I'm sorry to say this is my second time on here this year thanks to my teenage son downloading free video editing software yet again!
Whenever you use Google chrome it opens up 5 or 6 new tabs all taking you to random sites that you have no interest in and pop ups follow you around all the time, snap.do & findit appear quite regularly.
I'm really hoping you will be able to help me, although I will understand if you decide not too.
Below are the logs as requested.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
Ran by user (administrator) on LENOVO (30-11-2015 19:33:39)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\ProgramData\ApphguotoloS\ApphguotoloS.exe
() C:\ProgramData\ApplicationHosting\ApplicationHosting.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe
(drms media group) C:\Windows\Updatesvc.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\calendar.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
() C:\ProgramData\ApphguotoloS\ApphguotoloS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\lenovo\Lenovo Solution Center\LSCNotify.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\cltmng.exe
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\UI\bin\cltmngui.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2015-02-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2015-02-16] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [snp2uvc] => C:\windows\vsnp2uvc.exe
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-10-30] (Qualcomm®Atheros®)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-19] (Spotify Ltd)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-16] (Skype Technologies S.A.)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [8281920 2015-11-19] (Spotify Ltd)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\MountPoints2: {71af1188-3f5d-11e5-827f-d053495aa0a6} - "F:\Startme.exe"
AppInit_DLLs: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll [206152 2014-07-22] (ClientConnect LTD)
AppInit_DLLs: C:\ProgramData\ApphguotoloS\WhiteCom.dll => C:\ProgramData\ApphguotoloS\WhiteCom.dll [518656 2015-11-29] ()
AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll [173896 2014-07-22] (ClientConnect LTD)
AppInit_DLLs-x32: C:\ProgramData\ApphguotoloS\Aireco.dll => C:\ProgramData\ApphguotoloS\Aireco.dll [320512 2015-11-29] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 01 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 02 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 03 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 04 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 05 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 06 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 07 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 08 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 09 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 10 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9 22 C:\windows\Provider32\Provider.dll [228352 2015-07-27] (drms media group)
Winsock: Catalog9-x64 01 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 02 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 03 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 04 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 05 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 06 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 07 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 08 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 09 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 10 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Winsock: Catalog9-x64 22 C:\windows\Provider.dll [270848 2015-07-27] (drms media group)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A016F4B3-C826-4443-9904-47B32C379E4F}: [DhcpNameServer] 150.204.1.2
Tcpip\..\Interfaces\{B6A128FB-AFDC-478E-B606-27388FEFB41B}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... 2a1LoNPwg,,
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> {09F5A092-1826-11E5-8266-D053495AA0A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-405398818-1581397194-2991210944-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... t5D1g,,&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-05-13] (McAfee, Inc.)
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-06-27] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... 3DGpJCDLQ,,
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-17]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-17]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-17]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-17]
CHR Extension: (Video Balance) - C:\Users\user\AppData\Local\Video Balance\Component [2015-11-29]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ApphguotoloS; C:\ProgramData\\ApphguotoloS\\ApphguotoloS.exe [466944 2015-11-29] () [File not signed]
