: {C1070CDC-1096-403F-A06F-FE0A69F0C5DB} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-04] ()
Task: {C168FCE9-7B4A-4EDD-A097-8AA8B15111E8} - System32\Tasks\snf => C:\ProgramData\ApphguotoloS\ApphguotoloS.exe [2015-11-29] () <==== ATTENTION
Task: {CC36F4E3-B59C-4A77-8EAD-0D649DDA6694} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-17] (Google Inc.)
Task: {D06DBF16-C6BC-43D3-9BE5-602F267898A7} - System32\Tasks\psv_Isfinity => cmd.exe /c regedit.exe /s "C:\ProgramData\ApphguotoloS\ZamSiljob.reg" &amp; del "C:\ProgramData\ApphguotoloS\ZamSiljob.reg" &amp; SCHTASKS /Delete /TN "psv_Isfinity" /F <==== ATTENTION
Task: {D91142A6-145D-490F-A403-2DCB2D9B315D} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-09-04] (Lenovo)
Task: {E86E8CD7-6CD0-46F2-868C-28E682768A71} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {EAB782FB-4E8E-4E90-A696-2527F115CD2C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-11-01] (Microsoft Corporation)
Task: {F3168E9E-A2E8-4ADC-B3CC-8739933CB13D} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-09-11] (Maxthon International ltd.)
Task: {F3DD5A64-0223-4C18-B484-3C1127ACC18F} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-04] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-29 18:06 - 2015-11-29 16:40 - 00466944 _____ () C:\ProgramData\ApphguotoloS\ApphguotoloS.exe
2015-11-29 17:26 - 2015-11-29 12:40 - 00466944 _____ () C:\ProgramData\ApplicationHosting\ApplicationHosting.exe
2015-09-24 09:22 - 2015-11-01 02:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-02-16 14:14 - 2012-04-24 10:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-11-23 08:41 - 2015-11-23 08:41 - 00151688 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe
2015-02-16 14:18 - 2015-02-16 14:18 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2015-02-16 14:18 - 2015-02-16 14:18 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2015-11-23 08:42 - 2015-11-23 08:42 - 03999880 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11061\Calendar.exe
2015-11-23 08:42 - 2015-11-23 08:42 - 00158344 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarEntry.dll
2015-11-13 18:17 - 2015-11-01 10:11 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-10-30 06:22 - 2013-10-30 06:22 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-10-30 06:19 - 2013-10-30 06:19 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2015-02-16 13:18 - 2010-10-26 04:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2013-10-30 06:26 - 2013-10-30 06:26 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-02-16 14:09 - 2014-07-10 01:19 - 00592880 _____ () C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
2015-11-29 17:42 - 2015-11-29 17:42 - 00030720 _____ () C:\Users\user\AppData\Local\Video Balance\{A52D30DE-54D0-EDAB-0134-CE64634DAB11}\VideoBalance.dll
2015-11-29 17:42 - 2015-11-29 17:42 - 00010752 _____ () C:\Users\user\AppData\Local\Video Balance\{A52D30DE-54D0-EDAB-0134-CE64634DAB11}\wboy.dll
2015-02-16 14:15 - 2014-07-04 04:35 - 00627672 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2014-07-04 20:35 - 2014-07-04 20:35 - 00016856 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2015-06-21 15:55 - 2014-09-11 17:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-06-21 15:55 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-02-16 13:15 - 2013-09-16 19:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-11-11 23:07 - 2015-11-07 04:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 23:07 - 2015-11-07 04:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2015-11-11 23:07 - 2015-11-07 04:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0ECAEA96-4630-4187-8EFC-E82D557157CC}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{46BB3AC8-8F98-4FCE-9258-309B91CA83E8}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{B1457077-5FA4-4DDE-95FF-6EBB949BC56F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{2E5490DF-B9DA-472D-899B-9ACC34DB5915}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{D9D25109-56FD-482C-97C9-ED02CE582E74}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{ED6D1817-C3DA-4B2E-BE54-7C0B0DFA2454}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{1AB2091F-3328-4E7E-933C-EE99ED17CAD4}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{F5354B0A-6CCF-4260-8842-7540BDA6EEFB}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{9538C028-EEE7-449D-AC27-D3F91AF331D1}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{DA6138B5-3DFC-4460-9BA3-C55F204E83A9}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{15DBDCF2-1D11-43C6-8BB0-56A9EA9EBEB7}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
FirewallRules: [{CC129EC1-A46C-49E6-8ED3-A0B03A4D856F}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{EC455C73-C7AD-4C77-9964-6246A6BBCA10}] => (Allow) LPort=55100
FirewallRules: [{8D4C8E91-897F-47CB-8172-925FABE8559F}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{213D0643-2472-4019-818E-935D778F9B1F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{29C6562B-CCC5-44A3-824A-5028DEF29FE7}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{D194336F-872E-41AF-9D7F-D7D4AB7027CF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{1E464580-992E-487D-BC37-6B0DD358C74F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{795D8815-FFF0-4F86-BE68-5F640E0A1D0C}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{A497AEB3-8B1A-4D41-B638-6B32EA518667}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{AB4527E8-F458-48A7-A909-91F632F4C20D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{7D5E8E93-2113-4CF7-A7AA-7DBE18823F2C}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{8AB1BBCE-EE41-4C8C-87B8-1333EE80FD68}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{D62D6CC0-0EF1-4DDE-B2AC-1F9DAD02DC67}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{93258D2D-0FB6-44A1-8899-6BC28FE224C4}] => (Allow) LPort=2869
FirewallRules: [{2730A6F4-2E02-4CD6-976E-17F8138511B3}] => (Allow) LPort=1900
FirewallRules: [{AFAB9DB2-A968-4D05-8980-F87E70D44B35}] => (Allow) C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{9470777D-35EC-4D83-B8E7-7C8F972020CB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{20ACF1C0-B929-44FB-B283-1187462D9C14}] => (Allow) C:\Program Files (x86)\Lightworks\Lightworks.exe
FirewallRules: [{56C69254-CD6D-40F5-835B-4BB815C205C1}] => (Allow) C:\Program Files (x86)\Lightworks\Lightworks.exe
FirewallRules: [{D0E66874-53A7-444D-AA53-F268C976D39D}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe
FirewallRules: [{DEB63A2F-5DEE-4A37-8513-A191DE435000}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe
FirewallRules: [{7ACDDEFC-D65C-42E5-9893-49B926EA35A9}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{A13F688B-C2B3-4E04-AEAD-7AC1CDE8B921}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{682865A2-48C3-4F33-814E-EE70447D1B89}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{66A7C156-C7C6-42A7-B962-C660865A1BC4}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [TCP Query User{C0F5FF72-8A31-4291-891B-A1FB0D57AA64}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3B5A6EA9-F978-4CFB-8C88-A8E1B8DDFEB9}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{853794CA-EFF3-48F7-8FDE-FAE624D7257B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{5C1705EB-404B-4319-AE68-0E03C0E6CA32}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{9B66572B-7748-4FB8-8A2E-D6C72C50543D}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1D11CFF0-739F-45E9-BA93-CBC804B99DE9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2015 03:01:22 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (11/30/2015 01:48:23 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/30/2015 01:21:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 46.0.2490.86 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1548

Start Time: 01d12ad60317c54e

Termination Time: 570

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: ac3704d8-9700-11e5-82d8-d053495aa0a6

Faulting package full name:

Faulting package-relative application ID:

Error: (11/29/2015 05:27:32 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (11/29/2015 05:26:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DPE.exe, version: 1.0.0.0, time stamp: 0x55c8a75a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffcb25e7a0c
Faulting process id: 0x1afc
Faulting application start time: 0xDPE.exe0
Faulting application path: DPE.exe1
Faulting module path: DPE.exe2
Report Id: DPE.exe3
Faulting package full name: DPE.exe4
Faulting package-relative application ID: DPE.exe5

Error: (11/29/2015 05:26:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DPE.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at A..()
at A..(System.String[])

Error: (11/29/2015 03:01:33 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (11/29/2015 01:21:36 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/28/2015 03:01:23 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (11/28/2015 02:53:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1668

Start Time: 01d129ec528cf9f6

Termination Time: 27

Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Report Id: c97b6af0-95df-11e5-82d3-d053495aa0a6

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (11/30/2015 05:10:29 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.66.
The computer with the IP address 192.168.1.65 did not allow the name to be claimed by
this computer.

Error: (11/29/2015 06:44:14 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LenovouserS-1-5-21-405398818-1581397194-2991210944-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/29/2015 06:44:13 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LenovouserS-1-5-21-405398818-1581397194-2991210944-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/29/2015 06:44:13 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LenovouserS-1-5-21-405398818-1581397194-2991210944-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/29/2015 06:44:13 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LenovouserS-1-5-21-405398818-1581397194-2991210944-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/29/2015 06:44:13 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LenovouserS-1-5-21-405398818-1581397194-2991210944-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/29/2015 06:44:13 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LenovouserS-1-5-21-405398818-1581397194-2991210944-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/29/2015 05:54:43 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/29/2015 05:54:43 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/29/2015 05:54:37 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 32%
Total physical RAM: 8084.27 MB
Available physical RAM: 5445.09 MB
Total Virtual: 10420.27 MB
Available Virtual: 7210.28 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:889.58 GB) (Free:765.52 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D0C16BCC)

Partition: GPT.

==================== End of Addition.txt ============================
Knoxy
Regular Member
 
Posts: 21
Joined: January 13th, 2015, 12:46 pm
Advertisement
Register to Remove

Re: Widows 8 laptop infected with pop ups & browser hijackin

Unread postby Cypher » December 3rd, 2015, 1:00 pm

Hi,
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Widows 8 laptop infected with pop ups & browser hijackin

Unread postby Cypher » December 3rd, 2015, 1:10 pm

Hi and welcome back to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

I'm sorry to say this is my second time on here this year thanks to my teenage son downloading free video editing software yet again!

Your son did a good job of infecting the computer this time, lets start to clean it up.

Uninstall programs

  • From the top or bottom right corner... a widget panel appears, select Settings.
  • Select, click Control Panel to open.
  • Depending on your current view setting ...
    • Double click on Programs and Features.
      or
    • Under Programs, click on Uninstall a program.
  • Locate the following program(s):
    Advanced Calendar 2.0
    Lenovo Browser Guard
    Setup (HKLM-x32
  • Select the program and click on Uninstall to uninstall it.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
  • Repeat steps 4 - 5 for each program in the list. When finished... Close the Control Panel window.

Next

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    () C:\ProgramData\ApphguotoloS\ApphguotoloS.exe
    () C:\ProgramData\ApplicationHosting\ApplicationHosting.exe
    () C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe
    (drms media group) C:\Windows\Updatesvc.exe
    () C:\Program Files (x86)\CalendarTool\2.0.0.11061\calendar.exe
    () C:\ProgramData\ApphguotoloS\ApphguotoloS.exe
    (ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe
    (ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\cltmng.exe
    (ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\UI\bin\cltmngui.exe
    HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\MountPoints2: {71af1188-3f5d-11e5-827f-d053495aa0a6} - "F:\Startme.exe"
    AppInit_DLLs: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll [206152 2014-07-22] (ClientConnect LTD)
    AppInit_DLLs: C:\ProgramData\ApphguotoloS\WhiteCom.dll => C:\ProgramData\ApphguotoloS\WhiteCom.dll [518656 2015-11-29] ()
    AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll [173896 2014-07-22] (ClientConnect LTD)
    AppInit_DLLs-x32: C:\ProgramData\ApphguotoloS\Aireco.dll => C:\ProgramData\ApphguotoloS\Aireco.dll [320512 2015-11-29] ()
    Winsock: Catalog9 01 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
    Winsock: Catalog9 02 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
    Winsock: Catalog9 03 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
    Winsock: Catalog9 04 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
    Winsock: Catalog9 05 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
    Winsock: Catalog9 06 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
    Winsock: Catalog9 07 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
    Winsock: Catalog9 08 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
    Winsock: Catalog9 09 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
    Winsock: Catalog9 10 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
    Winsock: Catalog9 22 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
    Winsock: Catalog9-x64 01 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
    Winsock: Catalog9-x64 02 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
    Winsock: Catalog9-x64 03 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
    Winsock: Catalog9-x64 04 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
    Winsock: Catalog9-x64 05 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
    Winsock: Catalog9-x64 06 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
    Winsock: Catalog9-x64 07 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
    Winsock: Catalog9-x64 08 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
    Winsock: Catalog9-x64 09 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
    Winsock: Catalog9-x64 10 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
    Winsock: Catalog9-x64 22 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
    HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q= {searchTerms}
    HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... 2a1LoNPwg, ,
    HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q= {searchTerms}
    HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q= {searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q= {searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q= {searchTerms}
    SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q= {searchTerms}
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... 3DGpJCDLQ, ,
    R2 ApphguotoloS; C:\ProgramData\\ApphguotoloS\\ApphguotoloS.exe [466944 2015-11-29] () [File not signed]
    R2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe [466944 2015-11-29] () [File not signed]
    R2 CltMngSvc; C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe [2538824 2014-07-22] (ClientConnect LTD)
    R2 UpdateSvc; C:\windows\Updatesvc.exe [221184 2015-07-27] (drms media group) [File not signed]
    R1 swsedrvr_vw_1_10_0_25; system32\drivers\swsedrvr_vw_1_10_0_25.sys [X]
    2015-11-29 18:06 - 2015-11-29 19:20 - 00000000 ____D C:\ProgramData\ApphguotoloS
    2015-11-29 18:06 - 2015-11-29 18:06 - 00003604 _____ C:\windows\System32\Tasks\snp
    2015-11-29 18:06 - 2015-11-29 18:06 - 00003290 _____ C:\windows\System32\Tasks\psv_Isfinity
    2015-11-29 18:06 - 2015-11-29 18:06 - 00003282 _____ C:\windows\System32\Tasks\psv_Canfix
    2015-11-29 18:06 - 2015-11-29 18:06 - 00003272 _____ C:\windows\System32\Tasks\psv_Isnix
    2015-11-29 18:06 - 2015-11-29 18:06 - 00003240 _____ C:\windows\System32\Tasks\snf
    2015-11-29 18:06 - 2015-11-29 18:06 - 00000000 ____D C:\ProgramData\ApphguotoloSs
    2015-11-29 18:02 - 2015-11-29 18:02 - 00003264 _____ C:\windows\System32\Tasks\psv_Holdair
    2015-11-29 18:00 - 2015-11-29 18:00 - 00003562 _____ C:\windows\System32\Tasks\{A6111735-B653-471D-91BF-23EDA81C75E0}
    2015-11-29 17:56 - 2015-11-29 17:56 - 00003274 _____ C:\windows\System32\Tasks\psv_Superfresh
    2015-11-29 17:42 - 2015-11-29 17:42 - 00003136 _____ C:\windows\System32\Tasks\Video Balance
    2015-11-29 17:31 - 2015-11-29 17:31 - 00003276 _____ C:\windows\System32\Tasks\psv_K-Sailphase
    2015-11-29 17:29 - 2015-11-29 17:29 - 00000000 ____D C:\ProgramData\tXCBvhCCZ
    2015-11-29 17:28 - 2015-11-30 17:31 - 00000000 ____D C:\Users\user\AppData\Roaming\CalendarTool
    2015-11-29 17:28 - 2015-11-29 17:28 - 00000000 ____D C:\Program Files (x86)\CalendarTool
    2015-11-29 17:21 - 2015-07-27 18:52 - 00221184 _____ (drms media group) C:\windows\Updatesvc.exe
    2015-11-29 17:21 - 2015-07-27 18:51 - 00270848 _____ (drms media group) C:\windows\Provider.dll
    2015-11-29 17:21 - 2015-07-27 18:51 - 00102912 _____ (drms media group) C:\windows\Installer.exe
    C:\Users\user\AppData\Local\Temp\5B97.exe
    C:\Users\user\AppData\Local\Temp\Domdondax.exe
    C:\Users\user\AppData\Local\Temp\dotNetFx40_Web_Setup.exe
    C:\Users\user\AppData\Local\Temp\LenovoExperienceImprovement.exe
    C:\Users\user\AppData\Local\Temp\oct1B6C.tmp.exe
    C:\Users\user\AppData\Local\Temp\oct3C31.tmp.exe
    C:\Users\user\AppData\Local\Temp\oct4FF7.tmp.exe
    C:\Users\user\AppData\Local\Temp\oct514.tmp.exe
    C:\Users\user\AppData\Local\Temp\oct6787.tmp.exe
    C:\Users\user\AppData\Local\Temp\oct948C.tmp.exe
    C:\Users\user\AppData\Local\Temp\octA9F3.tmp.exe
    C:\Users\user\AppData\Local\Temp\octEBA0.tmp.exe
    C:\Users\user\AppData\Local\Temp\Quotestring.exe
    C:\Users\user\AppData\Local\Temp\Ruby.exe
    C:\Users\user\AppData\Local\Temp\Uninstall.exe
    C:\Users\user\AppData\Local\Temp\Zondontech.exe
    Task: {00A51E89-899E-4707-8BC6-B76BB0BDB388} - System32\Tasks\psv_Holdair => cmd.exe /c regedit.exe /s "C:\ProgramData\Solotough\Cofcom.reg" &amp; del "C:\ProgramData\Solotough\Cofcom.reg" &amp; SCHTASKS /Delete /TN "psv_Holdair" /F <==== ATTENTION
    Task: {58F8DE4B-975B-4582-A00C-DB2F0539CDFA} - System32\Tasks\psv_Superfresh => cmd.exe /c regedit.exe /s "C:\ProgramData\Solotough\Faxtech.reg" &amp; del "C:\ProgramData\Solotough\Faxtech.reg" &amp; SCHTASKS /Delete /TN "psv_Superfresh" /F <==== ATTENTION
    Task: {5E1B6E89-32B8-44A4-AA07-2F1D5804A437} - System32\Tasks\snp => C:\ProgramData\ApphguotoloS\ApphguotoloS.exe [2015-11-29] () <==== ATTENTION
    Task: {6A519A9F-5808-47AC-9346-9EF1BF6C3E7D} - System32\Tasks\psv_Canfix => cmd.exe /c regedit.exe /s "C:\ProgramData\ApphguotoloS\Villadox.reg" &amp; del "C:\ProgramData\ApphguotoloS\Villadox.reg" &amp; SCHTASKS /Delete /TN "psv_Canfix" /F <==== ATTENTION
    Task: {9874D8D0-16F7-4153-95C5-4CEEE12DCE7B} - System32\Tasks\psv_Isnix => cmd.exe /c regedit.exe /s "C:\ProgramData\ApphguotoloS\Medfix.reg" &amp; del "C:\ProgramData\ApphguotoloS\Medfix.reg" &amp; SCHTASKS /Delete /TN "psv_Isnix" /F <==== ATTENTION
    Task: {BFB5167C-90CE-493A-A130-7E9ED2CE10C3} - System32\Tasks\psv_K-Sailphase => cmd.exe /c regedit.exe /s "C:\ProgramData\Solotough\ScotLux.reg" &amp; del "C:\ProgramData\Solotough\ScotLux.reg" &amp; SCHTASKS /Delete /TN "psv_K-Sailphase" /F <==== ATTENTION
    Task: {C168FCE9-7B4A-4EDD-A097-8AA8B15111E8} - System32\Tasks\snf => C:\ProgramData\ApphguotoloS\ApphguotoloS.exe [2015-11-29] () <==== ATTENTION
    Task: {D06DBF16-C6BC-43D3-9BE5-602F267898A7} - System32\Tasks\psv_Isfinity => cmd.exe /c regedit.exe /s "C:\ProgramData\ApphguotoloS\ZamSiljob.reg" &amp; del "C:\ProgramData\ApphguotoloS\ZamSiljob.reg" &amp; SCHTASKS /Delete /TN "psv_Isfinity" /F <==== ATTENTION
    