R2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe [466944 2015-11-29] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [317568 2013-10-30] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-10] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe [2538824 2014-07-22] (ClientConnect LTD)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-08-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-23] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-07] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-02-16] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-04] ()
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1871784 2015-08-30] (Maxthon)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe [151688 2015-11-23] ()
R2 UpdateSvc; C:\windows\Updatesvc.exe [221184 2015-07-27] (drms media group) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2015-02-16] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-10-30] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-30] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 CXPLRCAP; C:\Windows\system32\drivers\CxPlrCap.sys [236672 2014-08-26] (Conexant Systems, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [24808 2013-12-06] (Lenovo Group Limited (R))
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [2852504 2013-12-21] (Sonix Co. Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R1 swsedrvr_vw_1_10_0_25; system32\drivers\swsedrvr_vw_1_10_0_25.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-30 19:33 - 2015-11-30 19:34 - 00028648 _____ C:\Users\user\Downloads\FRST.txt
2015-11-30 19:33 - 2015-11-30 19:33 - 00000000 ____D C:\FRST
2015-11-30 19:30 - 2015-11-30 19:31 - 02350080 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2015-11-30 17:42 - 2015-11-30 17:42 - 00000136 _____ C:\windows\version.ini
2015-11-29 19:43 - 2015-11-29 19:43 - 00000512 _____ C:\windows\ads.js
2015-11-29 18:06 - 2015-11-29 19:20 - 00000000 ____D C:\ProgramData\ApphguotoloS
2015-11-29 18:06 - 2015-11-29 18:06 - 00003604 _____ C:\windows\System32\Tasks\snp
2015-11-29 18:06 - 2015-11-29 18:06 - 00003290 _____ C:\windows\System32\Tasks\psv_Isfinity
2015-11-29 18:06 - 2015-11-29 18:06 - 00003282 _____ C:\windows\System32\Tasks\psv_Canfix
2015-11-29 18:06 - 2015-11-29 18:06 - 00003272 _____ C:\windows\System32\Tasks\psv_Isnix
2015-11-29 18:06 - 2015-11-29 18:06 - 00003240 _____ C:\windows\System32\Tasks\snf
2015-11-29 18:06 - 2015-11-29 18:06 - 00000000 ____D C:\ProgramData\ApphguotoloSs
2015-11-29 18:02 - 2015-11-29 18:02 - 00003264 _____ C:\windows\System32\Tasks\psv_Holdair
2015-11-29 18:00 - 2015-11-29 18:00 - 00003562 _____ C:\windows\System32\Tasks\{A6111735-B653-471D-91BF-23EDA81C75E0}
2015-11-29 17:56 - 2015-11-29 17:56 - 00003274 _____ C:\windows\System32\Tasks\psv_Superfresh
2015-11-29 17:42 - 2015-11-29 17:42 - 00003136 _____ C:\windows\System32\Tasks\Video Balance
2015-11-29 17:42 - 2015-11-29 17:42 - 00000000 ____D C:\Users\user\AppData\Local\Video Balance
2015-11-29 17:31 - 2015-11-29 17:31 - 00003276 _____ C:\windows\System32\Tasks\psv_K-Sailphase
2015-11-29 17:29 - 2015-11-29 17:29 - 00000000 ____D C:\ProgramData\tXCBvhCCZ
2015-11-29 17:29 - 2015-11-29 17:29 - 00000000 ____D C:\ProgramData\HealthAlert
2015-11-29 17:28 - 2015-11-30 17:31 - 00000000 ____D C:\Users\user\AppData\Roaming\CalendarTool
2015-11-29 17:28 - 2015-11-29 17:28 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-11-29 17:28 - 2015-11-29 17:28 - 00000000 ____D C:\Program Files (x86)\CalendarTool
2015-11-29 17:27 - 2015-11-29 18:06 - 00002389 _____ C:\windows\SysWOW64\findit.xml
2015-11-29 17:27 - 2015-11-29 17:27 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2015-11-29 17:27 - 2015-11-29 17:27 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-11-29 17:27 - 2015-11-29 17:27 - 00000000 ____D C:\ProgramData\Solotoughs
2015-11-29 17:26 - 2015-11-29 18:48 - 00000000 ____D C:\Users\user\AppData\Local\EFA41481-1448817998-11E4-A961-68F7288A9A41
2015-11-29 17:26 - 2015-11-29 18:05 - 00000000 ____D C:\ProgramData\ApplicationHosting
2015-11-29 17:25 - 2015-11-29 17:25 - 00000000 ____D C:\Users\user\Documents\DailyPCClean
2015-11-29 17:25 - 2015-11-29 17:25 - 00000000 ____D C:\Program Files (x86)\EFA41481-1448817932-11E4-A961-68F7288A9A41
2015-11-29 17:24 - 2015-11-29 18:00 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support
2015-11-29 17:21 - 2015-11-29 17:21 - 00000000 ____D C:\windows\Provider32
2015-11-29 17:21 - 2015-11-29 17:21 - 00000000 ____D C:\Program Files (x86)\UniqueApps
2015-11-29 17:21 - 2015-07-27 18:52 - 00221184 _____ (drms media group) C:\windows\Updatesvc.exe
2015-11-29 17:21 - 2015-07-27 18:51 - 00270848 _____ (drms media group) C:\windows\Provider.dll
2015-11-29 17:21 - 2015-07-27 18:51 - 00102912 _____ (drms media group) C:\windows\Installer.exe
2015-11-29 17:19 - 2015-11-29 17:19 - 00166799 _____ C:\Users\user\Desktop\adobe-lightroom-6.exe
2015-11-29 17:08 - 2015-11-29 17:08 - 23532272 _____ C:\Users\user\Downloads\_MG_4591.CR2
2015-11-29 16:45 - 2015-11-29 17:07 - 156258182 _____ C:\Users\user\Downloads\wetransfer-f73987.zip
2015-11-29 16:13 - 2015-11-29 16:43 - 200728550 _____ C:\Users\user\Downloads\wetransfer-bba56b.zip
2015-11-29 16:11 - 2015-11-29 17:03 - 285761018 _____ C:\Users\user\Downloads\wetransfer-02867c.zip
2015-11-28 14:49 - 2015-11-28 14:55 - 126364805 _____ C:\Users\user\Desktop\Popping to Asda.mp4
2015-11-28 14:26 - 2015-11-30 15:12 - 00000000 ____D C:\Users\user\Desktop\Alge videos
2015-11-26 21:29 - 2015-11-26 21:30 - 00000000 ____D C:\Users\user\Desktop\from 1gb card
2015-11-26 17:40 - 2015-11-19 13:27 - 00000428 _____ C:\Users\user\AppData\Roaming\ham.txt
2015-11-26 17:39 - 2015-11-26 17:39 - 00042496 _____ C:\Users\user\AppData\Roaming\Moses.dat
2015-11-26 17:39 - 2015-11-26 17:39 - 00005568 _____ C:\Users\user\AppData\Roaming\md.xml
2015-11-26 17:37 - 2015-11-29 16:40 - 00466944 _____ C:\Users\user\AppData\Roaming\moses.exe
2015-11-26 09:34 - 2015-11-29 16:40 - 09545216 _____ C:\Users\user\AppData\Roaming\agent.dat
2015-11-26 09:34 - 2015-11-29 16:40 - 00060000 _____ C:\Users\user\AppData\Roaming\Config.xml
2015-11-26 09:34 - 2015-11-29 16:40 - 00017920 _____ C:\Users\user\AppData\Roaming\Main.dat
2015-11-23 16:34 - 2015-11-23 16:39 - 61408366 _____ C:\Users\user\Downloads\wetransfer-76339f.zip
2015-11-19 20:33 - 2015-11-19 20:33 - 00033529 _____ C:\Users\user\Downloads\CUMmxBDWcAAQgjf.jpg-large
2015-11-13 12:47 - 2015-11-03 00:23 - 00810488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-13 12:47 - 2015-11-03 00:23 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 18:22 - 2015-11-11 18:23 - 00000000 ____D C:\Users\user\Desktop\Alan's phone
2015-11-11 14:32 - 2015-11-11 23:41 - 00029391 _____ C:\Users\user\Desktop\Untitled 1.odt
2015-11-11 12:36 - 2015-10-30 23:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-11 12:36 - 2015-10-30 23:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-11 12:36 - 2015-10-30 23:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-11 12:36 - 2015-10-30 23:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-11 12:36 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-11 12:36 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-11 12:36 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-11 12:36 - 2015-10-30 22:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-11 12:36 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-11 12:36 - 2015-10-20 21:54 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-11 12:36 - 2015-10-20 14:53 - 03705856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-11 12:36 - 2015-10-20 14:36 - 02243072 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-11 12:36 - 2015-10-20 14:35 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-11 12:36 - 2015-10-20 14:34 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-11-11 12:36 - 2015-10-20 14:34 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-11 12:36 - 2015-10-20 14:34 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-11 12:36 - 2015-10-20 14:33 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-11 12:36 - 2015-10-20 14:14 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-11 12:36 - 2015-10-20 14:13 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-11 12:36 - 2015-10-20 14:13 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-11 12:36 - 2015-10-20 14:13 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-11 12:36 - 2015-10-15 16:08 - 00990208 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-11 12:36 - 2015-10-15 15:46 - 00803328 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-11 12:36 - 2015-10-14 23:02 - 07455064 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-11 12:36 - 2015-10-14 23:02 - 01659560 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-11-11 12:36 - 2015-10-14 23:02 - 01519592 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-11-11 12:36 - 2015-10-14 23:02 - 01487008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-11-11 12:36 - 2015-10-14 23:02 - 01355848 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-11-11 12:36 - 2015-10-13 17:10 - 00559616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 12:36 - 2015-10-13 17:10 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 12:36 - 2015-10-13 15:59 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00120376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00106952 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2015-11-11 12:36 - 2015-10-13 15:59 - 00091416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2015-11-11 12:36 - 2015-10-11 06:36 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-11 12:36 - 2015-10-11 06:36 - 00177496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-11 12:36 - 2015-10-10 18:40 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-11 12:36 - 2015-10-10 18:39 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-11 12:36 - 2015-10-10 18:07 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-11-11 12:36 - 2015-10-10 17:33 - 01441280 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-11 12:36 - 2015-10-10 17:27 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-11 12:36 - 2015-10-10 17:11 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-11-11 12:36 - 2015-10-10 16:45 - 00359424 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-11 12:36 - 2015-09-29 12:24 - 00155480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2015-11-11 12:36 - 2015-09-12 13:47 - 00414559 _____ C:\windows\system32\ApnDatabase.xml