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe to your Downloads folder as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Next.

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, Uncheck enable free trial of Malwarebytes' Anti-Malware, (You can activate this when we've finished, if you wish)
  • Then click Finish.
  • You'll see an alert that "Databases out of date" Click the "Update Now" button.
  • Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  • Press the Scan Now >> button.
  • When the scan is finished:
  • If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!"
  • If infections were found, click the Quarantine all button.
  • Press the View detailed log >> link to display the results log.
  • Press the Copy to Clipboard button.
  • Copy and paste the scan results in your next reply and exit MBAM.

Next.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished click on Clean.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Logs/Information to Post in your Next Reply

  • FRST.txt Fixlog.txt.
  • Malwarebytes log.
  • AdwCleaner log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Widows 8 laptop infected with pop ups & browser hijackin

Unread postby Knoxy » December 4th, 2015, 3:36 pm

Hi Cypher,

Thank you for taking the time to help me again, there was one program that I couldn't find listed so was unable to uninstall it, it was Setup (HKLM-x32.
The laptop seems to be working fine, there are no pop-ups or adverts and the browser isn't being redirected. The logs are below.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
Ran by user (administrator) on LENOVO (30-11-2015 19:33:39)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\ProgramData\ApphguotoloS\ApphguotoloS.exe
() C:\ProgramData\ApplicationHosting\ApplicationHosting.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe
(drms media group) C:\Windows\Updatesvc.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\calendar.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
() C:\ProgramData\ApphguotoloS\ApphguotoloS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\lenovo\Lenovo Solution Center\LSCNotify.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\cltmng.exe
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\UI\bin\cltmngui.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2015-02-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2015-02-16] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [snp2uvc] => C:\windows\vsnp2uvc.exe
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-10-30] (Qualcomm®Atheros®)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-19] (Spotify Ltd)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-16] (Skype Technologies S.A.)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [8281920 2015-11-19] (Spotify Ltd)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\MountPoints2: {71af1188-3f5d-11e5-827f-d053495aa0a6} - "F:\Startme.exe"
AppInit_DLLs: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll [206152 2014-07-22] (ClientConnect LTD)
AppInit_DLLs: C:\ProgramData\ApphguotoloS\WhiteCom.dll => C:\ProgramData\ApphguotoloS\WhiteCom.dll [518656 2015-11-29] ()
AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll [173896 2014-07-22] (ClientConnect LTD)
AppInit_DLLs-x32: C:\ProgramData\ApphguotoloS\Aireco.dll => C:\ProgramData\ApphguotoloS\Aireco.dll [320512 2015-11-29] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 02 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 03 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 04 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 05 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 06 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 07 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 08 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 09 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 10 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 22 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9-x64 01 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 02 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 03 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 04 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 05 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 06 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 07 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 08 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 09 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 10 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 22 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A016F4B3-C826-4443-9904-47B32C379E4F}: [DhcpNameServer] 150.204.1.2
Tcpip\..\Interfaces\{B6A128FB-AFDC-478E-B606-27388FEFB41B}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... 2a1LoNPwg,,
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> {09F5A092-1826-11E5-8266-D053495AA0A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-05-13] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-06-27] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... 3DGpJCDLQ,,
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-17]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-17]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-17]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-17]
CHR Extension: (Video Balance) - C:\Users\user\AppData\Local\Video Balance\Component [2015-11-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ApphguotoloS; C:\ProgramData\\ApphguotoloS\\ApphguotoloS.exe [466944 2015-11-29] () [File not signed]
R2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe [466944 2015-11-29] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [317568 2013-10-30] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-10] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe [2538824 2014-07-22] (ClientConnect LTD)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-08-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-23] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-07] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-02-16] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-04] ()
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1871784 2015-08-30] (Maxthon)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe [151688 2015-11-23] ()
R2 UpdateSvc; C:\windows\Updatesvc.exe [221184 2015-07-27] (drms media group) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2015-02-16] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-10-30] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-30] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 CXPLRCAP; C:\Windows\system32\drivers\CxPlrCap.sys [236672 2014-08-26] (Conexant Systems, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [24808 2013-12-06] (Lenovo Group Limited (R))
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [2852504 2013-12-21] (Sonix Co. Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R1 swsedrvr_vw_1_10_0_25; system32\drivers\swsedrvr_vw_1_10_0_25.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-30 19:33 - 2015-11-30 19:34 - 00028648 _____ C:\Users\user\Downloads\FRST.txt
2015-11-30 19:33 - 2015-11-30 19:33 - 00000000 ____D C:\FRST
2015-11-30 19:30 - 2015-11-30 19:31 - 02350080 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2015-11-30 17:42 - 2015-11-30 17:42 - 00000136 _____ C:\windows\version.ini
2015-11-29 19:43 - 2015-11-29 19:43 - 00000512 _____ C:\windows\ads.js
2015-11-29 18:06 - 2015-11-29 19:20 - 00000000 ____D C:\ProgramData\ApphguotoloS
2015-11-29 18:06 - 2015-11-29 18:06 - 00003604 _____ C:\windows\System32\Tasks\snp
2015-11-29 18:06 - 2015-11-29 18:06 - 00003290 _____ C:\windows\System32\Tasks\psv_Isfinity
2015-11-29 18:06 - 2015-11-29 18:06 - 00003282 _____ C:\windows\System32\Tasks\psv_Canfix
2015-11-29 18:06 - 2015-11-29 18:06 - 00003272 _____ C:\windows\System32\Tasks\psv_Isnix
2015-11-29 18:06 - 2015-11-29 18:06 - 00003240 _____ C:\windows\System32\Tasks\snf
2015-11-29 18:06 - 2015-11-29 18:06 - 00000000 ____D C:\ProgramData\ApphguotoloSs
2015-11-29 18:02 - 2015-11-29 18:02 - 00003264 _____ C:\windows\System32\Tasks\psv_Holdair
2015-11-29 18:00 - 2015-11-29 18:00 - 00003562 _____ C:\windows\System32\Tasks\{A6111735-B653-471D-91BF-23EDA81C75E0}
2015-11-29 17:56 - 2015-11-29 17:56 - 00003274 _____ C:\windows\System32\Tasks\psv_Superfresh
2015-11-29 17:42 - 2015-11-29 17:42 - 00003136 _____ C:\windows\System32\Tasks\Video Balance
2015-11-29 17:42 - 2015-11-29 17:42 - 00000000 ____D C:\Users\user\AppData\Local\Video Balance
2015-11-29 17:31 - 2015-11-29 17:31 - 00003276 _____ C:\windows\System32\Tasks\psv_K-Sailphase
2015-11-29 17:29 - 2015-11-29 17:29 - 00000000 ____D C:\ProgramData\tXCBvhCCZ
2015-11-29 17:29 - 2015-11-29 17:29 - 00000000 ____D C:\ProgramData\HealthAlert
2015-11-29 17:28 - 2015-11-30 17:31 - 00000000 ____D C:\Users\user\AppData\Roaming\CalendarTool
2015-11-29 17:28 - 2015-11-29 17:28 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-11-29 17:28 - 2015-11-29 17:28 - 00000000 ____D C:\Program Files (x86)\CalendarTool
2015-11-29 17:27 - 2015-11-29 18:06 - 00002389 _____ C:\windows\SysWOW64\findit.xml
2015-11-29 17:27 - 2015-11-29 17:27 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2015-11-29 17:27 - 2015-11-29 17:27 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-11-29 17:27 - 2015-11-29 17:27 - 00000000 ____D C:\ProgramData\Solotoughs
2015-11-29 17:26 - 2015-11-29 18:48 - 00000000 ____D C:\Users\user\AppData\Local\EFA41481-1448817998-11E4-A961-68F7288A9A41
2015-11-29 17:26 - 2015-11-29 18:05 - 00000000 ____D C:\ProgramData\ApplicationHosting
2015-11-29 17:25 - 2015-11-29 17:25 - 00000000 ____D C:\Users\user\Documents\DailyPCClean
2015-11-29 17:25 - 2015-11-29 17:25 - 00000000 ____D C:\Program Files (x86)\EFA41481-1448817932-11E4-A961-68F7288A9A41
2015-11-29 17:24 - 2015-11-29 18:00 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support
2015-11-29 17:21 - 2015-11-29 17:21 - 00000000 ____D C:\windows\Provider32
2015-11-29 17:21 - 2015-11-29 17:21 - 00000000 ____D C:\Program Files (x86)\UniqueApps
2015-11-29 17:21 - 2015-07-27 18:52 - 00221184 _____ (drms media group) C:\windows\Updatesvc.exe
2015-11-29 17:21 - 2015-07-27 18:51 - 00270848 _____ (drms media group) C:\windows\Provider.dll
2015-11-29 17:21 - 2015-07-27 18:51 - 00102912 _____ (drms media group) C:\windows\Installer.exe
2015-11-29 17:19 - 2015-11-29 17:19 - 00166799 _____ C:\Users\user\Desktop\adobe-lightroom-6.exe
2015-11-29 17:08 - 2015-11-29 17:08 - 23532272 _____ C:\Users\user\Downloads\_MG_4591.CR2
2015-11-29 16:45 - 2015-11-29 17:07 - 156258182 _____ C:\Users\user\Downloads\wetransfer-f73987.zip
2015-11-29 16:13 - 2015-11-29 16:43 - 200728550 _____ C:\Users\user\Downloads\wetransfer-bba56b.zip
2015-11-29 16:11 - 2015-11-29 17:03 - 285761018 _____ C:\Users\user\Downloads\wetransfer-02867c.zip
2015-11-28 14:49 - 2015-11-28 14:55 - 126364805 _____ C:\Users\user\Desktop\Popping to Asda.mp4
2015-11-28 14:26 - 2015-11-30 15:12 - 00000000 ____D C:\Users\user\Desktop\Alge videos
2015-11-26 21:29 - 2015-11-26 21:30 - 00000000 ____D C:\Users\user\Desktop\from 1gb card
2015-11-26 17:40 - 2015-11-19 13:27 - 00000428 _____ C:\Users\user\AppData\Roaming\ham.txt
2015-11-26 17:39 - 2015-11-26 17:39 - 00042496 _____ C:\Users\user\AppData\Roaming\Moses.dat
2015-11-26 17:39 - 2015-11-26 17:39 - 00005568 _____ C:\Users\user\AppData\Roaming\md.xml
2015-11-26 17:37 - 2015-11-29 16:40 - 00466944 _____ C:\Users\user\AppData\Roaming\moses.exe
2015-11-26 09:34 - 2015-11-29 16:40 - 09545216 _____ C:\Users\user\AppData\Roaming\agent.dat
2015-11-26 09:34 - 2015-11-29 16:40 - 00060000 _____ C:\Users\user\AppData\Roaming\Config.xml
2015-11-26 09:34 - 2015-11-29 16:40 - 00017920 _____ C:\Users\user\AppData\Roaming\Main.dat
2015-11-23 16:34 - 2015-11-23 16:39 - 61408366 _____ C:\Users\user\Downloads\wetransfer-76339f.zip
2015-11-19 20:33 - 2015-11-19 20:33 - 00033529 _____ C:\Users\user\Downloads\CUMmxBDWcAAQgjf.jpg-large
2015-11-13 12:47 - 2015-11-03 00:23 - 00810488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-13 12:47 - 2015-11-03 00:23 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 18:22 - 2015-11-11 18:23 - 00000000 ____D C:\Users\user\Desktop\Alan's phone
2015-11-11 14:32 - 2015-11-11 23:41 - 00029391 _____ C:\Users\user\Desktop\Untitled 1.odt
2015-11-11 12:36 - 2015-10-30 23:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-11 12:36 - 2015-10-30 23:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-11 12:36 - 2015-10-30 23:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-11 12:36 - 2015-10-30 23:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-11 12:36 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-11 12:36 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-11 12:36 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-11 12:36 - 2015-10-30 22:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-11 12:36 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-11 12:36 - 2015-10-20 21:54 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-11 12:36 - 2015-10-20 14:53 - 03705856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-11 12:36 - 2015-10-20 14:36 - 02243072 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-11 12:36 - 2015-10-20 14:35 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-11 12:36 - 2015-10-20 14:34 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-11-11 12:36 - 2015-10-20 14:34 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-11 12:36 - 2015-10-20 14:34 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-11 12:36 - 2015-10-20 14:33 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-11 12:36 - 2015-10-20 14:14 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-11 12:36 - 2015-10-20 14:13 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-11 12:36 - 2015-10-20 14:13 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-11 12:36 - 2015-10-20 14:13 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-11 12:36 - 2015-10-15 16:08 - 00990208 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-11 12:36 - 2015-10-15 15:46 - 00803328 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-11 12:36 - 2015-10-14 23:02 - 07455064 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-11 12:36 - 2015-10-14 23:02 - 01659560 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-11-11 12:36 - 2015-10-14 23:02 - 01519592 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-11-11 12:36 - 2015-10-14 23:02 - 01487008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-11-11 12:36 - 2015-10-14 23:02 - 01355848 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-11-11 12:36 - 2015-10-13 17:10 - 00559616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 12:36 - 2015-10-13 17:10 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 12:36 - 2015-10-13 15:59 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00120376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00106952 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00091416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2015-11-11 12:36 - 2015-10-11 06:36 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-11 12:36 - 2015-10-11 06:36 - 00177496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-11 12:36 - 2015-10-10 18:40 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-11 12:36 - 2015-10-10 18:39 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-11 12:36 - 2015-10-10 18:07 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-11-11 12:36 - 2015-10-10 17:33 - 01441280 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-11 12:36 - 2015-10-10 17:27 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-11 12:36 - 2015-10-10 17:11 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-11-11 12:36 - 2015-10-10 16:45 - 00359424 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-11 12:36 - 2015-09-29 12:24 - 00155480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2015-11-11 12:36 - 2015-09-12 13:47 - 00414559 _____ C:\windows\system32\ApnDatabase.xml
2015-11-11 12:36 - 2015-09-07 16:22 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-11-11 12:36 - 2015-09-07 15:54 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-11-11 12:36 - 2015-09-07 15:30 - 01091584 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-11-11 12:36 - 2015-09-04 19:24 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tunnel.sys
2015-11-11 12:36 - 2015-08-28 22:20 - 00183368 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2015-11-11 12:36 - 2015-08-20 20:45 - 01380048 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-11-11 12:36 - 2015-08-20 17:48 - 01096704 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-11-11 12:36 - 2014-11-05 01:41 - 00558080 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2015-11-11 12:36 - 2014-11-05 01:18 - 00507392 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2015-11-11 12:35 - 2015-10-30 23:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-11 12:35 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-11 12:35 - 2015-10-30 22:39 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-11-11 12:35 - 2015-10-30 22:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-11 12:35 - 2015-10-30 22:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-11 12:35 - 2015-10-30 22:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-11 12:35 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-11 12:35 - 2015-10-30 22:14 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-11-11 12:35 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-11 12:35 - 2015-10-30 22:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-11 12:35 - 2015-10-30 21:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-11 12:35 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-11 12:35 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-11 12:35 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-11 12:35 - 2015-10-08 16:08 - 01083904 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2015-11-11 12:35 - 2015-08-10 18:15 - 00845312 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2015-11-11 12:35 - 2015-08-10 18:06 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2015-11-11 12:35 - 2015-08-10 17:49 - 00713216 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2015-11-11 12:35 - 2015-08-10 16:56 - 00272384 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 12:35 - 2015-08-10 16:46 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2015-11-11 12:35 - 2014-11-10 18:06 - 00136512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2015-11-11 12:34 - 2015-10-17 14:19 - 04176384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-08 23:43 - 2015-11-09 01:30 - 1135651626 _____ C:\Users\user\Downloads\wetransfer-2e0a9d.zip
2015-11-02 21:55 - 2015-11-02 22:13 - 184678334 _____ C:\Users\user\Downloads\wetransfer-71bae5.zip
2015-11-01 19:57 - 2015-11-01 20:11 - 183707018 _____ C:\Users\user\Downloads\wetransfer-99bf50.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-30 19:33 - 2013-08-22 13:36 - 00000000 ____D C:\Windows
2015-11-30 19:04 - 2015-06-17 12:41 - 00000920 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-30 17:28 - 2015-05-29 03:45 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-405398818-1581397194-2991210944-1001
2015-11-30 14:39 - 2014-03-18 09:53 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-30 14:39 - 2013-08-22 13:36 - 00000000 ____D C:\windows\Inf
2015-11-30 13:29 - 2015-06-17 10:32 - 00003914 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{63C84DC5-E145-4787-BEDA-824EAF71F58D}
2015-11-29 18:44 - 2015-06-17 12:41 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-29 18:43 - 2013-08-22 14:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-29 18:42 - 2015-06-22 11:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2015-11-29 18:42 - 2015-02-16 14:18 - 00008704 _____ C:\windows\system32\VfService.trf
2015-11-29 18:06 - 2015-06-17 12:44 - 00002226 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-29 18:06 - 2015-05-29 03:39 - 00001441 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-29 18:02 - 2015-06-22 11:06 - 00000000 ____D C:\Users\user\AppData\Local\Spotify
2015-11-29 17:26 - 2015-06-24 10:14 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2015-11-29 14:58 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-11-28 12:44 - 2015-06-23 16:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-22 13:54 - 2013-08-22 15:36 - 00000000 ____D C:\windows\AppReadiness
2015-11-13 19:19 - 2013-08-22 15:36 - 00000000 ____D C:\windows\rescache
2015-11-13 18:22 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-13 18:19 - 2015-02-16 14:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-13 12:53 - 2013-08-22 14:44 - 00543888 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-13 12:45 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-11-13 12:43 - 2015-02-16 14:11 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-11-13 12:42 - 2013-08-22 15:36 - 00000000 ___RD C:\windows\ToastData
2015-11-12 21:48 - 2015-06-24 00:33 - 00000058 _____ C:\Users\user\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2015-11-12 13:43 - 2013-08-22 15:20 - 00000000 ____D C:\windows\CbsTemp
2015-11-12 13:30 - 2015-06-17 12:19 - 00000000 ____D C:\windows\system32\MRT
2015-11-12 13:21 - 2015-06-17 12:19 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-11 20:41 - 2015-05-29 03:40 - 00000000 ____D C:\Users\user\Documents\Bluetooth Folder
2015-11-11 18:18 - 2015-02-16 14:11 - 00000000 ____D C:\ProgramData\McAfee
2015-11-11 13:42 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-09 19:54 - 2015-07-17 16:57 - 00000000 ____D C:\Users\user\Desktop\Aidy's stuff
2015-11-09 15:46 - 2015-07-21 23:23 - 00003348 _____ C:\windows\System32\Tasks\McAfee Remediation (Prepare)
2015-11-03 13:03 - 2015-06-22 15:34 - 00003090 _____ C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-405398818-1581397194-2991210944-1001
2015-11-03 13:03 - 2015-06-22 15:34 - 00000000 ___RD C:\Users\user\OneDrive
2015-11-02 19:14 - 2013-08-22 15:36 - 00000000 ____D C:\windows\system32\NDF
2015-11-01 20:42 - 2015-06-23 16:54 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2015-11-26 09:34 - 2015-11-29 16:40 - 9545216 _____ () C:\Users\user\AppData\Roaming\agent.dat
2015-11-26 09:34 - 2015-11-29 16:40 - 0060000 _____ () C:\Users\user\AppData\Roaming\Config.xml
2015-11-26 17:40 - 2015-11-19 13:27 - 0000428 _____ () C:\Users\user\AppData\Roaming\ham.txt
2015-11-26 09:34 - 2015-11-29 16:40 - 0017920 _____ () C:\Users\user\AppData\Roaming\Main.dat
2015-11-26 17:39 - 2015-11-26 17:39 - 0005568 _____ () C:\Users\user\AppData\Roaming\md.xml
2015-11-26 17:39 - 2015-11-26 17:39 - 0042496 _____ () C:\Users\user\AppData\Roaming\Moses.dat
2015-11-26 17:37 - 2015-11-29 16:40 - 0466944 _____ () C:\Users\user\AppData\Roaming\moses.exe
2015-11-26 17:40 - 2015-11-19 13:26 - 0004134 _____ () C:\Users\user\AppData\Roaming\shem.jpg
2015-06-24 00:33 - 2015-11-12 21:48 - 0000058 _____ () C:\Users\user\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2015-08-25 18:29 - 2015-08-25 18:29 - 0000000 _____ () C:\Users\user\AppData\Local\{706F095F-B29D-4A09-8D4A-F875D2420C7C}
2015-08-25 18:19 - 2015-08-25 18:19 - 0000000 _____ () C:\Users\user\AppData\Local\{A234AAB2-5E52-4D27-83CE-8487D3CF4C5D}
2015-02-16 13:18 - 2015-02-16 13:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\5B97.exe
C:\Users\user\AppData\Local\Temp\Domdondax.exe
C:\Users\user\AppData\Local\Temp\dotNetFx40_Web_Setup.exe
C:\Users\user\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\user\AppData\Local\Temp\oct1B6C.tmp.exe
C:\Users\user\AppData\Local\Temp\oct3C31.tmp.exe
C:\Users\user\AppData\Local\Temp\oct4FF7.tmp.exe
C:\Users\user\AppData\Local\Temp\oct514.tmp.exe
C:\Users\user\AppData\Local\Temp\oct6787.tmp.exe
C:\Users\user\AppData\Local\Temp\oct948C.tmp.exe
C:\Users\user\AppData\Local\Temp\octA9F3.tmp.exe
C:\Users\user\AppData\Local\Temp\octEBA0.tmp.exe
C:\Users\user\AppData\Local\Temp\Quotestring.exe
C:\Users\user\AppData\Local\Temp\Ruby.exe
C:\Users\user\AppData\Local\Temp\Uninstall.exe
C:\Users\user\AppData\Local\Temp\Zondontech.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-27 11:23