2015-11-11 12:36 - 2015-09-07 16:22 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-11-11 12:36 - 2015-09-07 15:54 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-11-11 12:36 - 2015-09-07 15:30 - 01091584 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-11-11 12:36 - 2015-09-04 19:24 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tunnel.sys
2015-11-11 12:36 - 2015-08-28 22:20 - 00183368 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2015-11-11 12:36 - 2015-08-20 20:45 - 01380048 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-11-11 12:36 - 2015-08-20 17:48 - 01096704 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-11-11 12:36 - 2014-11-05 01:41 - 00558080 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2015-11-11 12:36 - 2014-11-05 01:18 - 00507392 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2015-11-11 12:35 - 2015-10-30 23:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-11 12:35 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-11 12:35 - 2015-10-30 22:39 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-11-11 12:35 - 2015-10-30 22:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-11 12:35 - 2015-10-30 22:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-11 12:35 - 2015-10-30 22:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-11 12:35 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-11 12:35 - 2015-10-30 22:14 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-11-11 12:35 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-11 12:35 - 2015-10-30 22:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-11 12:35 - 2015-10-30 21:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-11 12:35 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-11 12:35 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-11 12:35 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-11 12:35 - 2015-10-08 16:08 - 01083904 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2015-11-11 12:35 - 2015-08-10 18:15 - 00845312 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2015-11-11 12:35 - 2015-08-10 18:06 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2015-11-11 12:35 - 2015-08-10 17:49 - 00713216 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2015-11-11 12:35 - 2015-08-10 16:56 - 00272384 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 12:35 - 2015-08-10 16:46 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2015-11-11 12:35 - 2014-11-10 18:06 - 00136512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2015-11-11 12:34 - 2015-10-17 14:19 - 04176384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-08 23:43 - 2015-11-09 01:30 - 1135651626 _____ C:\Users\user\Downloads\wetransfer-2e0a9d.zip
2015-11-02 21:55 - 2015-11-02 22:13 - 184678334 _____ C:\Users\user\Downloads\wetransfer-71bae5.zip
2015-11-01 19:57 - 2015-11-01 20:11 - 183707018 _____ C:\Users\user\Downloads\wetransfer-99bf50.zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-30 19:33 - 2013-08-22 13:36 - 00000000 ____D C:\Windows
2015-11-30 19:04 - 2015-06-17 12:41 - 00000920 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-30 17:28 - 2015-05-29 03:45 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-405398818-1581397194-2991210944-1001
2015-11-30 14:39 - 2014-03-18 09:53 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-30 14:39 - 2013-08-22 13:36 - 00000000 ____D C:\windows\Inf
2015-11-30 13:29 - 2015-06-17 10:32 - 00003914 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{63C84DC5-E145-4787-BEDA-824EAF71F58D}
2015-11-29 18:44 - 2015-06-17 12:41 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-29 18:43 - 2013-08-22 14:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-29 18:42 - 2015-06-22 11:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2015-11-29 18:42 - 2015-02-16 14:18 - 00008704 _____ C:\windows\system32\VfService.trf
2015-11-29 18:06 - 2015-06-17 12:44 - 00002226 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-29 18:06 - 2015-05-29 03:39 - 00001441 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-29 18:02 - 2015-06-22 11:06 - 00000000 ____D C:\Users\user\AppData\Local\Spotify
2015-11-29 17:26 - 2015-06-24 10:14 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2015-11-29 14:58 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-11-28 12:44 - 2015-06-23 16:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-22 13:54 - 2013-08-22 15:36 - 00000000 ____D C:\windows\AppReadiness