==================== End of FRST.txt ============================


Fix result of Farbar Recovery Scan Tool (x64) Version:30-11-2015
Ran by user (2015-12-04 18:05:55) Run:1
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================

fixlist content:
*****************
() C:\ProgramData\ApphguotoloS\ApphguotoloS.exe
() C:\ProgramData\ApplicationHosting\ApplicationHosting.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe
(drms media group) C:\Windows\Updatesvc.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\calendar.exe
() C:\ProgramData\ApphguotoloS\ApphguotoloS.exe
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\cltmng.exe
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\UI\bin\cltmngui.exe
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\MountPoints2: {71af1188-3f5d-11e5-827f-d053495aa0a6} - "F:\Startme.exe"
AppInit_DLLs: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll [206152 2014-07-22] (ClientConnect LTD)
AppInit_DLLs: C:\ProgramData\ApphguotoloS\WhiteCom.dll => C:\ProgramData\ApphguotoloS\WhiteCom.dll [518656 2015-11-29] ()
AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll [173896 2014-07-22] (ClientConnect LTD)
AppInit_DLLs-x32: C:\ProgramData\ApphguotoloS\Aireco.dll => C:\ProgramData\ApphguotoloS\Aireco.dll [320512 2015-11-29] ()
Winsock: Catalog9 01 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 02 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 03 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 04 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 05 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 06 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 07 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 08 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 09 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 10 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 22 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9-x64 01 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 02 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 03 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 04 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 05 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 06 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 07 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 08 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 09 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 10 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 22 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q= {searchTerms}
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... 2a1LoNPwg, ,
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q= {searchTerms}
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q= {searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q= {searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q= {searchTerms}
SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q= {searchTerms}
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... 3DGpJCDLQ, ,
R2 ApphguotoloS; C:\ProgramData\\ApphguotoloS\\ApphguotoloS.exe [466944 2015-11-29] () [File not signed]
R2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe [466944 2015-11-29] () [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe [2538824 2014-07-22] (ClientConnect LTD)
R2 UpdateSvc; C:\windows\Updatesvc.exe [221184 2015-07-27] (drms media group) [File not signed]
R1 swsedrvr_vw_1_10_0_25; system32\drivers\swsedrvr_vw_1_10_0_25.sys [X]
2015-11-29 18:06 - 2015-11-29 19:20 - 00000000 ____D C:\ProgramData\ApphguotoloS
2015-11-29 18:06 - 2015-11-29 18:06 - 00003604 _____ C:\windows\System32\Tasks\snp
2015-11-29 18:06 - 2015-11-29 18:06 - 00003290 _____ C:\windows\System32\Tasks\psv_Isfinity
2015-11-29 18:06 - 2015-11-29 18:06 - 00003282 _____ C:\windows\System32\Tasks\psv_Canfix
2015-11-29 18:06 - 2015-11-29 18:06 - 00003272 _____ C:\windows\System32\Tasks\psv_Isnix
2015-11-29 18:06 - 2015-11-29 18:06 - 00003240 _____ C:\windows\System32\Tasks\snf
2015-11-29 18:06 - 2015-11-29 18:06 - 00000000 ____D C:\ProgramData\ApphguotoloSs
2015-11-29 18:02 - 2015-11-29 18:02 - 00003264 _____ C:\windows\System32\Tasks\psv_Holdair
2015-11-29 18:00 - 2015-11-29 18:00 - 00003562 _____ C:\windows\System32\Tasks\{A6111735-B653-471D-91BF-23EDA81C75E0}
2015-11-29 17:56 - 2015-11-29 17:56 - 00003274 _____ C:\windows\System32\Tasks\psv_Superfresh
2015-11-29 17:42 - 2015-11-29 17:42 - 00003136 _____ C:\windows\System32\Tasks\Video Balance
2015-11-29 17:31 - 2015-11-29 17:31 - 00003276 _____ C:\windows\System32\Tasks\psv_K-Sailphase
2015-11-29 17:29 - 2015-11-29 17:29 - 00000000 ____D C:\ProgramData\tXCBvhCCZ
2015-11-29 17:28 - 2015-11-30 17:31 - 00000000 ____D C:\Users\user\AppData\Roaming\CalendarTool
2015-11-29 17:28 - 2015-11-29 17:28 - 00000000 ____D C:\Program Files (x86)\CalendarTool
2015-11-29 17:21 - 2015-07-27 18:52 - 00221184 _____ (drms media group) C:\windows\Updatesvc.exe
2015-11-29 17:21 - 2015-07-27 18:51 - 00270848 _____ (drms media group) C:\windows\Provider.dll
2015-11-29 17:21 - 2015-07-27 18:51 - 00102912 _____ (drms media group) C:\windows\Installer.exe
C:\Users\user\AppData\Local\Temp\5B97.exe
C:\Users\user\AppData\Local\Temp\Domdondax.exe
C:\Users\user\AppData\Local\Temp\dotNetFx40_Web_Setup.exe
C:\Users\user\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\user\AppData\Local\Temp\oct1B6C.tmp.exe
C:\Users\user\AppData\Local\Temp\oct3C31.tmp.exe
C:\Users\user\AppData\Local\Temp\oct4FF7.tmp.exe
C:\Users\user\AppData\Local\Temp\oct514.tmp.exe
C:\Users\user\AppData\Local\Temp\oct6787.tmp.exe
C:\Users\user\AppData\Local\Temp\oct948C.tmp.exe
C:\Users\user\AppData\Local\Temp\octA9F3.tmp.exe
C:\Users\user\AppData\Local\Temp\octEBA0.tmp.exe
C:\Users\user\AppData\Local\Temp\Quotestring.exe
C:\Users\user\AppData\Local\Temp\Ruby.exe
C:\Users\user\AppData\Local\Temp\Uninstall.exe
C:\Users\user\AppData\Local\Temp\Zondontech.exe
Task: {00A51E89-899E-4707-8BC6-B76BB0BDB388} - System32\Tasks\psv_Holdair => cmd.exe /c regedit.exe /s "C:\ProgramData\Solotough\Cofcom.reg" &amp; del "C:\ProgramData\Solotough\Cofcom.reg" &amp; SCHTASKS /Delete /TN "psv_Holdair" /F <==== ATTENTION
Task: {58F8DE4B-975B-4582-A00C-DB2F0539CDFA} - System32\Tasks\psv_Superfresh => cmd.exe /c regedit.exe /s "C:\ProgramData\Solotough\Faxtech.reg" &amp; del "C:\ProgramData\Solotough\Faxtech.reg" &amp; SCHTASKS /Delete /TN "psv_Superfresh" /F <==== ATTENTION
Task: {5E1B6E89-32B8-44A4-AA07-2F1D5804A437} - System32\Tasks\snp => C:\ProgramData\ApphguotoloS\ApphguotoloS.exe [2015-11-29] () <==== ATTENTION
Task: {6A519A9F-5808-47AC-9346-9EF1BF6C3E7D} - System32\Tasks\psv_Canfix => cmd.exe /c regedit.exe /s "C:\ProgramData\ApphguotoloS\Villadox.reg" &amp; del "C:\ProgramData\ApphguotoloS\Villadox.reg" &amp; SCHTASKS /Delete /TN "psv_Canfix" /F <==== ATTENTION
Task: {9874D8D0-16F7-4153-95C5-4CEEE12DCE7B} - System32\Tasks\psv_Isnix => cmd.exe /c regedit.exe /s "C:\ProgramData\ApphguotoloS\Medfix.reg" &amp; del "C:\ProgramData\ApphguotoloS\Medfix.reg" &amp; SCHTASKS /Delete /TN "psv_Isnix" /F <==== ATTENTION
Task: {BFB5167C-90CE-493A-A130-7E9ED2CE10C3} - System32\Tasks\psv_K-Sailphase => cmd.exe /c regedit.exe /s "C:\ProgramData\Solotough\ScotLux.reg" &amp; del "C:\ProgramData\Solotough\ScotLux.reg" &amp; SCHTASKS /Delete /TN "psv_K-Sailphase" /F <==== ATTENTION
Task: {C168FCE9-7B4A-4EDD-A097-8AA8B15111E8} - System32\Tasks\snf => C:\ProgramData\ApphguotoloS\ApphguotoloS.exe [2015-11-29] () <==== ATTENTION
Task: {D06DBF16-C6BC-43D3-9BE5-602F267898A7} - System32\Tasks\psv_Isfinity => cmd.exe /c regedit.exe /s "C:\ProgramData\ApphguotoloS\ZamSiljob.reg" &amp; del "C:\ProgramData\ApphguotoloS\ZamSiljob.reg" &amp; SCHTASKS /Delete /TN "psv_Isfinity" /F <==== ATTENTION