2015-11-13 19:19 - 2013-08-22 15:36 - 00000000 ____D C:\windows\rescache
2015-11-13 18:22 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-13 18:19 - 2015-02-16 14:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-13 12:53 - 2013-08-22 14:44 - 00543888 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-13 12:45 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-11-13 12:43 - 2015-02-16 14:11 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-11-13 12:42 - 2013-08-22 15:36 - 00000000 ___RD C:\windows\ToastData
2015-11-12 21:48 - 2015-06-24 00:33 - 00000058 _____ C:\Users\user\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2015-11-12 13:43 - 2013-08-22 15:20 - 00000000 ____D C:\windows\CbsTemp
2015-11-12 13:30 - 2015-06-17 12:19 - 00000000 ____D C:\windows\system32\MRT
2015-11-12 13:21 - 2015-06-17 12:19 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-11 20:41 - 2015-05-29 03:40 - 00000000 ____D C:\Users\user\Documents\Bluetooth Folder
2015-11-11 18:18 - 2015-02-16 14:11 - 00000000 ____D C:\ProgramData\McAfee
2015-11-11 13:42 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-09 19:54 - 2015-07-17 16:57 - 00000000 ____D C:\Users\user\Desktop\Aidy's stuff
2015-11-09 15:46 - 2015-07-21 23:23 - 00003348 _____ C:\windows\System32\Tasks\McAfee Remediation (Prepare)
2015-11-03 13:03 - 2015-06-22 15:34 - 00003090 _____ C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-405398818-1581397194-2991210944-1001
2015-11-03 13:03 - 2015-06-22 15:34 - 00000000 ___RD C:\Users\user\OneDrive
2015-11-02 19:14 - 2013-08-22 15:36 - 00000000 ____D C:\windows\system32\NDF
2015-11-01 20:42 - 2015-06-23 16:54 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
==================== Files in the root of some directories =======
2015-11-26 09:34 - 2015-11-29 16:40 - 9545216 _____ () C:\Users\user\AppData\Roaming\agent.dat
2015-11-26 09:34 - 2015-11-29 16:40 - 0060000 _____ () C:\Users\user\AppData\Roaming\Config.xml
2015-11-26 17:40 - 2015-11-19 13:27 - 0000428 _____ () C:\Users\user\AppData\Roaming\ham.txt
2015-11-26 09:34 - 2015-11-29 16:40 - 0017920 _____ () C:\Users\user\AppData\Roaming\Main.dat
2015-11-26 17:39 - 2015-11-26 17:39 - 0005568 _____ () C:\Users\user\AppData\Roaming\md.xml
2015-11-26 17:39 - 2015-11-26 17:39 - 0042496 _____ () C:\Users\user\AppData\Roaming\Moses.dat
2015-11-26 17:37 - 2015-11-29 16:40 - 0466944 _____ () C:\Users\user\AppData\Roaming\moses.exe
2015-11-26 17:40 - 2015-11-19 13:26 - 0004134 _____ () C:\Users\user\AppData\Roaming\shem.jpg
2015-06-24 00:33 - 2015-11-12 21:48 - 0000058 _____ () C:\Users\user\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2015-08-25 18:29 - 2015-08-25 18:29 - 0000000 _____ () C:\Users\user\AppData\Local\{706F095F-B29D-4A09-8D4A-F875D2420C7C}
2015-08-25 18:19 - 2015-08-25 18:19 - 0000000 _____ () C:\Users\user\AppData\Local\{A234AAB2-5E52-4D27-83CE-8487D3CF4C5D}
2015-02-16 13:18 - 2015-02-16 13:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\5B97.exe
C:\Users\user\AppData\Local\Temp\Domdondax.exe
C:\Users\user\AppData\Local\Temp\dotNetFx40_Web_Setup.exe
C:\Users\user\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\user\AppData\Local\Temp\oct1B6C.tmp.exe
C:\Users\user\AppData\Local\Temp\oct3C31.tmp.exe
C:\Users\user\AppData\Local\Temp\oct4FF7.tmp.exe
C:\Users\user\AppData\Local\Temp\oct514.tmp.exe
C:\Users\user\AppData\Local\Temp\oct6787.tmp.exe
C:\Users\user\AppData\Local\Temp\oct948C.tmp.exe
C:\Users\user\AppData\Local\Temp\octA9F3.tmp.exe
C:\Users\user\AppData\Local\Temp\octEBA0.tmp.exe
C:\Users\user\AppData\Local\Temp\Quotestring.exe
C:\Users\user\AppData\Local\Temp\Ruby.exe
C:\Users\user\AppData\Local\Temp\Uninstall.exe
C:\Users\user\AppData\Local\Temp\Zondontech.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-27 11:23
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-11-2015
Ran by user (2015-11-30 19:35:35)
Running from C:\Users\user\Downloads
Windows 8.1 (X64) (2015-05-29 03:37:38)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-405398818-1581397194-2991210944-500 - Administrator - Disabled)
Guest (S-1-5-21-405398818-1581397194-2991210944-501 - Limited - Disabled)
user (S-1-5-21-405398818-1581397194-2991210944-1001 - Administrator - Enabled) => C:\Users\user
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Advanced Calendar 2.0 (HKLM\...\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}) (Version: 2.0.0.11061 - TopTools100) <==== ATTENTION
Amazon 1Button App (HKLM-x32\...\{3E69CC95-C0F6-4C74-8F43-74F9046F20B2}) (Version: 1.0.10 - Amazon)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: 3.5.13.70 - ArcSoft)
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - )
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.4505 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DaVinci Resolve (HKLM\...\{131F8AE4-9933-4C05-8C22-87D5160501A6}) (Version: 11.3.1018 - Blackmagic Design)
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
Fotor 2.0.2 (HKLM-x32\...\Fotor) (Version: 2.0.2 - Everimaging Co., Ltd.)