EmptyTemp:
CMD: ipconfig /flushdns
*****************

[1488] C:\ProgramData\ApphguotoloS\ApphguotoloS.exe => process closed successfully.
[1552] C:\ProgramData\ApplicationHosting\ApplicationHosting.exe => process closed successfully.
C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe => No running process found
[2288] C:\Windows\Updatesvc.exe => process closed successfully.
C:\Program Files (x86)\CalendarTool\2.0.0.11061\calendar.exe => No running process found
[2616] C:\ProgramData\ApphguotoloS\ApphguotoloS.exe => process closed successfully.
C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe => No running process found
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\cltmng.exe => No running process found
C:\Program Files (x86)\LenovoBrowserGuard\UI\bin\cltmngui.exe => No running process found
"HKU\S-1-5-21-405398818-1581397194-2991210944-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71af1188-3f5d-11e5-827f-d053495aa0a6}" => key removed successfully
HKCR\CLSID\{71af1188-3f5d-11e5-827f-d053495aa0a6} => key not found.
"C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL" => Value data not found.
"C:\ProgramData\ApphguotoloS\WhiteCom.dll" => Value data removed successfully.
"C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL" => Value data not found.
"C:\ProgramData\ApphguotoloS\Aireco.dll" => Value data removed successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000022" => key removed successfully
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-405398818-1581397194-2991210944-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-405398818-1581397194-2991210944-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found.
Chrome HomePage => removed successfully
ApphguotoloS => service removed successfully
ApplicationHosting => service removed successfully
CltMngSvc => service not found.
UpdateSvc => service removed successfully
swsedrvr_vw_1_10_0_25 => service removed successfully
C:\ProgramData\ApphguotoloS => moved successfully
"C:\windows\System32\Tasks\snp" => not found.
C:\windows\System32\Tasks\psv_Isfinity => moved successfully
C:\windows\System32\Tasks\psv_Canfix => moved successfully
C:\windows\System32\Tasks\psv_Isnix => moved successfully
"C:\windows\System32\Tasks\snf" => not found.
C:\ProgramData\ApphguotoloSs => moved successfully
C:\windows\System32\Tasks\psv_Holdair => moved successfully
C:\windows\System32\Tasks\{A6111735-B653-471D-91BF-23EDA81C75E0} => moved successfully
C:\windows\System32\Tasks\psv_Superfresh => moved successfully
C:\windows\System32\Tasks\Video Balance => moved successfully
C:\windows\System32\Tasks\psv_K-Sailphase => moved successfully
C:\ProgramData\tXCBvhCCZ => moved successfully
"C:\Users\user\AppData\Roaming\CalendarTool" => not found.
"C:\Program Files (x86)\CalendarTool" => not found.
C:\windows\Updatesvc.exe => moved successfully
C:\windows\Provider.dll => moved successfully
C:\windows\Installer.exe => moved successfully
C:\Users\user\AppData\Local\Temp\5B97.exe => moved successfully
C:\Users\user\AppData\Local\Temp\Domdondax.exe => moved successfully
C:\Users\user\AppData\Local\Temp\dotNetFx40_Web_Setup.exe => moved successfully
C:\Users\user\AppData\Local\Temp\LenovoExperienceImprovement.exe => moved successfully
C:\Users\user\AppData\Local\Temp\oct1B6C.tmp.exe => moved successfully
C:\Users\user\AppData\Local\Temp\oct3C31.tmp.exe => moved successfully
C:\Users\user\AppData\Local\Temp\oct4FF7.tmp.exe => moved successfully
C:\Users\user\AppData\Local\Temp\oct514.tmp.exe => moved successfully
C:\Users\user\AppData\Local\Temp\oct6787.tmp.exe => moved successfully
C:\Users\user\AppData\Local\Temp\oct948C.tmp.exe => moved successfully
C:\Users\user\AppData\Local\Temp\octA9F3.tmp.exe => moved successfully
C:\Users\user\AppData\Local\Temp\octEBA0.tmp.exe => moved successfully
C:\Users\user\AppData\Local\Temp\Quotestring.exe => moved successfully
C:\Users\user\AppData\Local\Temp\Ruby.exe => moved successfully
C:\Users\user\AppData\Local\Temp\Uninstall.exe => moved successfully
C:\Users\user\AppData\Local\Temp\Zondontech.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00A51E89-899E-4707-8BC6-B76BB0BDB388}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00A51E89-899E-4707-8BC6-B76BB0BDB388}" => key removed successfully
C:\windows\System32\Tasks\psv_Holdair => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Holdair" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58F8DE4B-975B-4582-A00C-DB2F0539CDFA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58F8DE4B-975B-4582-A00C-DB2F0539CDFA}" => key removed successfully
C:\windows\System32\Tasks\psv_Superfresh => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Superfresh" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E1B6E89-32B8-44A4-AA07-2F1D5804A437} => key not found.
C:\windows\System32\Tasks\snp => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snp => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A519A9F-5808-47AC-9346-9EF1BF6C3E7D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A519A9F-5808-47AC-9346-9EF1BF6C3E7D}" => key removed successfully
C:\windows\System32\Tasks\psv_Canfix => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Canfix" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9874D8D0-16F7-4153-95C5-4CEEE12DCE7B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9874D8D0-16F7-4153-95C5-4CEEE12DCE7B}" => key removed successfully
C:\windows\System32\Tasks\psv_Isnix => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Isnix" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFB5167C-90CE-493A-A130-7E9ED2CE10C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFB5167C-90CE-493A-A130-7E9ED2CE10C3}" => key removed successfully
C:\windows\System32\Tasks\psv_K-Sailphase => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_K-Sailphase" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C168FCE9-7B4A-4EDD-A097-8AA8B15111E8} => key not found.
C:\windows\System32\Tasks\snf => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snf => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D06DBF16-C6BC-43D3-9BE5-602F267898A7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D06DBF16-C6BC-43D3-9BE5-602F267898A7}" => key removed successfully
C:\windows\System32\Tasks\psv_Isfinity => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Isfinity" => key removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 12 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:07:29 ====

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 04-Dec-15
Scan Time: 6:38 PM
Logfile: malware threats 2.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.04.04
Rootkit Database: v2015.11.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327883
Time Elapsed: 17 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 17
PUP.Optional.CrossAd, HKU\S-1-5-21-405398818-1581397194-2991210944-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B01B81F4-8E99-6BC4-EFB0-41B64BA5D3F1}, , [66ae742d6b202f07eaba9817d0317f81],
PUP.Optional.VideoBalance, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Video Balance, , [cb491091afdcd95d1eadc4dd946e827e],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, , [6ea6356c632861d5e2a0ebd363a02ed2],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\mtSolotough, , [d143168beba077bf6313ad48fe0551af],
PUP.Optional.SwiftSearch, HKLM\SOFTWARE\WOW6432NODE\SwiftSearch_1.10.0.25, , [c0540e93bdcef14526d8fdb005fe25db],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ApplicationHosting_RASAPI32, , [69ab5a47b6d594a251b13fb9c1428977],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ApplicationHosting_RASMANCS, , [bd57a8f9e6a5043207fb06f2ea19e51b],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Solotough_RASAPI32, , [33e10f92dab11b1be0959a5bee157b85],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Solotough_RASMANCS, , [61b35b46216aee489dd838bd8281c63a],
PUP.Optional.Vitruvian, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SwiftSearchAutoUpdateClient_RASAPI32, , [40d48a174942fb3b058b4b74b350c13f],
PUP.Optional.Vitruvian, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SwiftSearchAutoUpdateClient_RASMANCS, , [e3314a57f299270feca4c5fa7390a35d],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, , [19fb0c95315af1456022764872912bd5],
PUP.Optional.MySearch123, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}, , [36deb4ed7d0ea2944c27d41b0ff4f60a],
PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, , [28ec10913f4c280ea88d624f847f09f7],
PUP.Optional.DustApps, HKU\S-1-5-21-405398818-1581397194-2991210944-1001\SOFTWARE\DustApps, , [3ada0d94dfac39fde8f0582f6b984fb1],
PUP.Optional.Tuto4PC, HKU\S-1-5-21-405398818-1581397194-2991210944-1001\SOFTWARE\TutoTag, , [a76dadf4b6d52313b27fe6cbf40fd22e],
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-405398818-1581397194-2991210944-1001\SOFTWARE\MTSOLOTOUGH, , [888cf4ad0586aa8cdb999b5a847f916f],

Registry Values: 6
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}, , [799b6e33583387afa35e89e84eb501ff]
PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 06F28023-22BC-4866-887A-EA5D31AF86D3, , [28ec10913f4c280ea88d624f847f09f7]
PUP.Optional.Linkury, HKU\S-1-5-21-405398818-1581397194-2991210944-1001\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F. ... nnelid=777, , [7c98bae74744bf779a32ccc8db289868]
PUP.Optional.Linkury, HKU\S-1-5-21-405398818-1581397194-2991210944-1001\ENVIRONMENT|SNF, C:\ProgramData\ApphguotoloSs\snp.sc, , [72a2831eb8d3053104c72173748fc53b]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-405398818-1581397194-2991210944-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}, , [a4708b16d1bab48209f55f119a69d62a]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-405398818-1581397194-2991210944-1001\SOFTWARE\MTSOLOTOUGH|_os, Linkury, , [888cf4ad0586aa8cdb999b5a847f916f]

Registry Data: 1
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-405398818-1581397194-2991210944-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}),,[46ce6140622996a0f4a3afc352b2f50b]

Folders: 8
PUP.Optional.ConvertAd, C:\Users\user\AppData\Local\EFA41481-1448817998-11E4-A961-68F7288A9A41, , [8b89a3fe9bf06ec8f48f5b25ae5501ff],
PUP.Optional.DailyPCClean, C:\Users\user\Documents\DailyPCClean, , [aa6abee3d7b4e25411f24e37966de719],
PUP.Optional.MultiPlug, C:\Program Files (x86)\EFA41481-1448817932-11E4-A961-68F7288A9A41, , [f91b6041bfcc0b2be5451487b44ffb05],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\ApplicationHosting, , [a76d1b868efdc670beb5eab2f80a33cd],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Solotoughs, , [5aba3170860564d2e199653713ef47b9],
PUP.Optional.CrossAd.Gen, C:\Users\user\AppData\Local\Video Balance\Component, , [1bf9eab7e3a8a492bd098b0f0004d22e],
PUP.Optional.CrossAd.Gen, C:\Users\user\AppData\Local\Video Balance, , [1bf9eab7e3a8a492bd098b0f0004d22e],
PUP.Optional.CrossAd.Gen, C:\Users\user\AppData\Local\Video Balance\{A52D30DE-54D0-EDAB-0134-CE64634DAB11}, , [1bf9eab7e3a8a492bd098b0f0004d22e],

Files: 36
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\ApplicationHosting\ApplicationHosting.exe, , [45cf9b06c4c7989e549be4ce58a98c74],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\ApplicationHosting\Jackson.exe, , [33e1cfd2256678be12ddf2c0af5248b8],
PUP.Optional.Linkury.ShrtCln, C:\Users\user\AppData\Roaming\moses.exe, , [868eeeb31a713402c629842e8879867a],
PUP.Optional.DustApps, C:\Users\user\Desktop\adobe-lightroom-6.exe, , [1df70899bfcc14220b20dd88f60e8b75],
PUP.Optional.Tuto4PC, C:\Program Files (x86)\DailyPcClean Support\DailyPCClean.exe, , [1bf920818407bb7b52ed780d25df2ed2],
PUP.Optional.Tuto4PC, C:\Program Files (x86)\DailyPcClean Support\predm.exe, , [df35960bf09bdc5a229a98fd18ec7b85],
PUP.Optional.BHO, C:\Program Files (x86)\UniqueApps\dustapps.exe, , [c74df5acb4d75ed836702c6de918837d],
PUP.Optional.Linkury.ShrtCln, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\moses.exe, , [c74d732e2c5f7db9608f1e946a975ba5],
PUP.Optional.ConvertAd, C:\Users\user\AppData\Local\EFA41481-1448817998-11E4-A961-68F7288A9A41\onsu4F1E.tmp, , [fe16ddc4acdf4bebbef363c1ba48e818],
PUP.Optional.CrossAd, C:\Users\user\AppData\Local\Video Balance\{A52D30DE-54D0-EDAB-0134-CE64634DAB11}\VideoBalance.dll, , [66ae742d6b202f07eaba9817d0317f81],
PUP.Optional.SafeFinder, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage, , [53c1dec39eedf73fc76a3866a75b60a0],
PUP.Optional.SafeFinder, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage-journal, , [060e1f825b30dc5ac56c6e30a35f5ea2],
PUP.Optional.ConvertAd, C:\Users\user\AppData\Local\EFA41481-1448817998-11E4-A961-68F7288A9A41\Uninstall.exe, , [8b89a3fe9bf06ec8f48f5b25ae5501ff],
PUP.Optional.ConvertAd, C:\Users\user\AppData\Local\EFA41481-1448817998-11E4-A961-68F7288A9A41\pnsk4F2F.exe, , [8b89a3fe9bf06ec8f48f5b25ae5501ff],
PUP.Optional.ConvertAd, C:\Users\user\AppData\Local\EFA41481-1448817998-11E4-A961-68F7288A9A41\rnsu4F1D.exe, , [8b89a3fe9bf06ec8f48f5b25ae5501ff],
PUP.Optional.ConvertAd, C:\Users\user\AppData\Local\EFA41481-1448817998-11E4-A961-68F7288A9A41\snsu4F1C.tmp, , [8b89a3fe9bf06ec8f48f5b25ae5501ff],
PUP.Optional.DailyPCClean, C:\Users\user\Documents\DailyPCClean\CookieExclusions.txt, , [aa6abee3d7b4e25411f24e37966de719],
PUP.Optional.Linkury.Gen, C:\Windows\SysWOW64\findit.xml, , [2fe5742ddead52e4f40adabaac57629e],
PUP.Optional.MultiPlug, C:\Program Files (x86)\EFA41481-1448817932-11E4-A961-68F7288A9A41\vnsp43E6.tmp, , [f91b6041bfcc0b2be5451487b44ffb05],
PUP.Optional.MultiPlug, C:\Program Files (x86)\EFA41481-1448817932-11E4-A961-68F7288A9A41\Uninstall.exe, , [f91b6041bfcc0b2be5451487b44ffb05],
PUP.Optional.VisualDiscovery, C:\Windows\SysWOW64\VisualDiscovery.ini, , [0c080899e3a8300625f2b00355ae8977],
PUP.Optional.Winsock.WnskRST, C:\Windows\System32\VisualDiscoveryOff.ini, , [7a9aa100b5d696a0c19512cbb64d20e0],
PUP.Optional.Winsock.WnskRST, C:\Windows\SysWOW64\VisualDiscoveryOff.ini, , [e52ffca5216aca6cf462617c40c337c9],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\ApplicationHosting\ApplicationHosting.dat, , [a76d1b868efdc670beb5eab2f80a33cd],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\ApplicationHosting\Config.xml, , [a76d1b868efdc670beb5eab2f80a33cd],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Solotoughs\ff.HP, , [5aba3170860564d2e199653713ef47b9],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Solotoughs\ff.NT, , [5aba3170860564d2e199653713ef47b9],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Solotoughs\snp.sc, , [5aba3170860564d2e199653713ef47b9],
PUP.Optional.CrossAd.Gen, C:\Users\user\AppData\Local\Video Balance\Component\config.json, , [1bf9eab7e3a8a492bd098b0f0004d22e],
PUP.Optional.CrossAd.Gen, C:\Users\user\AppData\Local\Video Balance\Component\hello.js, , [1bf9eab7e3a8a492bd098b0f0004d22e],
PUP.Optional.CrossAd.Gen, C:\Users\user\AppData\Local\Video Balance\Component\manifest.json, , [1bf9eab7e3a8a492bd098b0f0004d22e],
PUP.Optional.CrossAd.Gen, C:\Users\user\AppData\Local\Video Balance\Component\scriptTagContext.js, , [1bf9eab7e3a8a492bd098b0f0004d22e],
PUP.Optional.CrossAd.Gen, C:\Users\user\AppData\Local\Video Balance\Component\tmp_bg.js, , [1bf9eab7e3a8a492bd098b0f0004d22e],
PUP.Optional.CrossAd.Gen, C:\Users\user\AppData\Local\Video Balance\Component\uconfig.json, , [1bf9eab7e3a8a492bd098b0f0004d22e],
PUP.Optional.CrossAd.Gen, C:\Users\user\AppData\Local\Video Balance\{A52D30DE-54D0-EDAB-0134-CE64634DAB11}\c.dat, , [1bf9eab7e3a8a492bd098b0f0004d22e],
PUP.Optional.CrossAd.Gen, C:\Users\user\AppData\Local\Video Balance\{A52D30DE-54D0-EDAB-0134-CE64634DAB11}\wboy.dll, , [1bf9eab7e3a8a492bd098b0f0004d22e],

Physical Sectors: 0
(No malicious items detected)


(end)

# AdwCleaner v5.023 - Logfile created 04/12/2015 at 19:20:31
# Updated 30/11/2015 by Xplode
# Database : 2015-12-03.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : user - LENOVO
# Running from : C:\Users\user\Downloads\adwcleaner_5.023.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\DailyPcClean Support
[-] Folder Deleted : C:\ProgramData\HealthAlert
[-] Folder Deleted : C:\ProgramData\pokki
[!] Folder Not Deleted : C:\ProgramData\HealthAlert
[-] Folder Deleted : C:\Users\Public\Documents\Guid
[#] Folder Deleted : C:\windows\SysNative\Tasks\pokki
[-] Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\CalendarTool

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Pokki

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\CLASSES\APPID\VISUALDISCOVERY.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\SweetLabs App Platform
[-] Key Deleted : HKLM\SOFTWARE\VisualDiscovery
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\homepage-web.com

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4954 bytes] ##########

I hope I have listed everything you need.

Many thanks
Tina
Knoxy
Regular Member
 
Posts: 21
Joined: January 13th, 2015, 12:46 pm

Re: Widows 8 laptop infected with pop ups & browser hijackin

Unread postby Cypher » December 5th, 2015, 7:04 am

Hi Tina,
Thank you for taking the time to help me again

You're most welcome :)
there was one program that I couldn't find listed so was unable to uninstall it, it was Setup (HKLM-x32.

That's ok, done worry about that for now.
The laptop seems to be working fine, there are no pop-ups or adverts and the browser isn't being redirected.

Excellent, but stay with me we still have work to do.

  • Please launch Malwarebytes Anti-Malware again.
  • On the Dashboard click on Update Now and allow MBAM to update to the latest definitions.
  • Go to the Settings Tab
    • Go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced Settings and make sure Automatically Quarantine Detected Items is checked
  • Go to Scan and select Threat Scan
    • Click on Start Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please post me the log in your next reply.

Next.

Fresh FRST scan

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • New Malwarebytes Anti-Malware log.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Widows 8 laptop infected with pop ups & browser hijackin