Free Video Compressor (HKLM-x32\...\{01554C33-4131-4BC7-9E6D-AF85E02BDF4F}_is1) (Version: - freevideocompressor.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3910 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.14.2.9 - ClientConnect LTD) <==== ATTENTION
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1320.2_WHQL - Sonix)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.31.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{13BD494D-9ACD-420B-A291-E145DED92EF6}) (Version: 2.6.001.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
LibreOffice 5.0.1.2 (HKLM-x32\...\{927AE35D-72BC-437D-BAC7-EE47D03DEE54}) (Version: 5.0.1.2 - The Document Foundation)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.0.2.0 - Lightworks)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1076 - McAfee, Inc.)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Screenshot Captor 4.12.0 (HKLM-x32\...\ScreenshotCaptor_is1) (Version: - )
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.8.0 - Lenovo Group Limited)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\Spotify) (Version: 1.0.18.60.g5fe0413d - Spotify AB)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
Video Balance (HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\{B01B81F4-8E99-6BC4-EFB0-41B64BA5D3F1}) (Version: 1.2.9 - Buzz Virtual corp)
Video Capture Driver Install 64bit 6.0.113 (HKLM-x32\...\{EFEF320F-538D-4314-BCDB-161AE603A9EA}) (Version: 6.0.113 - geniatech)
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wondershare Video Editor(Build 5.1.1) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
11-11-2015 13:02:22 Windows Update
22-11-2015 13:09:10 Scheduled Checkpoint
30-11-2015 17:37:16 Removed DaVinci Resolve
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0042E4A1-C602-49FF-A96A-AD7C83ECE852} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-405398818-1581397194-2991210944-1001 => C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-11-03] (Microsoft Corporation)
Task: {00A51E89-899E-4707-8BC6-B76BB0BDB388} - System32\Tasks\psv_Holdair => cmd.exe /c regedit.exe /s "C:\ProgramData\Solotough\Cofcom.reg" & del "C:\ProgramData\Solotough\Cofcom.reg" & SCHTASKS /Delete /TN "psv_Holdair" /F <==== ATTENTION
Task: {0AFAE707-7C05-4945-A464-5DD51DDB1E0E} - System32\Tasks\{A6111735-B653-471D-91BF-23EDA81C75E0} => pcalua.exe -a "C:\Program Files (x86)\Common Files\SoftHome\uninstall.exe" -c -f "C:\Program Files (x86)\Common Files\SoftHome\uninstall.dat" -a uninstallme 6D4743CF-008D-4A50-8D5B-ED78480F86A5 DeviceId=782441ee-ed3f-b7bc-6d2d-261a946f05c4 BarcodeId=50081003 ChannelId=3 DistributerName=APSFIMonetizer
Task: {0FB4F08C-8729-4618-AFEC-257C236B9AAE} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {1F618DBE-D14E-4F57-9C03-A7CAC9A1E296} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {3B0392EE-693B-4782-ABBD-0A9F3C7DE671} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-09-01] (McAfee, Inc.)
Task: {40A81613-3C81-47AD-843D-550D9BBEB6E6} - System32\Tasks\Pokki => C:\Users\user\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe
Task: {410DFCE0-E38A-4566-9736-C9554D562AB7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {58F8DE4B-975B-4582-A00C-DB2F0539CDFA} - System32\Tasks\psv_Superfresh => cmd.exe /c regedit.exe /s "C:\ProgramData\Solotough\Faxtech.reg" & del "C:\ProgramData\Solotough\Faxtech.reg" & SCHTASKS /Delete /TN "psv_Superfresh" /F <==== ATTENTION
Task: {5CBA88D0-149D-4CCE-BC95-BC8FFC058659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-17] (Google Inc.)
Task: {5E1B6E89-32B8-44A4-AA07-2F1D5804A437} - System32\Tasks\snp => C:\ProgramData\ApphguotoloS\ApphguotoloS.exe [2015-11-29] () <==== ATTENTION
Task: {69A052FA-60CD-4519-84B0-E87502CCF91D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6A519A9F-5808-47AC-9346-9EF1BF6C3E7D} - System32\Tasks\psv_Canfix => cmd.exe /c regedit.exe /s "C:\ProgramData\ApphguotoloS\Villadox.reg" & del "C:\ProgramData\ApphguotoloS\Villadox.reg" & SCHTASKS /Delete /TN "psv_Canfix" /F <==== ATTENTION
Task: {6CEC0E39-9CE7-46DE-9205-A12DB8588111} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {793772A6-78AD-4D53-AD47-D53412C60E6E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-08-19] (Lenovo)
Task: {7B0D50CC-F77B-4850-8529-0B8CFCA19E36} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {9874D8D0-16F7-4153-95C5-4CEEE12DCE7B} - System32\Tasks\psv_Isnix => cmd.exe /c regedit.exe /s "C:\ProgramData\ApphguotoloS\Medfix.reg" & del "C:\ProgramData\ApphguotoloS\Medfix.reg" & SCHTASKS /Delete /TN "psv_Isnix" /F <==== ATTENTION
Task: {9D720787-F4BC-4865-A975-8A81AEF9D822} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-04] (Lenovo)
Task: {A94D406B-674B-4FB1-82B1-2F96A74D0D89} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-07] ()
Task: {AED853EE-B990-4B3C-A3FD-36EDDB7299D8} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-09-04] (Lenovo)
Task: {B760FEB1-125D-4E45-8084-ACAA2100FFC5} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2015-05-06] (McAfee, Inc.)
Task: {BD5266BF-D859-4BF8-AE8E-41FC8F4A0840} - System32\Tasks\Video Balance => Rundll32.exe "C:\Users\user\AppData\Local\Video Balance\{A52D30DE-54D0-EDAB-0134-CE64634DAB11}\VideoBalance.dll",#3
Task: {BFB5167C-90CE-493A-A130-7E9ED2CE10C3} - System32\Tasks\psv_K-Sailphase => cmd.exe /c regedit.exe /s "C:\ProgramData\Solotough\ScotLux.reg" & del "C:\ProgramData\Solotough\ScotLux.reg" & SCHTASKS /Delete /TN "psv_K-Sailphase" /F <==== ATTENTION
Task: {C1070CDC-1096-403F-A06F-FE0A69F0C5DB} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-04] ()
Task: {C168FCE9-7B4A-4EDD-A097-8AA8B15111E8} - System32\Tasks\snf => C:\ProgramData\ApphguotoloS\ApphguotoloS.exe [2015-11-29] () <==== ATTENTION
Task: {CC36F4E3-B59C-4A77-8EAD-0D649DDA6694} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-17] (Google Inc.)
Task: {D06DBF16-C6BC-43D3-9BE5-602F267898A7} - System32\Tasks\psv_Isfinity => cmd.exe /c regedit.exe /s "C:\ProgramData\ApphguotoloS\ZamSiljob.reg" & del "C:\ProgramData\ApphguotoloS\ZamSiljob.reg" & SCHTASKS /Delete /TN "psv_Isfinity" /F <==== ATTENTION
Task: {D91142A6-145D-490F-A403-2DCB2D9B315D} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-09-04] (Lenovo)
Task: {E86E8CD7-6CD0-46F2-868C-28E682768A71} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {EAB782FB-4E8E-4E90-A696-2527F115CD2C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-11-01] (Microsoft Corporation)
Task: {F3168E9E-A2E8-4ADC-B3CC-8739933CB13D} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-09-11] (Maxthon International ltd.)
Task: {F3DD5A64-0223-4C18-B484-3C1127ACC18F} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-04] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-11-29 18:06 - 2015-11-29 16:40 - 00466944 _____ () C:\ProgramData\ApphguotoloS\ApphguotoloS.exe
2015-11-29 17:26 - 2015-11-29 12:40 - 00466944 _____ () C:\ProgramData\ApplicationHosting\ApplicationHosting.exe
2015-09-24 09:22 - 2015-11-01 02:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-02-16 14:14 - 2012-04-24 10:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-11-23 08:41 - 2015-11-23 08:41 - 00151688 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe
2015-02-16 14:18 - 2015-02-16 14:18 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2015-02-16 14:18 - 2015-02-16 14:18 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2015-11-23 08:42 - 2015-11-23 08:42 - 03999880 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11061\Calendar.exe
2015-11-23 08:42 - 2015-11-23 08:42 - 00158344 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarEntry.dll
2015-11-13 18:17 - 2015-11-01 10:11 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-10-30 06:22 - 2013-10-30 06:22 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-10-30 06:19 - 2013-10-30 06:19 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2015-02-16 13:18 - 2010-10-26 04:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2013-10-30 06:26 - 2013-10-30 06:26 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-02-16 14:09 - 2014-07-10 01:19 - 00592880 _____ () C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
2015-11-29 17:42 - 2015-11-29 17:42 - 00030720 _____ () C:\Users\user\AppData\Local\Video Balance\{A52D30DE-54D0-EDAB-0134-CE64634DAB11}\VideoBalance.dll
2015-11-29 17:42 - 2015-11-29 17:42 - 00010752 _____ () C:\Users\user\AppData\Local\Video Balance\{A52D30DE-54D0-EDAB-0134-CE64634DAB11}\wboy.dll
2015-02-16 14:15 - 2014-07-04 04:35 - 00627672 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2014-07-04 20:35 - 2014-07-04 20:35 - 00016856 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2015-06-21 15:55 - 2014-09-11 17:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-06-21 15:55 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-02-16 13:15 - 2013-09-16 19:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-11-11 23:07 - 2015-11-07 04:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 23:07 - 2015-11-07 04:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2015-11-11 23:07 - 2015-11-07 04:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-405398818-1581397194-2991210944-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0ECAEA96-4630-4187-8EFC-E82D557157CC}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{46BB3AC8-8F98-4FCE-9258-309B91CA83E8}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{B1457077-5FA4-4DDE-95FF-6EBB949BC56F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{2E5490DF-B9DA-472D-899B-9ACC34DB5915}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{D9D25109-56FD-482C-97C9-ED02CE582E74}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{ED6D1817-C3DA-4B2E-BE54-7C0B0DFA2454}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{1AB2091F-3328-4E7E-933C-EE99ED17CAD4}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{F5354B0A-6CCF-4260-8842-7540BDA6EEFB}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{9538C028-EEE7-449D-AC27-D3F91AF331D1}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{DA6138B5-3DFC-4460-9BA3-C55F204E83A9}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{15DBDCF2-1D11-43C6-8BB0-56A9EA9EBEB7}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
FirewallRules: [{CC129EC1-A46C-49E6-8ED3-A0B03A4D856F}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{EC455C73-C7AD-4C77-9964-6246A6BBCA10}] => (Allow) LPort=55100