Unread postby Knoxy » December 5th, 2015, 1:53 pm

Hi Cypher,

Logs as requested.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 05-Dec-15
Scan Time: 3:02 PM
Logfile: malware 3.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.05.03
Rootkit Database: v2015.11.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327913
Time Elapsed: 16 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by user (administrator) on LENOVO (05-12-2015 17:46:54)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2015-02-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2015-02-16] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [snp2uvc] => C:\windows\vsnp2uvc.exe
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-10-30] (Qualcomm®Atheros®)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-19] (Spotify Ltd)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-16] (Skype Technologies S.A.)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [8281920 2015-11-19] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A016F4B3-C826-4443-9904-47B32C379E4F}: [DhcpNameServer] 150.204.1.2
Tcpip\..\Interfaces\{B6A128FB-AFDC-478E-B606-27388FEFB41B}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> {09F5A092-1826-11E5-8266-D053495AA0A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-05-13] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-06-27] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... 3DGpJCDLQ,,
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... bNN6A,,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com_
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?ou ... s&command={searchTerms}
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-17]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-17]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-17]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [317568 2013-10-30] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-10] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-08-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-23] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-07] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-02-16] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-04] ()
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1871784 2015-08-30] (Maxthon)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2015-02-16] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-10-30] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-30] (Qualcomm Atheros)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 CXPLRCAP; C:\Windows\system32\drivers\CxPlrCap.sys [236672 2014-08-26] (Conexant Systems, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [24808 2013-12-06] (Lenovo Group Limited (R))
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [2852504 2013-12-21] (Sonix Co. Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-05 17:46 - 2015-12-05 17:47 - 00020623 _____ C:\Users\user\Downloads\FRST.txt
2015-12-05 17:46 - 2015-12-05 17:46 - 00000000 ____D C:\Users\user\Downloads\FRST-OlderVersion
2015-12-05 15:29 - 2015-12-05 15:29 - 00001043 _____ C:\Users\user\Desktop\malware 3.txt
2015-12-04 19:17 - 2015-12-04 19:20 - 00000000 ____D C:\AdwCleaner
2015-12-04 19:03 - 2015-12-04 19:03 - 01736704 _____ C:\Users\user\Downloads\adwcleaner_5.023.exe
2015-12-04 19:02 - 2015-12-04 19:09 - 00000080 _____ C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2015-12-04 19:02 - 2015-12-04 19:02 - 00011402 _____ C:\Users\user\Desktop\malware threats 2.txt
2015-12-04 18:59 - 2015-12-04 18:59 - 00011400 _____ C:\Users\user\Desktop\malware threats.txt
2015-12-04 18:36 - 2015-12-05 15:01 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-04 18:36 - 2015-12-04 19:09 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-04 18:36 - 2015-12-04 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-04 18:35 - 2015-12-04 18:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-04 18:35 - 2015-12-04 18:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-04 18:35 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-12-04 18:35 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-12-04 18:35 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-12-04 18:24 - 2015-12-04 18:25 - 22908888 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-04 15:19 - 2015-12-04 15:19 - 00000136 _____ C:\windows\version.ini
2015-12-04 11:19 - 2015-12-04 11:19 - 00000512 _____ C:\windows\ads.js
2015-12-02 23:22 - 2015-12-02 23:22 - 00047171 _____ C:\Users\user\Downloads\CVQPz-HWIAEQzWq.jpg-large
2015-12-02 19:49 - 2015-12-02 19:49 - 00098774 _____ C:\Users\user\Downloads\E8iZWmkf.jpeg
2015-12-02 12:17 - 2015-12-02 12:17 - 00987112 _____ C:\Users\user\Desktop\EbookMotivatingVer3.pdf
2015-11-30 19:33 - 2015-12-05 17:46 - 00000000 ____D C:\FRST
2015-11-30 19:30 - 2015-12-05 17:46 - 02369024 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2015-11-29 17:27 - 2015-11-29 17:27 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2015-11-29 17:27 - 2015-11-29 17:27 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-11-29 17:21 - 2015-12-04 19:09 - 00000000 ____D C:\windows\Provider32
2015-11-29 17:21 - 2015-12-04 19:02 - 00000000 ____D C:\Program Files (x86)\UniqueApps
2015-11-29 17:08 - 2015-11-29 17:08 - 23532272 _____ C:\Users\user\Downloads\_MG_4591.CR2
2015-11-29 16:45 - 2015-11-29 17:07 - 156258182 _____ C:\Users\user\Downloads\wetransfer-f73987.zip
2015-11-29 16:13 - 2015-11-29 16:43 - 200728550 _____ C:\Users\user\Downloads\wetransfer-bba56b.zip
2015-11-29 16:11 - 2015-11-29 17:03 - 285761018 _____ C:\Users\user\Downloads\wetransfer-02867c.zip
2015-11-28 14:49 - 2015-11-28 14:55 - 126364805 _____ C:\Users\user\Desktop\Popping to Asda.mp4
2015-11-28 14:26 - 2015-11-30 15:12 - 00000000 ____D C:\Users\user\Desktop\Alge videos
2015-11-26 21:29 - 2015-11-26 21:30 - 00000000 ____D C:\Users\user\Desktop\from 1gb card
2015-11-26 17:40 - 2015-11-19 13:27 - 00000428 _____ C:\Users\user\AppData\Roaming\ham.txt
2015-11-26 17:39 - 2015-11-26 17:39 - 00042496 _____ C:\Users\user\AppData\Roaming\Moses.dat
2015-11-26 17:39 - 2015-11-26 17:39 - 00005568 _____ C:\Users\user\AppData\Roaming\md.xml
2015-11-26 09:34 - 2015-11-29 16:40 - 09545216 _____ C:\Users\user\AppData\Roaming\agent.dat
2015-11-26 09:34 - 2015-11-29 16:40 - 00060000 _____ C:\Users\user\AppData\Roaming\Config.xml
2015-11-26 09:34 - 2015-11-29 16:40 - 00017920 _____ C:\Users\user\AppData\Roaming\Main.dat
2015-11-23 16:34 - 2015-11-23 16:39 - 61408366 _____ C:\Users\user\Downloads\wetransfer-76339f.zip
2015-11-19 20:33 - 2015-11-19 20:33 - 00033529 _____ C:\Users\user\Downloads\CUMmxBDWcAAQgjf.jpg-large
2015-11-13 12:47 - 2015-11-03 00:23 - 00810488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-13 12:47 - 2015-11-03 00:23 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 18:22 - 2015-11-11 18:23 - 00000000 ____D C:\Users\user\Desktop\Alan's phone
2015-11-11 14:32 - 2015-11-11 23:41 - 00029391 _____ C:\Users\user\Desktop\Untitled 1.odt
2015-11-11 12:36 - 2015-10-30 23:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-11 12:36 - 2015-10-30 23:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-11 12:36 - 2015-10-30 23:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-11 12:36 - 2015-10-30 23:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-11 12:36 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-11 12:36 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-11 12:36 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-11 12:36 - 2015-10-30 22:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-11 12:36 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-11 12:36 - 2015-10-20 21:54 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-11 12:36 - 2015-10-20 14:53 - 03705856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-11 12:36 - 2015-10-20 14:36 - 02243072 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-11 12:36 - 2015-10-20 14:35 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-11 12:36 - 2015-10-20 14:34 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-11-11 12:36 - 2015-10-20 14:34 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-11 12:36 - 2015-10-20 14:34 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-11 12:36 - 2015-10-20 14:33 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-11 12:36 - 2015-10-20 14:14 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-11 12:36 - 2015-10-20 14:13 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-11 12:36 - 2015-10-20 14:13 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-11 12:36 - 2015-10-20 14:13 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-11 12:36 - 2015-10-15 16:08 - 00990208 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-11 12:36 - 2015-10-15 15:46 - 00803328 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-11 12:36 - 2015-10-14 23:02 - 07455064 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-11 12:36 - 2015-10-14 23:02 - 01659560 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-11-11 12:36 - 2015-10-14 23:02 - 01519592 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-11-11 12:36 - 2015-10-14 23:02 - 01487008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-11-11 12:36 - 2015-10-14 23:02 - 01355848 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-11-11 12:36 - 2015-10-13 17:10 - 00559616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 12:36 - 2015-10-13 17:10 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 12:36 - 2015-10-13 15:59 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00120376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00106952 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00091416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2015-11-11 12:36 - 2015-10-11 06:36 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-11 12:36 - 2015-10-11 06:36 - 00177496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-11 12:36 - 2015-10-10 18:40 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-11 12:36 - 2015-10-10 18:39 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-11 12:36 - 2015-10-10 18:07 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-11-11 12:36 - 2015-10-10 17:33 - 01441280 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-11 12:36 - 2015-10-10 17:27 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-11 12:36 - 2015-10-10 17:11 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-11-11 12:36 - 2015-10-10 16:45 - 00359424 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-11 12:36 - 2015-09-29 12:24 - 00155480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2015-11-11 12:36 - 2015-09-12 13:47 - 00414559 _____ C:\windows\system32\ApnDatabase.xml
2015-11-11 12:36 - 2015-09-07 16:22 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-11-11 12:36 - 2015-09-07 15:54 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-11-11 12:36 - 2015-09-07 15:30 - 01091584 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-11-11 12:36 - 2015-09-04 19:24 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tunnel.sys
2015-11-11 12:36 - 2015-08-28 22:20 - 00183368 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2015-11-11 12:36 - 2015-08-20 20:45 - 01380048 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-11-11 12:36 - 2015-08-20 17:48 - 01096704 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-11-11 12:36 - 2014-11-05 01:41 - 00558080 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2015-11-11 12:36 - 2014-11-05 01:18 - 00507392 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2015-11-11 12:35 - 2015-10-30 23:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-11 12:35 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-11 12:35 - 2015-10-30 22:39 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-11-11 12:35 - 2015-10-30 22:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-11 12:35 - 2015-10-30 22:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-11 12:35 - 2015-10-30 22:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-11 12:35 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-11 12:35 - 2015-10-30 22:14 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-11-11 12:35 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-11 12:35 - 2015-10-30 22:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-11 12:35 - 2015-10-30 21:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-11 12:35 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-11 12:35 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-11 12:35 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-11 12:35 - 2015-10-08 16:08 - 01083904 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2015-11-11 12:35 - 2015-08-10 18:15 - 00845312 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2015-11-11 12:35 - 2015-08-10 18:06 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2015-11-11 12:35 - 2015-08-10 17:49 - 00713216 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2015-11-11 12:35 - 2015-08-10 16:56 - 00272384 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 12:35 - 2015-08-10 16:46 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2015-11-11 12:35 - 2014-11-10 18:06 - 00136512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2015-11-11 12:34 - 2015-10-17 14:19 - 04176384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-08 23:43 - 2015-11-09 01:30 - 1135651626 _____ C:\Users\user\Downloads\wetransfer-2e0a9d.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-05 17:10 - 2015-06-17 12:41 - 00000920 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-05 13:35 - 2015-05-29 03:45 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-405398818-1581397194-2991210944-1001
2015-12-05 12:51 - 2015-06-17 10:32 - 00003914 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{63C84DC5-E145-4787-BEDA-824EAF71F58D}
2015-12-05 01:10 - 2015-06-17 12:41 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-05 01:06 - 2015-06-17 12:41 - 00003892 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 01:05 - 2015-06-17 12:41 - 00003656 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-04 23:12 - 2014-03-18 09:53 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2015-12-04 23:12 - 2013-08-22 13:36 - 00000000 ____D C:\windows\Inf
2015-12-04 23:07 - 2013-08-22 14:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-04 19:22 - 2015-02-16 14:18 - 00008704 _____ C:\windows\system32\VfService.trf
2015-12-04 19:09 - 2015-09-24 09:54 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-12-04 19:09 - 2015-09-24 09:54 - 00002434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-12-04 19:09 - 2015-09-24 09:54 - 00002398 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-12-04 19:09 - 2015-09-24 09:54 - 00002397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-12-04 19:09 - 2015-09-24 09:54 - 00002391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-12-04 19:09 - 2015-09-24 09:54 - 00002385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-12-04 19:09 - 2015-09-24 09:54 - 00002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-12-04 19:09 - 2015-09-17 07:59 - 00001510 _____ C:\Users\Public\Desktop\LibreOffice 5.0.lnk
2015-12-04 19:09 - 2015-08-27 15:12 - 00002041 _____ C:\Users\Public\Desktop\ArcSoft ShowBiz.lnk
2015-12-04 19:09 - 2015-07-24 17:02 - 00001855 _____ C:\Users\Public\Desktop\Lightworks x64 (12.0.2).lnk
2015-12-04 19:09 - 2015-06-28 20:18 - 00000996 _____ C:\Users\Public\Desktop\Fotor.lnk
2015-12-04 19:09 - 2015-06-23 16:54 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-04 19:09 - 2015-06-23 16:54 - 00002072 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-04 19:09 - 2015-06-22 22:44 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-04 19:09 - 2015-06-22 15:35 - 00002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-12-04 19:09 - 2015-06-22 15:35 - 00001473 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-12-04 19:09 - 2015-06-22 15:19 - 00001389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-12-04 19:09 - 2015-06-22 15:19 - 00001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-12-04 19:09 - 2015-06-17 17:55 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-12-04 19:09 - 2015-06-17 12:44 - 00002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-04 19:09 - 2015-02-16 14:24 - 00002155 _____ C:\Users\Public\Desktop\OneKey Recovery.lnk
2015-12-04 19:09 - 2015-02-16 14:22 - 00002149 _____ C:\Users\Public\Desktop\Lenovo Photo Master.lnk
2015-12-04 19:09 - 2015-02-16 14:18 - 00002198 _____ C:\Users\Public\Desktop\Lenovo PowerDVD 10.lnk
2015-12-04 19:09 - 2015-02-16 14:18 - 00002093 _____ C:\Users\Public\Desktop\User Manuals.lnk
2015-12-04 19:09 - 2015-02-16 14:18 - 00001194 _____ C:\Users\Public\Desktop\Lenovo VeriFace.lnk
2015-12-04 19:09 - 2015-02-16 14:16 - 00002012 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2015-12-04 19:09 - 2015-02-16 14:15 - 00001370 _____ C:\Users\Public\Desktop\CyberLink Power2Go.lnk
2015-12-04 19:09 - 2015-02-16 14:10 - 00001102 _____ C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk
2015-12-04 19:09 - 2015-02-16 14:09 - 00001221 _____ C:\Users\Public\Desktop\SHAREit.lnk
2015-12-04 19:09 - 2015-02-16 14:07 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2015-12-04 19:09 - 2015-02-16 14:07 - 00001983 _____ C:\Users\Public\Desktop\Nitro Pro 9.lnk
2015-12-04 19:08 - 2015-08-14 14:38 - 00000605 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tina's music.lnk
2015-12-04 19:08 - 2015-08-11 18:33 - 00000811 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-12-04 19:08 - 2015-06-24 00:33 - 00001126 _____ C:\Users\user\Desktop\Screenshot Captor.lnk
2015-12-04 19:08 - 2015-06-22 11:06 - 00001819 _____ C:\Users\user\Desktop\Spotify.lnk
2015-12-04 19:08 - 2015-06-22 11:06 - 00001805 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-12-04 19:08 - 2015-06-17 10:27 - 00002490 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk
2015-12-04 19:08 - 2015-06-17 10:27 - 00002121 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2015-12-04 19:08 - 2015-05-29 03:39 - 00001453 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-04 19:08 - 2015-05-29 03:38 - 00000469 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-12-04 19:08 - 2015-05-29 03:38 - 00000467 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-12-04 19:07 - 2015-07-27 21:17 - 00000652 _____ C:\Users\user\Desktop\Drivers - Shortcut.lnk
2015-12-04 19:07 - 2015-06-21 20:20 - 00001990 _____ C:\Users\user\Desktop\Resolve.lnk
2015-12-04 19:07 - 2015-05-29 03:39 - 00000872 _____ C:\Users\user\Desktop\Downloads.lnk
2015-12-04 19:04 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-12-04 19:02 - 2015-02-16 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-12-04 19:02 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Resources
2015-12-04 18:29 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-04 18:29 - 2013-08-22 15:36 - 00000000 ____D C:\windows\AppReadiness
2015-12-04 18:06 - 2013-08-22 13:36 - 00000000 ____D C:\Windows
2015-12-03 23:55 - 2015-07-17 16:57 - 00000000 ____D C:\Users\user\Desktop\Aidy's stuff
2015-12-03 23:47 - 2015-06-22 11:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2015-12-03 16:24 - 2015-06-22 11:06 - 00000000 ____D C:\Users\user\AppData\Local\Spotify
2015-11-29 17:26 - 2015-06-24 10:14 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2015-11-29 14:58 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-11-13 19:19 - 2013-08-22 15:36 - 00000000 ____D C:\windows\rescache
2015-11-13 18:22 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-13 18:19 - 2015-02-16 14:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-13 12:53 - 2013-08-22 14:44 - 00543888 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-13 12:43 - 2015-02-16 14:11 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-11-13 12:42 - 2013-08-22 15:36 - 00000000 ___RD C:\windows\ToastData
2015-11-12 21:48 - 2015-06-24 00:33 - 00000058 _____ C:\Users\user\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2015-11-12 13:43 - 2013-08-22 15:20 - 00000000 ____D C:\windows\CbsTemp
2015-11-12 13:30 - 2015-06-17 12:19 - 00000000 ____D C:\windows\system32\MRT
2015-11-12 13:21 - 2015-06-17 12:19 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-11 20:41 - 2015-05-29 03:40 - 00000000 ____D C:\Users\user\Documents\Bluetooth Folder
2015-11-11 18:18 - 2015-02-16 14:11 - 00000000 ____D C:\ProgramData\McAfee
2015-11-09 15:46 - 2015-07-21 23:23 - 00003348 _____ C:\windows\System32\Tasks\McAfee Remediation (Prepare)

==================== Files in the root of some directories =======

2015-11-26 09:34 - 2015-11-29 16:40 - 9545216 _____ () C:\Users\user\AppData\Roaming\agent.dat
2015-11-26 09:34 - 2015-11-29 16:40 - 0060000 _____ () C:\Users\user\AppData\Roaming\Config.xml
2015-11-26 17:40 - 2015-11-19 13:27 - 0000428 _____ () C:\Users\user\AppData\Roaming\ham.txt
2015-11-26 09:34 - 2015-11-29 16:40 - 0017920 _____ () C:\Users\user\AppData\Roaming\Main.dat
2015-11-26 17:39 - 2015-11-26 17:39 - 0005568 _____ () C:\Users\user\AppData\Roaming\md.xml
2015-11-26 17:39 - 2015-11-26 17:39 - 0042496 _____ () C:\Users\user\AppData\Roaming\Moses.dat
2015-11-26 17:40 - 2015-11-19 13:26 - 0004134 _____ () C:\Users\user\AppData\Roaming\shem.jpg
2015-06-24 00:33 - 2015-11-12 21:48 - 0000058 _____ () C:\Users\user\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2015-08-25 18:29 - 2015-08-25 18:29 - 0000000 _____ () C:\Users\user\AppData\Local\{706F095F-B29D-4A09-8D4A-F875D2420C7C}
2015-08-25 18:19 - 2015-08-25 18:19 - 0000000 _____ () C:\Users\user\AppData\Local\{A234AAB2-5E52-4D27-83CE-8487D3CF4C5D}
2015-02-16 13:18 - 2015-02-16 13:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-04 20:25

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by user (2015-12-05 17:48:19)
Running from C:\Users\user\Downloads
Windows 8.1 (X64) (2015-05-29 03:37:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-405398818-1581397194-2991210944-500 - Administrator - Disabled)
Guest (S-1-5-21-405398818-1581397194-2991210944-501 - Limited - Disabled)
user (S-1-5-21-405398818-1581397194-2991210944-1001 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{3E69CC95-C0F6-4C74-8F43-74F9046F20B2}) (Version: 1.0.10 - Amazon)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: 3.5.13.70 - ArcSoft)
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - )
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.4505 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DaVinci Resolve (HKLM\...\{131F8AE4-9933-4C05-8C22-87D5160501A6}) (Version: 11.3.1018 - Blackmagic Design)
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
Fotor 2.0.2 (HKLM-x32\...\Fotor) (Version: 2.0.2 - Everimaging Co., Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3910 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1320.2_WHQL - Sonix)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.31.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{13BD494D-9ACD-420B-A291-E145DED92EF6}) (Version: 2.6.001.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
LibreOffice 5.0.1.2 (HKLM-x32\...\{927AE35D-72BC-437D-BAC7-EE47D03DEE54}) (Version: 5.0.1.2 - The Document Foundation)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.0.2.0 - Lightworks)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1076 - McAfee, Inc.)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Screenshot Captor 4.12.0 (HKLM-x32\...\ScreenshotCaptor_is1) (Version: - )
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.8.0 - Lenovo Group Limited)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Spotify) (Version: 1.0.18.60.g5fe0413d - Spotify AB)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
Video Capture Driver Install 64bit 6.0.113 (HKLM-x32\...\{EFEF320F-538D-4314-BCDB-161AE603A9EA}) (Version: 6.0.113 - geniatech)
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wondershare Video Editor(Build 5.1.1) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

11-11-2015 13:02:22 Windows Update
22-11-2015 13:09:10 Scheduled Checkpoint
30-11-2015 17:37:16 Removed DaVinci Resolve
03-12-2015 10:09:33 Removed DaVinci Resolve