FirewallRules: [{8D4C8E91-897F-47CB-8172-925FABE8559F}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{213D0643-2472-4019-818E-935D778F9B1F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{29C6562B-CCC5-44A3-824A-5028DEF29FE7}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{D194336F-872E-41AF-9D7F-D7D4AB7027CF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{1E464580-992E-487D-BC37-6B0DD358C74F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{795D8815-FFF0-4F86-BE68-5F640E0A1D0C}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{A497AEB3-8B1A-4D41-B638-6B32EA518667}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{AB4527E8-F458-48A7-A909-91F632F4C20D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{7D5E8E93-2113-4CF7-A7AA-7DBE18823F2C}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{8AB1BBCE-EE41-4C8C-87B8-1333EE80FD68}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{D62D6CC0-0EF1-4DDE-B2AC-1F9DAD02DC67}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{93258D2D-0FB6-44A1-8899-6BC28FE224C4}] => (Allow) LPort=2869
FirewallRules: [{2730A6F4-2E02-4CD6-976E-17F8138511B3}] => (Allow) LPort=1900
FirewallRules: [{AFAB9DB2-A968-4D05-8980-F87E70D44B35}] => (Allow) C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{9470777D-35EC-4D83-B8E7-7C8F972020CB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{20ACF1C0-B929-44FB-B283-1187462D9C14}] => (Allow) C:\Program Files (x86)\Lightworks\Lightworks.exe
FirewallRules: [{56C69254-CD6D-40F5-835B-4BB815C205C1}] => (Allow) C:\Program Files (x86)\Lightworks\Lightworks.exe
FirewallRules: [{D0E66874-53A7-444D-AA53-F268C976D39D}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe
FirewallRules: [{DEB63A2F-5DEE-4A37-8513-A191DE435000}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe
FirewallRules: [{7ACDDEFC-D65C-42E5-9893-49B926EA35A9}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{A13F688B-C2B3-4E04-AEAD-7AC1CDE8B921}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{682865A2-48C3-4F33-814E-EE70447D1B89}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{66A7C156-C7C6-42A7-B962-C660865A1BC4}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [TCP Query User{C0F5FF72-8A31-4291-891B-A1FB0D57AA64}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3B5A6EA9-F978-4CFB-8C88-A8E1B8DDFEB9}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{853794CA-EFF3-48F7-8FDE-FAE624D7257B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{5C1705EB-404B-4319-AE68-0E03C0E6CA32}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{9B66572B-7748-4FB8-8A2E-D6C72C50543D}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1D11CFF0-739F-45E9-BA93-CBC804B99DE9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/30/2015 03:01:22 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
Error: (11/30/2015 01:48:23 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (11/30/2015 01:21:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 46.0.2490.86 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1548
Start Time: 01d12ad60317c54e
Termination Time: 570
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Report Id: ac3704d8-9700-11e5-82d8-d053495aa0a6
Faulting package full name:
Faulting package-relative application ID:
Error: (11/29/2015 05:27:32 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (11/29/2015 05:26:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DPE.exe, version: 1.0.0.0, time stamp: 0x55c8a75a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffcb25e7a0c
Faulting process id: 0x1afc
Faulting application start time: 0xDPE.exe0
Faulting application path: DPE.exe1
Faulting module path: DPE.exe2
Report Id: DPE.exe3
Faulting package full name: DPE.exe4
Faulting package-relative application ID: DPE.exe5
Error: (11/29/2015 05:26:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DPE.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at A..()
at A..(System.String[])
Error: (11/29/2015 03:01:33 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
Error: (11/29/2015 01:21:36 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (11/28/2015 03:01:23 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
Error: (11/28/2015 02:53:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1668
Start Time: 01d129ec528cf9f6
Termination Time: 27
Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Report Id: c97b6af0-95df-11e5-82d3-d053495aa0a6
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (11/30/2015 05:10:29 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.66.
The computer with the IP address 192.168.1.65 did not allow the name to be claimed by
this computer.
Error: (11/29/2015 06:44:14 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LenovouserS-1-5-21-405398818-1581397194-2991210944-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (11/29/2015 06:44:13 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LenovouserS-1-5-21-405398818-1581397194-2991210944-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (11/29/2015 06:44:13 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LenovouserS-1-5-21-405398818-1581397194-2991210944-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (11/29/2015 06:44:13 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LenovouserS-1-5-21-405398818-1581397194-2991210944-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (11/29/2015 06:44:13 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LenovouserS-1-5-21-405398818-1581397194-2991210944-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (11/29/2015 06:44:13 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LenovouserS-1-5-21-405398818-1581397194-2991210944-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (11/29/2015 05:54:43 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (11/29/2015 05:54:43 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (11/29/2015 05:54:37 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 32%
Total physical RAM: 8084.27 MB
Available physical RAM: 5445.09 MB
Total Virtual: 10420.27 MB
Available Virtual: 7210.28 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:889.58 GB) (Free:765.52 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.04 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D0C16BCC)
Partition: GPT.
==================== End of Addition.txt ============================