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0042E4A1-C602-49FF-A96A-AD7C83ECE852} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-405398818-1581397194-2991210944-1001 => C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-11-03] (Microsoft Corporation)
Task: {0AFAE707-7C05-4945-A464-5DD51DDB1E0E} - \{A6111735-B653-471D-91BF-23EDA81C75E0} -> No File <==== ATTENTION
Task: {0FB4F08C-8729-4618-AFEC-257C236B9AAE} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {1F618DBE-D14E-4F57-9C03-A7CAC9A1E296} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {3B0392EE-693B-4782-ABBD-0A9F3C7DE671} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-09-01] (McAfee, Inc.)
Task: {410DFCE0-E38A-4566-9736-C9554D562AB7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {5CBA88D0-149D-4CCE-BC95-BC8FFC058659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-17] (Google Inc.)
Task: {69A052FA-60CD-4519-84B0-E87502CCF91D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6CEC0E39-9CE7-46DE-9205-A12DB8588111} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {793772A6-78AD-4D53-AD47-D53412C60E6E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-08-19] (Lenovo)
Task: {7B0D50CC-F77B-4850-8529-0B8CFCA19E36} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {9D720787-F4BC-4865-A975-8A81AEF9D822} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-04] (Lenovo)
Task: {A94D406B-674B-4FB1-82B1-2F96A74D0D89} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-07] ()
Task: {AED853EE-B990-4B3C-A3FD-36EDDB7299D8} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-09-04] (Lenovo)
Task: {B760FEB1-125D-4E45-8084-ACAA2100FFC5} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2015-05-06] (McAfee, Inc.)
Task: {BD5266BF-D859-4BF8-AE8E-41FC8F4A0840} - \Video Balance -> No File <==== ATTENTION
Task: {C1070CDC-1096-403F-A06F-FE0A69F0C5DB} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-04] ()
Task: {CC36F4E3-B59C-4A77-8EAD-0D649DDA6694} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-17] (Google Inc.)
Task: {D91142A6-145D-490F-A403-2DCB2D9B315D} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-09-04] (Lenovo)
Task: {E86E8CD7-6CD0-46F2-868C-28E682768A71} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {EAB782FB-4E8E-4E90-A696-2527F115CD2C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-11-01] (Microsoft Corporation)
Task: {F3168E9E-A2E8-4ADC-B3CC-8739933CB13D} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-09-11] (Maxthon International ltd.)
Task: {F3DD5A64-0223-4C18-B484-3C1127ACC18F} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-04] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-24 09:22 - 2015-11-01 02:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-02-16 14:14 - 2012-04-24 10:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-02-16 14:18 - 2015-02-16 14:18 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2015-02-16 14:18 - 2015-02-16 14:18 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2015-11-13 18:17 - 2015-11-01 10:11 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-02-16 14:09 - 2014-07-10 01:19 - 00592880 _____ () C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
2015-02-16 13:15 - 2013-09-16 19:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-12-03 20:10 - 2015-11-24 08:00 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libglesv2.dll
2015-12-03 20:10 - 2015-11-24 08:00 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0ECAEA96-4630-4187-8EFC-E82D557157CC}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{46BB3AC8-8F98-4FCE-9258-309B91CA83E8}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{B1457077-5FA4-4DDE-95FF-6EBB949BC56F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{2E5490DF-B9DA-472D-899B-9ACC34DB5915}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{D9D25109-56FD-482C-97C9-ED02CE582E74}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{ED6D1817-C3DA-4B2E-BE54-7C0B0DFA2454}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{1AB2091F-3328-4E7E-933C-EE99ED17CAD4}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{F5354B0A-6CCF-4260-8842-7540BDA6EEFB}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{9538C028-EEE7-449D-AC27-D3F91AF331D1}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{DA6138B5-3DFC-4460-9BA3-C55F204E83A9}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{15DBDCF2-1D11-43C6-8BB0-56A9EA9EBEB7}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
FirewallRules: [{CC129EC1-A46C-49E6-8ED3-A0B03A4D856F}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{EC455C73-C7AD-4C77-9964-6246A6BBCA10}] => (Allow) LPort=55100
FirewallRules: [{8D4C8E91-897F-47CB-8172-925FABE8559F}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{213D0643-2472-4019-818E-935D778F9B1F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{29C6562B-CCC5-44A3-824A-5028DEF29FE7}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{D194336F-872E-41AF-9D7F-D7D4AB7027CF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{1E464580-992E-487D-BC37-6B0DD358C74F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{795D8815-FFF0-4F86-BE68-5F640E0A1D0C}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{A497AEB3-8B1A-4D41-B638-6B32EA518667}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{AB4527E8-F458-48A7-A909-91F632F4C20D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{7D5E8E93-2113-4CF7-A7AA-7DBE18823F2C}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{8AB1BBCE-EE41-4C8C-87B8-1333EE80FD68}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{D62D6CC0-0EF1-4DDE-B2AC-1F9DAD02DC67}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{93258D2D-0FB6-44A1-8899-6BC28FE224C4}] => (Allow) LPort=2869
FirewallRules: [{2730A6F4-2E02-4CD6-976E-17F8138511B3}] => (Allow) LPort=1900
FirewallRules: [{AFAB9DB2-A968-4D05-8980-F87E70D44B35}] => (Allow) C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{9470777D-35EC-4D83-B8E7-7C8F972020CB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{20ACF1C0-B929-44FB-B283-1187462D9C14}] => (Allow) C:\Program Files (x86)\Lightworks\Lightworks.exe
FirewallRules: [{56C69254-CD6D-40F5-835B-4BB815C205C1}] => (Allow) C:\Program Files (x86)\Lightworks\Lightworks.exe
FirewallRules: [{D0E66874-53A7-444D-AA53-F268C976D39D}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe
FirewallRules: [{DEB63A2F-5DEE-4A37-8513-A191DE435000}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe
FirewallRules: [{7ACDDEFC-D65C-42E5-9893-49B926EA35A9}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{A13F688B-C2B3-4E04-AEAD-7AC1CDE8B921}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{682865A2-48C3-4F33-814E-EE70447D1B89}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{66A7C156-C7C6-42A7-B962-C660865A1BC4}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [TCP Query User{C0F5FF72-8A31-4291-891B-A1FB0D57AA64}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3B5A6EA9-F978-4CFB-8C88-A8E1B8DDFEB9}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{853794CA-EFF3-48F7-8FDE-FAE624D7257B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{5C1705EB-404B-4319-AE68-0E03C0E6CA32}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{9B66572B-7748-4FB8-8A2E-D6C72C50543D}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3E2092E2-8295-4AEF-9562-055A194E5225}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2015 03:01:34 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (12/04/2015 06:11:02 PM) (Source: LenovoWiFiHotspotSvr) (EventID: 1) (User: )
Description: LenovoWiFiHotspotSvrm_IcsMgr == NULL failed with 0

Error: (12/04/2015 06:11:02 PM) (Source: PhoneCompanionVap_ICS) (EventID: 1) (User: )
Description: PhoneCompanionVap_ICSIcsMgr : InitIcs :InitIcsConnection error. failed with -2147024894

Error: (12/04/2015 03:01:22 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (12/04/2015 10:21:11 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (12/04/2015 12:07:54 AM) (Source: LenovoWiFiHotspotSvr) (EventID: 1) (User: )
Description: LenovoWiFiHotspotSvrm_IcsMgr == NULL failed with 0

Error: (12/04/2015 12:07:54 AM) (Source: PhoneCompanionVap_ICS) (EventID: 1) (User: )
Description: PhoneCompanionVap_ICSIcsMgr : InitIcs :InitIcsConnection error. failed with -2147024894

Error: (12/03/2015 03:34:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (12/03/2015 03:01:18 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (12/03/2015 11:09:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 46.0.2490.86 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ee0

Start Time: 01d12dafa81e0a10

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 5a827276-99ae-11e5-82da-d053495aa0a6

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (12/05/2015 02:48:53 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/05/2015 02:47:34 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/05/2015 02:46:34 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/05/2015 02:44:33 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/05/2015 02:43:06 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/05/2015 02:42:06 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/05/2015 02:40:03 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/05/2015 02:38:35 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/05/2015 02:36:34 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/05/2015 02:35:26 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


CodeIntegrity:
===================================
Date: 2015-12-02 23:24:09.953
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-02 23:24:09.294
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-02 12:18:52.788
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-02 12:18:52.209
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 29%
Total physical RAM: 8084.27 MB
Available physical RAM: 5682.23 MB
Total Virtual: 9364.27 MB
Available Virtual: 6802.75 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:889.58 GB) (Free:770.35 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D0C16BCC)

Partition: GPT.

==================== End of Addition.txt ============================

Many thanks
Tina
Knoxy
Regular Member
 
Posts: 21
Joined: January 13th, 2015, 12:46 pm

Re: Widows 8 laptop infected with pop ups & browser hijackin

Unread postby Cypher » December 5th, 2015, 2:39 pm

Hi Tina,
We need to run another fix, then i need you to run one more scan for me.
Once done please give me another update on how the computer is running.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... 3DGpJCDLQ, ,
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... bNN6A,,&q= {searchTerms}
    C:\Users\user\AppData\Local\Temp\sqlite3.dll
    Task: {0AFAE707-7C05-4945-A464-5DD51DDB1E0E} - \{A6111735-B653-471D-91BF-23EDA81C75E0} -> No File <==== ATTENTION
    Task: {BD5266BF-D859-4BF8-AE8E-41FC8F4A0840} - \Video Balance -> No File <==== ATTENTION
    
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe to your Downloads folder as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Logs/Information to Post in your Next Reply

  • FRST.txt Fixlog.txt.
  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Widows 8 laptop infected with pop ups & browser hijackin

Unread postby Knoxy » December 6th, 2015, 6:45 am

Hi Cypher,

Logs as requested.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by user (administrator) on LENOVO (05-12-2015 17:46:54)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2015-02-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2015-02-16] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [snp2uvc] => C:\windows\vsnp2uvc.exe
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-10-30] (Qualcomm®Atheros®)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-19] (Spotify Ltd)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-16] (Skype Technologies S.A.)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [8281920 2015-11-19] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A016F4B3-C826-4443-9904-47B32C379E4F}: [DhcpNameServer] 150.204.1.2
Tcpip\..\Interfaces\{B6A128FB-AFDC-478E-B606-27388FEFB41B}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> {09F5A092-1826-11E5-8266-D053495AA0A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-05-13] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-06-27] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... 3DGpJCDLQ,,
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... bNN6A,,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com_
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?ou ... s&command={searchTerms}
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-17]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-17]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-17]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [317568 2013-10-30] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-10] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-08-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-23] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-07] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-02-16] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-04] ()
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1871784 2015-08-30] (Maxthon)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2015-02-16] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-10-30] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-30] (Qualcomm Atheros)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 CXPLRCAP; C:\Windows\system32\drivers\CxPlrCap.sys [236672 2014-08-26] (Conexant Systems, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [24808 2013-12-06] (Lenovo Group Limited (R))
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [2852504 2013-12-21] (Sonix Co. Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-05 17:46 - 2015-12-05 17:47 - 00020623 _____ C:\Users\user\Downloads\FRST.txt
2015-12-05 17:46 - 2015-12-05 17:46 - 00000000 ____D C:\Users\user\Downloads\FRST-OlderVersion
2015-12-05 15:29 - 2015-12-05 15:29 - 00001043 _____ C:\Users\user\Desktop\malware 3.txt
2015-12-04 19:17 - 2015-12-04 19:20 - 00000000 ____D C:\AdwCleaner
2015-12-04 19:03 - 2015-12-04 19:03 - 01736704 _____ C:\Users\user\Downloads\adwcleaner_5.023.exe
2015-12-04 19:02 - 2015-12-04 19:09 - 00000080 _____ C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2015-12-04 19:02 - 2015-12-04 19:02 - 00011402 _____ C:\Users\user\Desktop\malware threats 2.txt
2015-12-04 18:59 - 2015-12-04 18:59 - 00011400 _____ C:\Users\user\Desktop\malware threats.txt
2015-12-04 18:36 - 2015-12-05 15:01 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-04 18:36 - 2015-12-04 19:09 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-04 18:36 - 2015-12-04 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-04 18:35 - 2015-12-04 18:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-04 18:35 - 2015-12-04 18:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-04 18:35 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-12-04 18:35 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-12-04 18:35 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-12-04 18:24 - 2015-12-04 18:25 - 22908888 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-04 15:19 - 2015-12-04 15:19 - 00000136 _____ C:\windows\version.ini
2015-12-04 11:19 - 2015-12-04 11:19 - 00000512 _____ C:\windows\ads.js
2015-12-02 23:22 - 2015-12-02 23:22 - 00047171 _____ C:\Users\user\Downloads\CVQPz-HWIAEQzWq.jpg-large
2015-12-02 19:49 - 2015-12-02 19:49 - 00098774 _____ C:\Users\user\Downloads\E8iZWmkf.jpeg
2015-12-02 12:17 - 2015-12-02 12:17 - 00987112 _____ C:\Users\user\Desktop\EbookMotivatingVer3.pdf
2015-11-30 19:33 - 2015-12-05 17:46 - 00000000 ____D C:\FRST
2015-11-30 19:30 - 2015-12-05 17:46 - 02369024 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2015-11-29 17:27 - 2015-11-29 17:27 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2015-11-29 17:27 - 2015-11-29 17:27 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-11-29 17:21 - 2015-12-04 19:09 - 00000000 ____D C:\windows\Provider32
2015-11-29 17:21 - 2015-12-04 19:02 - 00000000 ____D C:\Program Files (x86)\UniqueApps
2015-11-29 17:08 - 2015-11-29 17:08 - 23532272 _____ C:\Users\user\Downloads\_MG_4591.CR2
2015-11-29 16:45 - 2015-11-29 17:07 - 156258182 _____ C:\Users\user\Downloads\wetransfer-f73987.zip
2015-11-29 16:13 - 2015-11-29 16:43 - 200728550 _____ C:\Users\user\Downloads\wetransfer-bba56b.zip
2015-11-29 16:11 - 2015-11-29 17:03 - 285761018 _____ C:\Users\user\Downloads\wetransfer-02867c.zip
2015-11-28 14:49 - 2015-11-28 14:55 - 126364805 _____ C:\Users\user\Desktop\Popping to Asda.mp4
2015-11-28 14:26 - 2015-11-30 15:12 - 00000000 ____D C:\Users\user\Desktop\Alge videos
2015-11-26 21:29 - 2015-11-26 21:30 - 00000000 ____D C:\Users\user\Desktop\from 1gb card
2015-11-26 17:40 - 2015-11-19 13:27 - 00000428 _____ C:\Users\user\AppData\Roaming\ham.txt
2015-11-26 17:39 - 2015-11-26 17:39 - 00042496 _____ C:\Users\user\AppData\Roaming\Moses.dat
2015-11-26 17:39 - 2015-11-26 17:39 - 00005568 _____ C:\Users\user\AppData\Roaming\md.xml
2015-11-26 09:34 - 2015-11-29 16:40 - 09545216 _____ C:\Users\user\AppData\Roaming\agent.dat
2015-11-26 09:34 - 2015-11-29 16:40 - 00060000 _____ C:\Users\user\AppData\Roaming\Config.xml
2015-11-26 09:34 - 2015-11-29 16:40 - 00017920 _____ C:\Users\user\AppData\Roaming\Main.dat
2015-11-23 16:34 - 2015-11-23 16:39 - 61408366 _____ C:\Users\user\Downloads\wetransfer-76339f.zip
2015-11-19 20:33 - 2015-11-19 20:33 - 00033529 _____ C:\Users\user\Downloads\CUMmxBDWcAAQgjf.jpg-large
2015-11-13 12:47 - 2015-11-03 00:23 - 00810488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-13 12:47 - 2015-11-03 00:23 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 18:22 - 2015-11-11 18:23 - 00000000 ____D C:\Users\user\Desktop\Alan's phone
2015-11-11 14:32 - 2015-11-11 23:41 - 00029391 _____ C:\Users\user\Desktop\Untitled 1.odt
2015-11-11 12:36 - 2015-10-30 23:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-11 12:36 - 2015-10-30 23:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-11 12:36 - 2015-10-30 23:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-11 12:36 - 2015-10-30 23:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-11 12:36 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-11 12:36 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-11 12:36 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-11 12:36 - 2015-10-30 22:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-11 12:36 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-11 12:36 - 2015-10-20 21:54 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-11 12:36 - 2015-10-20 14:53 - 03705856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-11 12:36 - 2015-10-20 14:36 - 02243072 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-11 12:36 - 2015-10-20 14:35 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-11 12:36 - 2015-10-20 14:34 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-11-11 12:36 - 2015-10-20 14:34 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-11 12:36 - 2015-10-20 14:34 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-11 12:36 - 2015-10-20 14:33 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-11 12:36 - 2015-10-20 14:14 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-11 12:36 - 2015-10-20 14:13 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-11 12:36 - 2015-10-20 14:13 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-11 12:36 - 2015-10-20 14:13 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-11 12:36 - 2015-10-15 16:08 - 00990208 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-11 12:36 - 2015-10-15 15:46 - 00803328 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-11 12:36 - 2015-10-14 23:02 - 07455064 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-11 12:36 - 2015-10-14 23:02 - 01659560 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-11-11 12:36 - 2015-10-14 23:02 - 01519592 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-11-11 12:36 - 2015-10-14 23:02 - 01487008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-11-11 12:36 - 2015-10-14 23:02 - 01355848 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-11-11 12:36 - 2015-10-13 17:10 - 00559616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 12:36 - 2015-10-13 17:10 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 12:36 - 2015-10-13 15:59 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00120376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00106952 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00091416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2015-11-11 12:36 - 2015-10-11 06:36 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-11 12:36 - 2015-10-11 06:36 - 00177496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-11 12:36 - 2015-10-10 18:40 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-11 12:36 - 2015-10-10 18:39 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-11 12:36 - 2015-10-10 18:07 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-11-11 12:36 - 2015-10-10 17:33 - 01441280 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-11 12:36 - 2015-10-10 17:27 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-11 12:36 - 2015-10-10 17:11 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-11-11 12:36 - 2015-10-10 16:45 - 00359424 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-11 12:36 - 2015-09-29 12:24 - 00155480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2015-11-11 12:36 - 2015-09-12 13:47 - 00414559 _____ C:\windows\system32\ApnDatabase.xml
2015-11-11 12:36 - 2015-09-07 16:22 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-11-11 12:36 - 2015-09-07 15:54 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-11-11 12:36 - 2015-09-07 15:30 - 01091584 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-11-11 12:36 - 2015-09-04 19:24 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tunnel.sys
2015-11-11 12:36 - 2015-08-28 22:20 - 00183368 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2015-11-11 12:36 - 2015-08-20 20:45 - 01380048 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-11-11 12:36 - 2015-08-20 17:48 - 01096704 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-11-11 12:36 - 2014-11-05 01:41 - 00558080 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2015-11-11 12:36 - 2014-11-05 01:18 - 00507392 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2015-11-11 12:35 - 2015-10-30 23:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-11 12:35 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-11 12:35 - 2015-10-30 22:39 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-11-11 12:35 - 2015-10-30 22:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-11 12:35 - 2015-10-30 22:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-11 12:35 - 2015-10-30 22:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-11 12:35 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-11 12:35 - 2015-10-30 22:14 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-11-11 12:35 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-11 12:35 - 2015-10-30 22:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-11 12:35 - 2015-10-30 21:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-11 12:35 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-11 12:35 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-11 12:35 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-11 12:35 - 2015-10-08 16:08 - 01083904 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2015-11-11 12:35 - 2015-08-10 18:15 - 00845312 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2015-11-11 12:35 - 2015-08-10 18:06 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2015-11-11 12:35 - 2015-08-10 17:49 - 00713216 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2015-11-11 12:35 - 2015-08-10 16:56 - 00272384 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 12:35 - 2015-08-10 16:46 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2015-11-11 12:35 - 2014-11-10 18:06 - 00136512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2015-11-11 12:34 - 2015-10-17 14:19 - 04176384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-08 23:43 - 2015-11-09 01:30 - 1135651626 _____ C:\Users\user\Downloads\wetransfer-2e0a9d.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-05 17:10 - 2015-06-17 12:41 - 00000920 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-05 13:35 - 2015-05-29 03:45 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-405398818-1581397194-2991210944-1001
2015-12-05 12:51 - 2015-06-17 10:32 - 00003914 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{63C84DC5-E145-4787-BEDA-824EAF71F58D}
2015-12-05 01:10 - 2015-06-17 12:41 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-05 01:06 - 2015-06-17 12:41 - 00003892 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 01:05 - 2015-06-17 12:41 - 00003656 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-04 23:12 - 2014-03-18 09:53 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2015-12-04 23:12 - 2013-08-22 13:36 - 00000000 ____D C:\windows\Inf
2015-12-04 23:07 - 2013-08-22 14:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-04 19:22 - 2015-02-16 14:18 - 00008704 _____ C:\windows\system32\VfService.trf
2015-12-04 19:09 - 2015-09-24 09:54 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-12-04 19:09 - 2015-09-24 09:54 - 00002434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-12-04 19:09 - 2015-09-24 09:54 - 00002398 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-12-04 19:09 - 2015-09-24 09:54 - 00002397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-12-04 19:09 - 2015-09-24 09:54 - 00002391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-12-04 19:09 - 2015-09-24 09:54 - 00002385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-12-04 19:09 - 2015-09-24 09:54 - 00002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-12-04 19:09 - 2015-09-17 07:59 - 00001510 _____ C:\Users\Public\Desktop\LibreOffice 5.0.lnk
2015-12-04 19:09 - 2015-08-27 15:12 - 00002041 _____ C:\Users\Public\Desktop\ArcSoft ShowBiz.lnk
2015-12-04 19:09 - 2015-07-24 17:02 - 00001855 _____ C:\Users\Public\Desktop\Lightworks x64 (12.0.2).lnk
2015-12-04 19:09 - 2015-06-28 20:18 - 00000996 _____ C:\Users\Public\Desktop\Fotor.lnk
2015-12-04 19:09 - 2015-06-23 16:54 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-04 19:09 - 2015-06-23 16:54 - 00002072 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-04 19:09 - 2015-06-22 22:44 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-04 19:09 - 2015-06-22 15:35 - 00002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-12-04 19:09 - 2015-06-22 15:35 - 00001473 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-12-04 19:09 - 2015-06-22 15:19 - 00001389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-12-04 19:09 - 2015-06-22 15:19 - 00001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-12-04 19:09 - 2015-06-17 17:55 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-12-04 19:09 - 2015-06-17 12:44 - 00002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-04 19:09 - 2015-02-16 14:24 - 00002155 _____ C:\Users\Public\Desktop\OneKey Recovery.lnk
2015-12-04 19:09 - 2015-02-16 14:22 - 00002149 _____ C:\Users\Public\Desktop\Lenovo Photo Master.lnk
2015-12-04 19:09 - 2015-02-16 14:18 - 00002198 _____ C:\Users\Public\Desktop\Lenovo PowerDVD 10.lnk
2015-12-04 19:09 - 2015-02-16 14:18 - 00002093 _____ C:\Users\Public\Desktop\User Manuals.lnk
2015-12-04 19:09 - 2015-02-16 14:18 - 00001194 _____ C:\Users\Public\Desktop\Lenovo VeriFace.lnk
2015-12-04 19:09 - 2015-02-16 14:16 - 00002012 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2015-12-04 19:09 - 2015-02-16 14:15 - 00001370 _____ C:\Users\Public\Desktop\CyberLink Power2Go.lnk
2015-12-04 19:09 - 2015-02-16 14:10 - 00001102 _____ C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk
2015-12-04 19:09 - 2015-02-16 14:09 - 00001221 _____ C:\Users\Public\Desktop\SHAREit.lnk
2015-12-04 19:09 - 2015-02-16 14:07 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2015-12-04 19:09 - 2015-02-16 14:07 - 00001983 _____ C:\Users\Public\Desktop\Nitro Pro 9.lnk
2015-12-04 19:08 - 2015-08-14 14:38 - 00000605 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tina's music.lnk
2015-12-04 19:08 - 2015-08-11 18:33 - 00000811 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-12-04 19:08 - 2015-06-24 00:33 - 00001126 _____ C:\Users\user\Desktop\Screenshot Captor.lnk
2015-12-04 19:08 - 2015-06-22 11:06 - 00001819 _____ C:\Users\user\Desktop\Spotify.lnk
2015-12-04 19:08 - 2015-06-22 11:06 - 00001805 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-12-04 19:08 - 2015-06-17 10:27 - 00002490 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk
2015-12-04 19:08 - 2015-06-17 10:27 - 00002121 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2015-12-04 19:08 - 2015-05-29 03:39 - 00001453 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-04 19:08 - 2015-05-29 03:38 - 00000469 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-12-04 19:08 - 2015-05-29 03:38 - 00000467 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-12-04 19:07 - 2015-07-27 21:17 - 00000652 _____ C:\Users\user\Desktop\Drivers - Shortcut.lnk
2015-12-04 19:07 - 2015-06-21 20:20 - 00001990 _____ C:\Users\user\Desktop\Resolve.lnk
2015-12-04 19:07 - 2015-05-29 03:39 - 00000872 _____ C:\Users\user\Desktop\Downloads.lnk
2015-12-04 19:04 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-12-04 19:02 - 2015-02-16 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-12-04 19:02 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Resources
2015-12-04 18:29 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-04 18:29 - 2013-08-22 15:36 - 00000000 ____D C:\windows\AppReadiness
2015-12-04 18:06 - 2013-08-22 13:36 - 00000000 ____D C:\Windows
2015-12-03 23:55 - 2015-07-17 16:57 - 00000000 ____D C:\Users\user\Desktop\Aidy's stuff
2015-12-03 23:47 - 2015-06-22 11:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2015-12-03 16:24 - 2015-06-22 11:06 - 00000000 ____D C:\Users\user\AppData\Local\Spotify
2015-11-29 17:26 - 2015-06-24 10:14 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2015-11-29 14:58 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-11-13 19:19 - 2013-08-22 15:36 - 00000000 ____D C:\windows\rescache
2015-11-13 18:22 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-13 18:19 - 2015-02-16 14:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-13 12:53 - 2013-08-22 14:44 - 00543888 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-13 12:43 - 2015-02-16 14:11 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-11-13 12:42 - 2013-08-22 15:36 - 00000000 ___RD C:\windows\ToastData
2015-11-12 21:48 - 2015-06-24 00:33 - 00000058 _____ C:\Users\user\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2015-11-12 13:43 - 2013-08-22 15:20 - 00000000 ____D C:\windows\CbsTemp
2015-11-12 13:30 - 2015-06-17 12:19 - 00000000 ____D C:\windows\system32\MRT
2015-11-12 13:21 - 2015-06-17 12:19 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-11 20:41 - 2015-05-29 03:40 - 00000000 ____D C:\Users\user\Documents\Bluetooth Folder
2015-11-11 18:18 - 2015-02-16 14:11 - 00000000 ____D C:\ProgramData\McAfee
2015-11-09 15:46 - 2015-07-21 23:23 - 00003348 _____ C:\windows\System32\Tasks\McAfee Remediation (Prepare)

==================== Files in the root of some directories =======

2015-11-26 09:34 - 2015-11-29 16:40 - 9545216 _____ () C:\Users\user\AppData\Roaming\agent.dat
2015-11-26 09:34 - 2015-11-29 16:40 - 0060000 _____ () C:\Users\user\AppData\Roaming\Config.xml
2015-11-26 17:40 - 2015-11-19 13:27 - 0000428 _____ () C:\Users\user\AppData\Roaming\ham.txt
2015-11-26 09:34 - 2015-11-29 16:40 - 0017920 _____ () C:\Users\user\AppData\Roaming\Main.dat
2015-11-26 17:39 - 2015-11-26 17:39 - 0005568 _____ () C:\Users\user\AppData\Roaming\md.xml
2015-11-26 17:39 - 2015-11-26 17:39 - 0042496 _____ () C:\Users\user\AppData\Roaming\Moses.dat
2015-11-26 17:40 - 2015-11-19 13:26 - 0004134 _____ () C:\Users\user\AppData\Roaming\shem.jpg
2015-06-24 00:33 - 2015-11-12 21:48 - 0000058 _____ () C:\Users\user\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2015-08-25 18:29 - 2015-08-25 18:29 - 0000000 _____ () C:\Users\user\AppData\Local\{706F095F-B29D-4A09-8D4A-F875D2420C7C}
2015-08-25 18:19 - 2015-08-25 18:19 - 0000000 _____ () C:\Users\user\AppData\Local\{A234AAB2-5E52-4D27-83CE-8487D3CF4C5D}
2015-02-16 13:18 - 2015-02-16 13:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-04 20:25

==================== End of FRST.txt ============================

Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by user (2015-12-05 18:47:46) Run:2
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... 3DGpJCDLQ, ,
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... bNN6A,,&q= {searchTerms}
C:\Users\user\AppData\Local\Temp\sqlite3.dll
Task: {0AFAE707-7C05-4945-A464-5DD51DDB1E0E} - \{A6111735-B653-471D-91BF-23EDA81C75E0} -> No File <==== ATTENTION
Task: {BD5266BF-D859-4BF8-AE8E-41FC8F4A0840} - \Video Balance -> No File <==== ATTENTION

EmptyTemp:
CMD: ipconfig /flushdns
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
C:\Users\user\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AFAE707-7C05-4945-A464-5DD51DDB1E0E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AFAE707-7C05-4945-A464-5DD51DDB1E0E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A6111735-B653-471D-91BF-23EDA81C75E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD5266BF-D859-4BF8-AE8E-41FC8F4A0840}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD5266BF-D859-4BF8-AE8E-41FC8F4A0840}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Video Balance => key not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 523.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:48:01 ====

C:\FRST\Quarantine\C\ProgramData\ApphguotoloS\ApphguotoloS.exe a variant of Win32/Toolbar.Linkury.AH potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\ApphguotoloS\Labtex.exe a variant of Win32/Toolbar.Linkury.AF potentially unwanted application
C:\FRST\Quarantine\C\Users\user\AppData\Local\Temp\Domdondax.exe.xBAD a variant of Win32/Toolbar.Linkury.AH potentially unwanted application
C:\FRST\Quarantine\C\Users\user\AppData\Local\Temp\Quotestring.exe.xBAD a variant of Win32/Toolbar.Linkury.AH potentially unwanted application
C:\FRST\Quarantine\C\Users\user\AppData\Local\Temp\Ruby.exe.xBAD a variant of Win32/Toolbar.Linkury.AH potentially unwanted application
C:\FRST\Quarantine\C\windows\Installer.exe.xBAD Win64/Adware.Somid.A application
C:\FRST\Quarantine\C\windows\Provider.dll.xBAD Win64/Adware.Somid.A application
C:\FRST\Quarantine\C\windows\Updatesvc.exe.xBAD a variant of Win64/Adware.Somid.A application
C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\user\Downloads\Atom Pack v1.5.exe a variant of Win32/AtomRePack.A potentially unwanted application
C:\Users\user\Downloads\uTorrent_3-4-2-build-38913.exe a variant of Win32/OpenCandy.A potentially unsafe application

Laptop is running ok.
Thanks
Tina
Knoxy
Regular Member
 
Posts: 21
Joined: January 13th, 2015, 12:46 pm

Re: Widows 8 laptop infected with pop ups & browser hijackin

Unread postby Cypher » December 6th, 2015, 7:28 am

Hi Tina.
Can you tell me what your Google Chrome Home page is set to, it appears to be as listed below?
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... 3DGpJCDLQ, ,
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... bNN6A,,&q= {searchTerms}
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Widows 8 laptop infected with pop ups & browser hijackin

Unread postby Knoxy » December 6th, 2015, 7:44 am

Hi Cypher,

When I click the google app it opens a google chrome search page which is it's default, I have just been and checked the settings in google chrome and there is a warning box that says chrome detected that some of your settings were corrupted by another program and reset them to their original defaults. I then have the option to to reset my settings which I haven't done. I have also checked the Internet & network settings in the control panel and the default homepage on that is http://go.microsoft.com/fwlink/?LinkId=69157

Hope this is the info you need.

Tina
Knoxy
Regular Member
 
Posts: 21
Joined: January 13th, 2015, 12:46 pm

Re: Widows 8 laptop infected with pop ups & browser hijackin

Unread postby Cypher » December 6th, 2015, 7:59 am

Hi Tina.
I have just been and checked the settings in google chrome and there is a warning box that says chrome detected that some of your settings were corrupted by another program and reset them to their original defaults. I then have the option to to reset my settings which I haven't done.

As it was Chrome you were having problems with, the safest thing to do is reinstall it.
Lets do that now then you should be good to go.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Google Chrome
Google Update Helper

If you're asked if you would like to keep any personalized settings or folders, say NO...

Now reboot your computer.

Next..

Download and reinstall Google chrome from Here

Now lets tidy up and remove the tools we used to clean your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Remove disinfection tools
  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Widows 8 laptop infected with pop ups & browser hijackin

Unread postby Knoxy » December 6th, 2015, 8:35 am

Hi Cypher,

I have completed all of the above, the laptop is running normally again thank goodness!
Thank you so much for all your help, this forum is an absolute godsend and so are all of you.posting.php?mode=reply&f=11&t=64154#http://www.malwareremoval.com/forum/posting.php?mode=reply&f=11&t=64154#

Tina
Knoxy
Regular Member
 
Posts: 21
Joined: January 13th, 2015, 12:46 pm

Re: Widows 8 laptop infected with pop ups & browser hijackin

Unread postby Knoxy » December 6th, 2015, 8:37 am

Ahh my little emoticons didn't work!

:cheers: ;) :lol:

Did this time.

Tina
Knoxy
Regular Member
 
Posts: 21
Joined: January 13th, 2015, 12:46 pm

Re: Widows 8 laptop infected with pop ups & browser hijackin

Unread postby Cypher » December 6th, 2015, 8:49 am

Hi Tina.
Thank you so much for all your help

It's my pleasure :)
the laptop is running normally again thank goodness!

That's great, as your problems appear to be resolved i will close this topic.
Good luck and stay safe..

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware