IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

Restrictive Malware on Windows 10 Laptop

8434 Views 34 Replies 2 Participants Last post by Outdacell, Jul 13, 2017

Outdacell

Discussion Starter · Jul 10, 2017

I know I have some malware on this laptop but when attempting to remove it (via antimalware software) it handicaps the software. Whether its not allowing definition updates to Malwarebytes or SuperAntiSpyware, or not running TDSSKiller or freezing up Malwarebytes Anti Rootkit Beta scanner. I've even removed antispyware software because of how useless it really was. I even tried booting the PC into safemode and tried running these applications and every last one said the resource was already running even though the PC was just booted up with nothing running.

I need some help before this gets any worse. Any ideas?

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 8
RAM: 8120 Mb
Graphics Card: Intel(R) HD Graphics 4600, 1024 Mb
Hard Drives: C: 697 GB (506 GB Free);
Motherboard: Type2 - Board Vendor Name1, Type2 - Board Product Name1
Antivirus: Windows Defender, Enabled and Updated

Status: Not open for further replies.

1 - 20 of 35 Posts

Outdacell

Discussion Starter · #2 · Jul 11, 2017

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by Sharon-Toshiba (administrator) on DESKTOP-RL5BCH2 (10-07-2017 22:12:41)
Running from C:\Users\Sharon-Toshiba\Downloads
Loaded Profiles: Sharon-Toshiba (Available Profiles: defaultuser0 & Sharon-Toshiba)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\dataup\dataup.exe
() C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Windows\System32\tprdpw64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Google, Inc) C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
() C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda\cshzvz\ct.exe
() C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [601944 2015-08-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [559920 2015-10-09] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369240 2015-10-20] (Microsoft Corp.)
HKLM-x32\...\Run: [TSUScheduler] => C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe [923520 2011-08-18] (TOSHIBA Corporation)
HKLM-x32\...\Run: [cpx] => "C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [Dashlane] => C:\Users\Sharon-Toshiba\AppData\Roaming\Dashlane\Dashlane.exe [505296 2017-06-29] (Dashlane, Inc.)
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [DashlanePlugin] => C:\Users\Sharon-Toshiba\AppData\Roaming\Dashlane\DashlanePlugin.exe [552400 2017-06-29] (Dashlane, Inc.)
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7963552 2017-06-12] (SUPERAntiSpyware)
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [Google Update] => C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [Google Photos Backup] => C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-24] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [MusicManager] => C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-01] (Google Inc.)
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [Spotify Web Helper] => C:\Users\Sharon-Toshiba\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-16] (Spotify Ltd)
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4022328 2017-05-25] (Tonec Inc.)
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [InterStat] => C:\Users\Sharon-Toshiba\AppData\Roaming\InterStat\interstat.exe <==== ATTENTION
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [GoogleChromeAutoLaunch_5E9B00E50FBF7F4CE97A3FE9A19AA703] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2017-07-10]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2017-03-17]
ShortcutTarget: Slack.lnk -> C:\Users\Sharon-Toshiba\AppData\Local\slack\slack.exe (Slack Technologies)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 4.2.2.1
Tcpip\..\Interfaces\{314a7f20-9c10-454a-9f70-ba6bc0b00dfe}: [DhcpNameServer] 4.2.2.1
Tcpip\..\Interfaces\{4b3b1d40-78f9-45a8-a2d5-40e1d7cf8a39}: [DhcpNameServer] 8.8.8.8
Internet Explorer:
==================
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-07-04] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-04] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-07-04] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-04] (Oracle Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Sharon-Toshiba\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2017-06-29] (Dashlane, Inc.)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Edge:
======
Edge Extension: (Office Online) -> 2016_MicrosoftOfficeOnline_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.OfficeOnline_1.5.1.0_neutral__8wekyb3d8bbwe [2017-05-15]
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.1.6.0_neutral__c1wakc4j0nefm [2017-05-26]
Edge Extension: (Pin It Button) -> EdgeExtension_PinterestPinItButton_xnkra2w3aecd0 => C:\Program Files\WindowsApps\Pinterest.PinItButton_1.39.5.0_neutral__xnkra2w3aecd0 [2017-04-15]
Edge Extension: (Save to Pocket) -> EdgeExtension_PocketSavetoPocket_v63j13wrfzj3t => C:\Program Files\WindowsApps\Pocket.SavetoPocket_2.0.38.0_neutral__v63j13wrfzj3t [2017-04-06]
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.45.0_neutral__qq0fmhteeht3j [2017-06-23]
Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.16.0_neutral__8wekyb3d8bbwe [2017-04-15]
FireFox:
========
FF DefaultProfile: 2y9roifj.default
FF DefaultProfile: [email protected]
FF ProfilePath: C:\Users\Sharon-Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2y9roifj.default [2017-06-30]
FF Session Restore: Mozilla\Firefox\Profiles\2y9roifj.default -> is enabled.
FF Extension: (Emoji Keyboard) - C:\Users\Sharon-Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2y9roifj.default\Extensions\@emojikeyboard.xpi [2017-06-22]
FF Extension: (Enhancer for YouTube™) - C:\Users\Sharon-Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2y9roifj.default\Extensions\[email protected] [2017-03-25]
FF Extension: (Dashlane) - C:\Users\Sharon-Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2y9roifj.default\Extensions\[email protected] [2017-06-22]
FF Extension: (uBlock Origin) - C:\Users\Sharon-Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2y9roifj.default\Extensions\[email protected] [2017-06-22]
FF HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-05-16]
FF HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Sharon-Toshiba\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Sharon-Toshiba\AppData\Roaming\IDM\idmmzcc5 [2017-06-07] [not signed]
FF HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2016-03-03] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: logmeonce.com/LogmeOnce -> C:\Program Files (x86)\LogmeOnce\nplogmeonce.dll [No File]
FF Plugin HKU\S-1-5-21-1391234854-2931249872-507013314-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Sharon-Toshiba\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1391234854-2931249872-507013314-1001: @talk.google.com/O1DPlugin -> C:\Users\Sharon-Toshiba\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1391234854-2931249872-507013314-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1391234854-2931249872-507013314-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Sharon-Toshiba\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Sharon-Toshiba\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.trovi.com/?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=IFD16E428-4DBC-4DF1-9DBE-1A0EC18048F4&SearchSource=55&CUI=&UM=8&UP=SP8D5DC7D9-9954-4ED7-87CD-9BCDE28EEBEC&D=060115&SSPV="
CHR DefaultSearchURL: Default -> chrome-extension://chphlpgkkbolifaimnlloiipkdnihall/onetab.html
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default [2017-07-10]
CHR Extension: (Google Translate) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-07-01]
CHR Extension: (Scribd Downloader Free) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aijgbekkajnbfllinekkbcibhnmgkcne [2017-03-10]
CHR Extension: (Google Drive) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-08]
CHR Extension: (MEGA) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-06-30]
CHR Extension: (YouTube) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-08]
CHR Extension: (Adblock Plus) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (OneTab) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-03-08]
CHR Extension: (OneNote Online) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciniambnphakdoflgeamacamhfllbkmo [2017-03-08]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2017-03-08]
CHR Extension: (Download Manager) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\daoidaoebhfcgccdpgjjcbdginkofmfe [2017-03-08]
CHR Extension: (MiniPlay) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfddfiedihbijfeacjamchlliogmjjnd [2017-03-09]
CHR Extension: (Session Buddy) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2017-07-05]
CHR Extension: (Google Calendar) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-03-08]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2017-03-08]
CHR Extension: (Google Play Music) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-07-10]
CHR Extension: (Dashlane Secure Password Manager) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2017-07-06]
CHR Extension: (Bookmark Manager) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2017-03-08]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2017-03-08]
CHR Extension: (Google Photos) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2017-03-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-06-30]
CHR Extension: (ImageSpark - Ultimate Image Downloader) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hooaoionkjogngfhjjniefmenehnopag [2017-03-16]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2017-03-08]
CHR Extension: (Google Play Music) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2017-03-08]
CHR Extension: (Zillow) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\iifccoboedmhjapdlpgkigibgnkmdjoh [2017-03-08]
CHR Extension: (Unpaywall) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplffkdpngmdjhlpjmppncnlhomiipha [2017-06-20]
CHR Extension: (Grammarly for Chrome) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-10]
CHR Extension: (Google Hangouts) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-05-26]
CHR Extension: (SoundCloud Downloader Free) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2017-03-08]
CHR Extension: (Google Maps) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-03-08]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-03-08]
CHR Extension: (Pocket) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2017-03-08]
CHR Extension: (OneDrive) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2017-03-08]
CHR Extension: (IDM Integration Module) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-06-30]
CHR Extension: (Save to Pocket) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2017-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Hover Zoom) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2017-04-14]
CHR Extension: (Gmail) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-30]
CHR Extension: (Clearbit Connect - Supercharge Gmail™) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnhcgfcafcnkbengdcanjablaabjplo [2017-03-08]
CHR Extension: (Enhancer for YouTube™) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2017-07-10]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]
CHR HKU\S-1-5-21-1391234854-2931249872-507013314-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]
Opera:
=======
OPR Extension: (Google Translate) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-04-10]
OPR Extension: (Scribd Downloader Free) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\aijgbekkajnbfllinekkbcibhnmgkcne [2017-04-08]
OPR Extension: (Scribd Downloader Free) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\fbfifpkeojjlabelpjdgonmigjofgoim [2017-05-15]
OPR Extension: (Google Scholar Adder) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmjdgeladpkegliclimggpbbkamkhomb [2017-04-07]
OPR Extension: (Pocket (formerly Read It Later)) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\hedlhkdmdlcjhiblbmfggdiaeekblnoi [2017-04-07]
OPR Extension: (LastPass: Free Password Manager) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2017-07-01]
OPR Extension: (Toolbox for Google Play Store™) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\ijoigpeoogooiilehgffdnidbminnfmc [2017-04-07]
OPR Extension: (Unpaywall) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\iplffkdpngmdjhlpjmppncnlhomiipha [2017-06-01]
OPR Extension: (Grammarly for Chrome) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-01]
OPR Extension: (GooglePlus Full-Size) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbgdfdhfmcibgdohjihdkeeedgdhlmke [2017-04-07]
OPR Extension: (Download Chrome Extension) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2017-04-07]
OPR Extension: (Youtube Downloader) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\mdpelnicjpejiahnbkdohfjglhmaohcb [2017-06-07]
OPR Extension: (Google Dictionary (by Google)) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-04-07]
OPR Extension: (Huntr: Job Search Tracker ) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\mihdfbecejheednfigjpdacgeilhlmnf [2017-07-01]
OPR Extension: (IDM Integration Module) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-06-23]
OPR Extension: (Scribd Downloader Free) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2017-06-23]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"drmkpro64" => service could not be unlocked. <==== ATTENTION
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corp.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-24] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-24] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-24] (BlueStack Systems, Inc.)
R2 Dataup; C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2016-12-02] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [327320 2016-03-03] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [417944 2016-03-03] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2015-09-22] (CyberLink)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda\cshzvz\ct.exe [689664 2017-05-30] () [File not signed] <==== ATTENTION
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-24] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-22] (Bluestack System Inc. )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-05-31] ()
R1 HssDRV6; C:\WINDOWS\system32\DRIVERS\hssdrv6.sys [44648 2015-09-18] (AnchorFree Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2016-12-12] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-22] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-22] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-22] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-07-10] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [92088 2017-03-23] (Malwarebytes)
R1 MpKslaf4bbe7b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D57D94D4-4E56-4DC1-9C00-E85D52ED7149}\MpKslaf4bbe7b.sys [44928 2017-07-10] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2017-03-18] (Intel Corporation)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72792 2017-05-04] (Synaptics Incorporated)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42088 2015-09-18] (Anchorfree Inc.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [52816 2016-08-03] (Toshiba Client Solutions Co., Ltd.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-03-17] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-10 22:12 - 2017-07-10 22:14 - 00035461 _____ C:\Users\Sharon-Toshiba\Downloads\FRST.txt
2017-07-10 22:11 - 2017-07-10 22:12 - 00000000 ____D C:\FRST
2017-07-10 20:26 - 2017-07-10 20:26 - 02437120 _____ (Farbar) C:\Users\Sharon-Toshiba\Downloads\FRST64.exe
2017-07-10 20:14 - 2017-07-10 20:16 - 02338496 _____ C:\Users\Sharon-Toshiba\Downloads\Hitlers Black Victims - Clarence Lusane.pdf
2017-07-10 17:35 - 2017-07-10 17:45 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-07-10 17:33 - 2017-07-10 17:46 - 00000000 ____D C:\WINDOWS\pss
2017-07-10 17:32 - 2017-07-10 17:32 - 00000000 ___HD C:\OneDriveTemp
2017-07-10 17:23 - 2017-07-10 17:24 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Sharon-Toshiba\Desktop\tdsskiller.exe
2017-07-10 15:42 - 2017-07-10 15:42 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-07-10 15:40 - 2017-07-10 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2017-07-10 15:40 - 2017-07-10 15:40 - 00000000 ____D C:\Program Files (x86)\EMET 5.5
2017-07-10 15:39 - 2017-07-10 15:39 - 00001067 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-07-10 15:16 - 2017-07-10 15:16 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2017-07-10 15:16 - 2017-07-10 15:16 - 00000000 ____D C:\Program Files (x86)\Secunia
2017-07-05 00:02 - 2017-07-05 00:02 - 01192400 _____ C:\WINDOWS\is-MAP9U.exe
2017-07-05 00:02 - 2017-07-05 00:02 - 00022709 _____ C:\WINDOWS\is-MAP9U.msg
2017-07-05 00:02 - 2017-07-05 00:02 - 00000334 _____ C:\WINDOWS\is-MAP9U.lst
2017-07-04 23:56 - 2017-07-04 23:56 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2017-07-04 22:15 - 2017-07-10 17:27 - 00000000 ____D C:\Program Files\AVAST Software
2017-07-04 22:13 - 2017-07-04 22:13 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-07-04 22:11 - 2017-07-04 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-07-04 22:11 - 2017-07-04 22:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-07-04 22:07 - 2017-07-04 22:07 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-07-04 22:06 - 2017-07-04 22:06 - 00000000 ____D C:\Program Files\Java
2017-07-04 21:56 - 2017-07-04 21:56 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-07-04 21:55 - 2017-07-04 21:55 - 00000000 ____D C:\Program Files (x86)\Java
2017-07-04 20:00 - 2017-07-10 15:38 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-01 03:49 - 2017-07-01 03:50 - 00546716 _____ C:\WINDOWS\Minidump\070117-33906-01.dmp
2017-07-01 03:49 - 2017-07-01 03:49 - 960298518 _____ C:\WINDOWS\MEMORY.DMP
2017-07-01 03:49 - 2017-07-01 03:49 - 00000000 ____D C:\WINDOWS\Minidump
2017-07-01 03:32 - 2017-07-01 03:32 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-07-01 03:26 - 2017-07-01 03:26 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Sun
2017-07-01 03:25 - 2017-07-04 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-01 03:21 - 2017-07-01 03:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-07-01 03:16 - 2017-07-01 03:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-07-01 03:16 - 2017-07-01 03:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-07-01 03:15 - 2017-07-01 03:15 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2017-07-01 03:15 - 2017-07-01 03:15 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2017-07-01 03:15 - 2017-07-01 03:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-07-01 03:14 - 2017-07-01 03:14 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-01 03:11 - 2017-07-10 17:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-01 03:11 - 2017-07-04 21:31 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-01 03:11 - 2017-07-04 21:31 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-01 03:09 - 2017-07-04 20:08 - 00003966 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1498892944
2017-07-01 03:09 - 2017-07-04 20:08 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-07-01 00:18 - 2017-07-01 00:18 - 00128728 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2017-06-30 22:50 - 2017-06-30 22:50 - 00000085 _____ C:\WINDOWS\wininit.ini
2017-06-30 22:22 - 2017-06-30 22:22 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-06-30 22:21 - 2017-07-01 00:02 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-06-30 22:21 - 2017-06-30 22:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-06-30 22:17 - 2017-07-10 17:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-06-30 22:14 - 2017-07-10 15:02 - 00000000 ____D C:\Users\Sharon-Toshiba\Desktop\mbar
2017-06-30 21:58 - 2017-06-30 22:08 - 00000000 ____D C:\AdwCleaner
2017-06-30 20:19 - 2017-07-04 22:11 - 00001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-06-30 17:35 - 2017-06-30 17:35 - 00000000 ____D C:\SUPERDelete
2017-06-30 17:25 - 2017-07-04 19:59 - 00000662 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-06-30 17:12 - 2017-06-30 20:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\llssoft
2017-06-30 17:02 - 2017-06-30 18:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist
2017-06-30 17:02 - 2017-06-30 17:02 - 00003796 _____ C:\WINDOWS\System32\Tasks\AdapterUpdater
2017-06-30 17:02 - 2017-06-30 17:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\devnull
2017-06-30 17:02 - 2017-06-30 17:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\ggxfkhl
2017-06-30 17:02 - 2017-06-30 17:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda
2017-06-30 17:02 - 2017-06-30 17:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\AdvinstAnalytics
2017-06-30 17:01 - 2017-06-30 17:01 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\c
2017-06-30 17:00 - 2017-06-30 17:00 - 00000000 ____D C:\Program Files (x86)\GenlTybros
2017-06-30 16:54 - 2017-06-30 17:01 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-06-30 16:54 - 2017-06-30 16:55 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\AGData
2017-06-30 16:35 - 2017-06-30 16:35 - 00035352 _____ (Connectify) C:\WINDOWS\system32\Drivers\cnnctfy3.sys
2017-06-30 16:23 - 2017-06-30 16:59 - 00002317 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Оpеrа Вrоwsеr.lnk
2017-06-30 15:14 - 2017-06-30 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin
2017-06-30 15:12 - 2017-06-30 15:12 - 00000000 ____D C:\Users\Sharon-Toshiba\Documents\http%3a%2f%2fmirrors.koehn.com%2fcygwin%2fcygwin-ftp%2f
2017-06-30 15:08 - 2017-06-30 15:08 - 00000000 ____D C:\Users\Sharon-Toshiba\Documents\http%3a%2f%2fcygwin.mirrors.hoobly.com%2f
2017-06-30 15:07 - 2017-06-30 15:09 - 00000000 ____D C:\Users\Sharon-Toshiba\Documents\http%3a%2f%2fcygwin.mirror.constant.com%2f
2017-06-30 15:05 - 2017-06-30 15:14 - 00000000 ____D C:\cygwin64
2017-06-30 14:54 - 2017-06-30 14:54 - 01010720 ___RS (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCHRT20.OCX
2017-06-30 14:54 - 2017-06-30 14:54 - 00224016 ___RS (Microsoft Corporation) C:\WINDOWS\SysWOW64\TABCTL32.OCX
2017-06-30 14:54 - 2017-06-30 14:54 - 00140488 ___RS (Microsoft Corporation) C:\WINDOWS\SysWOW64\COMDLG32.OCX
2017-06-30 14:53 - 2017-06-30 14:53 - 01070232 ___RS (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2017-06-27 02:47 - 2017-06-27 02:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2017-06-27 01:23 - 2017-06-27 01:27 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2017-06-27 01:23 - 2017-05-24 02:58 - 00000000 ____D C:\ProgramData\BlueStacks
2017-06-23 21:07 - 2017-06-23 21:09 - 12678001 _____ C:\Users\Sharon-Toshiba\Downloads\drive-download-20170624T010752Z-001.zip
2017-06-23 20:02 - 2017-06-23 20:09 - 00733184 _____ C:\Users\Sharon-Toshiba\Downloads\Dario Fernandez-Morera-The Myth of the Andalusian Paradise_ Muslims, Christians, and Jews under Islamic Rule in Medieval Spain-Intercollegiate Studies Institute (2016).epub
2017-06-23 20:00 - 2017-06-23 20:00 - 00193318 _____ C:\Users\Sharon-Toshiba\Downloads\fernandez-morera.pdf
2017-06-18 09:49 - 2017-06-18 09:49 - 02785959 _____ C:\Users\Sharon-Toshiba\Downloads\[Massey,_Gerald]_The_natural_genesis_or,_Second_p(b-ok.org) (1).pdf
2017-06-13 23:36 - 2017-06-13 23:36 - 00000000 ____D C:\WINDOWS\PCHEALTH
2017-06-13 23:34 - 2017-06-03 06:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-13 23:34 - 2017-06-03 06:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-13 23:34 - 2017-06-03 06:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-13 23:34 - 2017-06-03 06:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-13 23:34 - 2017-06-03 06:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-13 23:34 - 2017-06-03 06:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-13 23:34 - 2017-06-03 06:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-13 23:34 - 2017-06-03 06:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-13 23:34 - 2017-06-03 06:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-13 23:34 - 2017-06-03 06:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-13 23:34 - 2017-06-03 06:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-13 23:34 - 2017-06-03 06:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-13 23:34 - 2017-06-03 06:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-13 23:34 - 2017-06-03 06:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-13 23:34 - 2017-06-03 06:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-13 23:34 - 2017-06-03 06:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-13 23:34 - 2017-06-03 05:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-13 23:34 - 2017-06-03 05:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-13 23:34 - 2017-06-03 05:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-13 23:34 - 2017-06-03 05:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-13 23:34 - 2017-06-03 05:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-13 23:34 - 2017-06-03 05:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-13 23:34 - 2017-06-03 05:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-13 23:34 - 2017-06-03 05:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-13 23:34 - 2017-06-03 05:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-13 23:34 - 2017-06-03 05:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-13 23:34 - 2017-06-03 05:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-13 23:34 - 2017-06-03 05:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-13 23:34 - 2017-06-03 05:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-13 23:34 - 2017-06-03 05:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-13 23:34 - 2017-06-03 05:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-13 23:34 - 2017-06-03 05:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-13 23:34 - 2017-06-03 05:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-13 23:34 - 2017-06-03 05:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-13 23:34 - 2017-06-03 05:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-13 23:34 - 2017-06-03 05:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-13 23:34 - 2017-06-03 05:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-13 23:34 - 2017-06-03 05:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-13 23:34 - 2017-06-03 05:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-13 23:34 - 2017-06-03 05:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-13 23:34 - 2017-06-03 05:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-13 23:34 - 2017-06-03 05:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-13 23:34 - 2017-06-03 05:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-13 23:34 - 2017-06-03 05:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-13 23:34 - 2017-06-03 05:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-13 23:34 - 2017-06-03 05:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-13 23:34 - 2017-06-03 05:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-13 23:34 - 2017-06-03 05:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-13 23:34 - 2017-06-03 05:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-13 23:34 - 2017-06-03 05:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-13 23:34 - 2017-06-03 05:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-13 23:34 - 2017-06-03 05:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-13 23:34 - 2017-06-03 05:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-13 23:34 - 2017-06-03 05:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-13 23:34 - 2017-06-03 05:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-13 23:34 - 2017-06-03 05:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-13 23:34 - 2017-06-03 05:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-13 23:34 - 2017-06-03 05:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-13 23:34 - 2017-06-03 05:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-13 23:34 - 2017-06-03 05:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-13 23:34 - 2017-06-03 05:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-13 23:34 - 2017-06-03 05:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-13 23:34 - 2017-06-03 05:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-13 23:34 - 2017-06-03 05:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-13 23:34 - 2017-06-03 05:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-13 23:34 - 2017-06-03 05:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-13 23:34 - 2017-06-03 05:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-13 23:34 - 2017-06-03 05:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-13 23:34 - 2017-06-03 05:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-13 23:34 - 2017-06-03 05:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-13 23:34 - 2017-06-03 05:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-13 23:34 - 2017-06-03 05:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-13 23:34 - 2017-06-03 05:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-13 23:34 - 2017-06-03 05:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-13 23:34 - 2017-06-03 05:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-13 23:34 - 2017-06-03 05:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-13 23:34 - 2017-06-03 04:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-13 23:34 - 2017-06-03 04:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-13 23:34 - 2017-06-03 04:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-13 23:34 - 2017-06-03 04:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-13 23:34 - 2017-06-03 04:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-13 23:34 - 2017-06-03 04:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-13 23:34 - 2017-06-03 04:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-13 23:34 - 2017-06-03 04:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-13 23:34 - 2017-06-03 04:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-13 23:34 - 2017-06-03 04:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-13 23:34 - 2017-06-03 04:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-13 23:34 - 2017-06-03 04:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-13 23:34 - 2017-06-03 04:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-13 23:34 - 2017-06-03 04:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-13 23:34 - 2017-06-03 04:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-13 23:34 - 2017-06-03 04:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-13 23:34 - 2017-06-03 04:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-13 23:34 - 2017-06-03 04:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-13 23:34 - 2017-06-03 04:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-13 23:34 - 2017-06-03 04:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-13 23:34 - 2017-06-03 04:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-13 23:34 - 2017-06-03 04:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-13 23:34 - 2017-06-03 04:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-13 23:34 - 2017-06-03 04:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-13 23:34 - 2017-06-03 04:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-13 23:34 - 2017-06-03 04:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-13 23:34 - 2017-06-03 04:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-13 23:34 - 2017-06-03 04:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-13 23:34 - 2017-06-03 04:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-13 23:34 - 2017-06-03 04:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-12 13:35 - 2017-06-12 13:39 - 25795785 _____ C:\Users\Sharon-Toshiba\Downloads\Sleight of Mouth by Robert Dilts.pdf
2017-06-10 20:11 - 2017-06-10 20:11 - 00007607 _____ C:\Users\Sharon-Toshiba\AppData\Local\Resmon.ResmonCfg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-10 22:12 - 2017-03-09 13:43 - 00000000 ___RD C:\Users\Sharon-Toshiba\Google Drive
2017-07-10 22:10 - 2017-04-15 07:48 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-10 20:42 - 2017-04-15 08:16 - 00004184 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6A62C9AA-5090-47B0-AAB7-506E12B279C8}
2017-07-10 17:53 - 2017-03-08 14:32 - 00000000 ____D C:\Program Files\Opera
2017-07-10 17:50 - 2017-03-08 13:13 - 00000000 ___RD C:\Users\Sharon-Toshiba\OneDrive
2017-07-10 17:49 - 2017-04-15 07:52 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-10 17:49 - 2017-03-08 20:39 - 00000000 __SHD C:\Users\Sharon-Toshiba\IntelGraphicsProfiles
2017-07-10 17:47 - 2017-04-15 08:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-10 17:46 - 2017-03-18 07:40 - 02097152 _____ C:\WINDOWS\system32\config\BBI
2017-07-10 17:33 - 2017-03-09 10:48 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\DMCache
2017-07-10 17:26 - 2017-04-15 07:54 - 00000000 ____D C:\Users\Sharon-Toshiba
2017-07-10 17:25 - 2017-03-10 23:39 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\MusicBee
2017-07-10 15:05 - 2017-03-09 09:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-10 14:43 - 2017-03-08 22:28 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\CrashDumps
2017-07-09 01:08 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-09 01:08 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-05 02:27 - 2017-03-10 23:29 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Mp3tag
2017-07-05 00:02 - 2017-03-09 09:49 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-05 00:02 - 2017-03-09 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-04 21:31 - 2017-03-08 14:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-04 21:19 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-07-04 20:57 - 2017-03-21 15:32 - 00000000 ____D C:\Users\Sharon-Toshiba\Downloads\Music Inbox
2017-07-04 11:33 - 2017-03-08 22:00 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Dashlane
2017-07-04 11:32 - 2017-03-08 22:26 - 00001983 _____ C:\Users\Sharon-Toshiba\Desktop\Dashlane.lnk
2017-07-04 11:32 - 2017-03-08 22:00 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-07-04 02:37 - 2017-03-16 20:49 - 00000000 ____D C:\Users\Sharon-Toshiba\Downloads\Telegram Desktop
2017-07-04 02:34 - 2017-03-10 14:21 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Telegram Desktop
2017-07-02 23:58 - 2017-04-15 08:15 - 01142712 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-02 23:52 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-01 03:15 - 2017-03-10 18:28 - 00000000 ____D C:\ProgramData\Adobe
2017-07-01 03:15 - 2017-03-10 18:03 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\Adobe
2017-07-01 03:15 - 2017-03-08 13:11 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Adobe
2017-07-01 03:14 - 2017-03-08 13:37 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-30 23:44 - 2017-03-09 13:15 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Skype
2017-06-30 23:06 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-30 22:25 - 2017-03-19 16:00 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Apple Computer
2017-06-30 22:25 - 2017-03-19 13:24 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-06-30 22:17 - 2017-03-09 09:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-30 22:01 - 2017-04-23 17:38 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\Facebook
2017-06-30 22:01 - 2017-03-08 13:11 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\Packages
2017-06-30 22:00 - 2017-03-19 13:21 - 00000000 ____D C:\ProgramData\Apple
2017-06-30 17:32 - 2017-03-09 13:26 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\FluxSoftware
2017-06-30 17:02 - 2017-03-09 10:03 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\tixati
2017-06-30 16:59 - 2017-03-08 22:09 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-06-30 16:59 - 2017-03-08 14:19 - 00002450 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2017-06-30 01:17 - 2017-03-09 14:23 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-27 12:06 - 2017-03-09 09:49 - 00077376 _____ C:\WINDOWS\SMSS-PFRO540b.tmp
2017-06-27 02:47 - 2017-03-10 11:46 - 00001048 ____N C:\Users\Public\Desktop\Mp3tag.lnk
2017-06-27 02:47 - 2017-03-10 11:46 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2017-06-27 01:35 - 2017-03-09 18:39 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-06-27 01:27 - 2017-03-18 17:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-27 01:27 - 2017-03-09 18:38 - 00001644 ____N C:\Users\Public\Desktop\BlueStacks.lnk
2017-06-27 01:27 - 2017-03-09 18:38 - 00001644 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-06-27 01:26 - 2017-03-09 17:59 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\Bluestacks
2017-06-23 23:48 - 2017-03-09 14:48 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Kodi
2017-06-23 15:50 - 2017-05-22 22:36 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\Apple Inc
2017-06-22 12:40 - 2017-03-08 14:23 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\LocalLow\Mozilla
2017-06-20 22:35 - 2017-05-22 22:35 - 00003522 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2017-06-20 13:13 - 2017-04-15 08:16 - 00003308 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-20 13:13 - 2017-03-08 13:13 - 00002390 ____N C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-19 17:15 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-18 09:12 - 2016-11-20 14:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-18 09:09 - 2017-04-15 07:48 - 00381168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-14 03:10 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-14 03:10 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-13 23:46 - 2017-03-08 14:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-13 23:42 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-13 23:42 - 2017-03-08 14:21 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-13 23:36 - 2016-07-16 07:47 - 00000167 _____ C:\WINDOWS\win.ini
==================== Files in the root of some directories =======
2017-03-17 21:56 - 2017-04-14 18:15 - 0004502 _____ () C:\Users\Sharon-Toshiba\AppData\Roaming\VoiceMeeterDefault.xml
2017-05-17 11:32 - 2017-05-17 11:32 - 0125952 _____ () C:\Users\Sharon-Toshiba\AppData\Local\report
2017-06-10 20:11 - 2017-06-10 20:11 - 0007607 _____ () C:\Users\Sharon-Toshiba\AppData\Local\Resmon.ResmonCfg
2017-03-09 19:29 - 2017-03-09 19:29 - 0000552 _____ () C:\Users\Sharon-Toshiba\AppData\Local\TroubleshooterConfig.json
2017-03-08 14:24 - 2017-03-08 14:24 - 0000003 _____ () C:\Users\Sharon-Toshiba\AppData\Local\updater.log
2017-03-08 14:24 - 2017-05-07 02:50 - 0000425 _____ () C:\Users\Sharon-Toshiba\AppData\Local\UserProducts.xml
Some files in TEMP:
====================
2017-06-28 11:05 - 2017-06-28 11:05 - 3181912 _____ (Lead IT) C:\Users\Sharon-Toshiba\AppData\Local\Temp\djzjVb3W-prog.exe
2014-03-02 16:39 - 2014-06-29 17:48 - 0384141 _____ () C:\Users\Sharon-Toshiba\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-04 23:16
==================== End of FRST.txt ============================

See less See more

Outdacell

Discussion Starter · #3 · Jul 11, 2017

ADDITION.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by Sharon-Toshiba (10-07-2017 22:14:39)
Running from C:\Users\Sharon-Toshiba\Downloads
Windows 10 Home Version 1703 (X64) (2017-04-15 12:28:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-1391234854-2931249872-507013314-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1391234854-2931249872-507013314-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1391234854-2931249872-507013314-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1391234854-2931249872-507013314-501 - Limited - Disabled)
Sharon-Toshiba (S-1-5-21-1391234854-2931249872-507013314-1001 - Administrator - Enabled) => C:\Users\Sharon-Toshiba
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.478.0 - Microsoft Corporation)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.320.8504 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{69892FF1-CBA3-49AF-B80A-E074B3B755E5}) (Version: 2.85.1 - Kovid Goyal)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.43.50 - Conexant)
CyberLink PowerDirector 15 (HKLM-x32\...\{FA285575-B543-4E6E-A573-A4F534AC9965}) (Version: 15.0.2509.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 5620 - CyberLink Corp.)
Dashlane (HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Dashlane) (Version: 4.8.2.33026 - Dashlane, Inc.)
dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 16.2 - Illustrate)
DTS Studio Sound (HKLM-x32\...\{793B70D2-41E9-46AB-9DDC-B34C99D07DB5}) (Version: 1.02.4100 - DTS, Inc.)
EMET 5.5 (HKLM-x32\...\{E27E74F0-0EAD-4C5D-8F6F-1C9192D24AA5}) (Version: 5.5 - Microsoft Corporation)
Google Chrome (HKLM\...\{715E251E-9134-3D1D-BE19-1C6EE18F8D24}) (Version: 59.0.3071.115 - Google, Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Hotspot Shield 6.20.31 (HKLM-x32\...\{91992aa0-fd97-42e1-b9d1-5ce98771560d}) (Version: 6.20.31.9929 - AnchorFree Inc.)
Hotspot Shield 6.20.31 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925B26899EC}) (Version: 6.20.31.9929 - AnchorFree Inc.) Hidden
IDM Crack 6.28 build 9 (HKLM-x32\...\IDM Crack 6.28 build 9) (Version: build 11 - Crackingpatching.com Team)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Internet Download Manager 6.27 Build 5 (HKLM-x32\...\Internet Download Manager 6.27 Build 5) (Version: 6.27 Build 5 - Computer Worms Team Corporation)
Internet Download Manager 6.27 Build 9 (HKLM-x32\...\Internet Download Manager 6.27 Build 9) (Version: 6.27 Build 9 - SadeemPC.com Corporation)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Kodi (HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Kodi) (Version: - XBMC-Foundation)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
LogmeOnce (HKLM-x32\...\{290B0BCF-B778-487B-A31E-BEE82BD88D17}) (Version: 5.0.0 - LogmeOnce) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
Mp3tag v2.83 (HKLM-x32\...\Mp3tag) (Version: 2.83 - Florian Heidenreich)
Music Manager (HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\MusicManager) (Version: - Google, Inc.)
MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.4.1 - MusicBrainz)
Nitro Pro 10 (HKLM\...\{A0953D23-D7EA-4A7F-BADE-D22EFF58CE57}) (Version: 10.5.8.44 - Nitro)
Opera Stable 46.0.2597.39 (HKLM-x32\...\Opera 46.0.2597.39) (Version: 46.0.2597.39 - Opera Software)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\slack) (Version: 2.5.2 - Slack Technologies)
Spotify (HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Spotify) (Version: 1.0.52.725.g943b26a8 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
Telegram Desktop version 1.1.7 (HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.1.7 - Telegram Messenger LLP)
Tixati (HKLM-x32\...\tixati) (Version: - )
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.0.6406 - Toshiba Corporation)
TOSHIBA Face Recognition (HKLM\...\{2E557F12-8BE7-4DA8-AABB-7814DD6A783F}) (Version: 4.0.5.0 - Toshiba Corporation)
TOSHIBA Sync Utility (HKLM-x32\...\{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}) (Version: 2.0.3092 - TOSHIBA Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.01.0002 - Toshiba Corporation)
TOSHIBA System Settings (HKLM\...\{B040D5C9-C9AA-430A-A44E-696656012E61}) (Version: 3.0.6.6401 - Toshiba Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1391234854-2931249872-507013314-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1391234854-2931249872-507013314-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1391234854-2931249872-507013314-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1391234854-2931249872-507013314-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ContextMenuHandlers01: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-06-23] (Florian Heidenreich)
ContextMenuHandlers01: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 10\NPShellExtension.dll [2016-03-03] (Nitro PDF)
ContextMenuHandlers02: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-06-23] (Florian Heidenreich)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers03: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers04: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ContextMenuHandlers04: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-06-23] (Florian Heidenreich)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-02] (Intel Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {075819DF-F872-4672-A272-F737E697C1CC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {4903CBC5-5F66-448C-9367-61B88D45BD72} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {61FE036E-C031-418D-9828-21D92664EE38} - System32\Tasks\update-S-1-5-21-1391234854-2931249872-507013314-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {77E97C2C-FFAB-4A6F-9E14-0FC4B687CDC5} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-05-27] ()
Task: {85FAA391-7683-484E-AA88-B1D2E4B9BBC0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1391234854-2931249872-507013314-1001Core => C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-09] (Google Inc.)
Task: {88606482-1289-4C0E-8C37-34C7976E8EE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-08] (Google Inc.)
Task: {8C674570-60E4-40B4-93D0-F4CFB91FD814} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1391234854-2931249872-507013314-1001UA => C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-09] (Google Inc.)
Task: {9A8501CC-2C74-4DAD-9CFF-57F833A2E479} - System32\Tasks\AdapterUpdater => C:\Program Files (x86)\devnull\NetAdapterUpdate\NetAdapterUpdate.exe
Task: {E3BD04A5-837A-4D5C-9BA6-502F2C356C39} - System32\Tasks\Opera scheduled Autoupdate 1498892944 => C:\Program Files\Opera\launcher.exe [2017-07-04] (Opera Software)
Task: {E55C1CBA-79A1-4F0E-BD5B-AFAD16F1B150} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-08] (Google Inc.)
Task: {F8A53A33-5AF0-4D4E-B297-45BAF58707FA} - \update-sys -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1391234854-2931249872-507013314-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gооglе Plаy Мusiс.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gооglе Наngоuts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pосkеt.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Наngоuts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оpеrа.lnk -> C:\Program Files\Opera\launcher.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Оpеrа Вrоwsеr.lnk -> C:\Program Files (x86)\Opera\launcher.bat (No File)
==================== Loaded Modules (Whitelisted) ==============
2017-01-05 17:36 - 2017-01-05 17:36 - 00077824 _____ () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\dataup\dataup.exe
2016-03-03 15:31 - 2016-03-03 15:31 - 00417944 _____ () c:\program files\nitro\pro 10\nitro_updateservice.exe
2016-03-03 15:31 - 2016-03-03 15:31 - 02546840 _____ () c:\program files\nitro\pro 10\Nitro_KissMetrics.dll
2016-12-02 08:32 - 2016-12-02 08:32 - 00401912 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-10-31 15:45 - 2016-10-31 15:45 - 00592384 _____ () C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX64.dll
2017-02-23 00:56 - 2017-02-23 00:56 - 08911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N () C:\windows\system32\tprdpw64.exe
2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-21 15:37 - 2017-04-21 15:37 - 00884224 _____ () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-05-30 21:52 - 2017-05-30 21:52 - 00689664 ____N () C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda\cshzvz\ct.exe
2017-04-21 16:28 - 2017-04-21 16:28 - 01080832 _____ () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2015-05-27 13:46 - 2015-05-27 13:46 - 00019960 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2017-03-18 16:58 - 2017-03-18 16:58 - 00047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2017-05-27 23:33 - 2017-05-20 01:59 - 02328576 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 02836480 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2016-03-03 15:31 - 2016-03-03 15:31 - 01861784 _____ () C:\Program Files\Nitro\Pro 10\NitroPDFPreviewHandler.dll
2017-05-04 11:13 - 2017-05-04 11:13 - 00235520 _____ () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\dataup\help_dll.dll
2016-04-08 18:35 - 2016-04-08 18:35 - 03481600 _____ () C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2016-02-01 19:59 - 2016-02-01 19:59 - 00344064 _____ () C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2016-02-01 20:00 - 2016-02-01 20:00 - 00253440 _____ () C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2016-02-01 20:00 - 2016-02-01 20:00 - 00234496 _____ () C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2016-02-01 20:01 - 2016-02-01 20:01 - 00117248 _____ () C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2017-07-10 17:50 - 2017-07-10 17:50 - 00098816 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32api.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00110080 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\pywintypes27.dll
2017-07-10 17:50 - 2017-07-10 17:50 - 00364544 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\pythoncom27.dll
2017-07-10 17:50 - 2017-07-10 17:50 - 00320512 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32com.shell.shell.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00914432 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\_hashlib.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 01176576 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\wx._core_.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00806400 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\wx._gdi_.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00816128 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\wx._windows_.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 01067008 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\wx._controls_.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00733184 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\wx._misc_.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00682496 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\pysqlite2._sqlite.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00088064 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\_ctypes.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00686080 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\unicodedata.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00119808 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32file.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00108544 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32security.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00007168 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\hashobjs_ext.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00017920 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\thumbnails_ext.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00088064 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\usb_ext.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00012800 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\common.time34.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00018432 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32event.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00167936 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32gui.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00046080 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\_socket.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 01303552 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\_ssl.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00128512 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\_elementtree.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00127488 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\pyexpat.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00038912 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32inet.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00036864 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\_psutil_windows.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00524248 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\windows._lib_cacheinvalidation.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00011264 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32crypt.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00123392 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\wx._wizard.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00077312 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\wx._html2.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00027648 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\_multiprocessing.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00020480 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\_yappi.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00035840 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32process.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00078848 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\wx._animate.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00024064 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32pipe.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00010240 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\select.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00025600 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32pdh.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00017408 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32profile.pyd
2017-07-10 17:50 - 2017-07-10 17:50 - 00022528 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32ts.pyd
2017-03-09 10:57 - 2014-09-05 12:55 - 00132808 _____ () C:\Users\Sharon-Toshiba\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll
2017-01-14 19:40 - 2017-01-14 19:40 - 53460992 _____ () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 01976832 _____ () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 00075264 _____ () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 17599640 _____ () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 07:47 - 2017-06-30 23:05 - 00000762 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sharon-Toshiba\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\22885.jpg
DNS Servers: 4.2.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "TSUScheduler"
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\StartupFolder: => "Slack.lnk"
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "Dashlane"
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "DashlanePlugin"
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "Franz"
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_5E9B00E50FBF7F4CE97A3FE9A19AA703"
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "InterStat"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{76B5CE00-0F2F-4018-9E57-80B2A9D1B56C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{67B364C0-63FD-4639-9ECA-94D7638192DB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A462C221-E1AB-4C7D-8A48-E7BBDA24CEF3}] => (Allow) C:\Program Files\Opera\46.0.2597.32\opera.exe
FirewallRules: [{FFBA873A-D1A6-49F7-8776-BE0B347CA311}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9213CBD8-9B5C-4584-89BA-3A2A61BAD4A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6815EA97-D458-439D-A548-1A246CDB09D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0A24D0AC-8DAC-49B7-8E82-FFA2EF3BCA22}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{6F21515F-8BFA-42F6-AA8B-EFD083EFA04F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C0A661AF-3DC9-4949-84C6-156F80FBACCE}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4C974E52-85F7-4384-801D-93695B66AA2B}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C40BB2E1-8FF1-40E4-A924-30799D230C00}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{04989576-4914-4EAE-8019-4CC5FA395B63}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{AAFE1C60-CC6C-474B-B69F-6ADA1F3CB99B}] => (Allow) C:\Program Files\Opera\46.0.2597.39\opera.exe
FirewallRules: [{B18C4719-78A4-4495-81D0-81F17C607B8C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.58.573.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{27D2BE35-19B4-41AA-98AB-8717DB69A3C3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.58.573.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5B92C74B-C28E-44C1-8561-A8FD55CB4448}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.58.573.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{DA0ED750-42B2-40E0-9272-F9836BDD0898}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.58.573.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{B161D255-C4AD-4A3C-B1DE-DCF43E98AD15}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.58.573.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{AB3FCDBD-2EB4-482A-9570-D2B51EF26A2B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.58.573.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{47993EB2-CF59-4710-9F8B-8F26AF466395}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.58.573.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{C83EED58-1DB1-4FBB-8749-E70CCCD5C3C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.58.573.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
==================== Restore Points =========================
04-07-2017 23:56:33 AA11
06-07-2017 10:35:16 Removed Bonjour
10-07-2017 03:30:56 AA11
==================== Faulty Device Manager Devices =============
Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================
Application errors:
==================
Error: (07/10/2017 08:09:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: launcher.exe_Opera Internet Browser, version: 46.0.2597.39, time stamp: 0x595ab0e8
Faulting module name: launcher.exe, version: 46.0.2597.39, time stamp: 0x595ab0e8
Exception code: 0x80000003
Fault offset: 0x0002e652
Faulting process id: 0x16c0
Faulting application start time: 0x01d2f9d9dd941fd0
Faulting application path: C:\Program Files\Opera\launcher.exe
Faulting module path: C:\Program Files\Opera\launcher.exe
Report Id: c4554d64-d530-4bd6-8d01-0759d993902d
Faulting package full name:
Faulting package-relative application ID:
Error: (07/10/2017 05:53:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: launcher.exe_Opera Internet Browser, version: 46.0.2597.39, time stamp: 0x595ab0e8
Faulting module name: launcher.exe, version: 46.0.2597.39, time stamp: 0x595ab0e8
Exception code: 0x80000003
Fault offset: 0x0002e652
Faulting process id: 0x2e8c
Faulting application start time: 0x01d2f9c6f165addb
Faulting application path: C:\Program Files\Opera\launcher.exe
Faulting module path: C:\Program Files\Opera\launcher.exe
Report Id: 4b5d5561-45cc-48f2-8475-c0a9cc82f9fa
Faulting package full name:
Faulting package-relative application ID:
Error: (07/10/2017 05:33:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Video.UI.exe version 10.17054.1471.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 20bc
Start Time: 01d2f9c3dc9fb142
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17054.14711.0_x64__8wekyb3d8bbwe\Video.UI.exe
Report Id: 8551b1bd-d61f-4907-9a7d-50f49f25b82e
Faulting package full name: Microsoft.ZuneVideo_10.17054.14711.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.ZuneVideo
Error: (07/10/2017 05:33:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-RL5BCH2)
Description: Activation of app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (07/10/2017 05:31:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-RL5BCH2)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (07/10/2017 05:24:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-RL5BCH2)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (07/10/2017 04:57:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-RL5BCH2)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (07/10/2017 04:22:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-RL5BCH2)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (07/10/2017 03:57:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-RL5BCH2)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (07/10/2017 03:42:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avastsvc.exe, version: 17.5.3559.0, time stamp: 0x594d3225
Faulting module name: ucrtbase.dll, version: 10.0.15063.413, time stamp: 0xd4f9b4e4
Exception code: 0xc0000409
Fault offset: 0x000a543b
Faulting process id: 0x4320
Faulting application start time: 0x01d2f5357a798306
Faulting application path: c:\program files\avast software\avast\avastsvc.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: b794bba9-d7dc-41f8-9680-e82e4de7e82e
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (07/10/2017 06:05:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Malwarebytes Service service failed to start due to the following error:
The requested resource is in use.
Error: (07/10/2017 06:04:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Malwarebytes Service service failed to start due to the following error:
The requested resource is in use.
Error: (07/10/2017 05:51:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The requested resource is in use.
Error: (07/10/2017 05:49:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/10/2017 05:49:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/10/2017 05:48:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BingDesktopUpdate service to connect.
Error: (07/10/2017 05:47:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error:
The requested resource is in use.
Error: (07/10/2017 05:47:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The !SASCORE service failed to start due to the following error:
The requested resource is in use.
Error: (07/10/2017 05:47:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.
Error: (07/10/2017 05:46:53 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

CodeIntegrity:
===================================
Date: 2017-07-10 22:11:34.440
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-10 22:11:33.281
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-10 22:11:33.279
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-10 21:58:09.423
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-10 21:47:01.442
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-10 21:47:01.397
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-10 21:46:59.693
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-10 21:46:59.692
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-10 20:27:33.725
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-10 20:27:33.723
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 66%
Total physical RAM: 8120.17 MB
Available physical RAM: 2756.03 MB
Total Virtual: 11064.17 MB
Available Virtual: 4333.56 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:697.35 GB) (Free:505.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 47CC5886)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=697.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=809 MB) - (Type=27)
==================== End of Addition.txt ============================

See less See more

dvk01

· #4 · Jul 11, 2017

Download attached fixlist.txt file and save it to your downloads folder.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Reactions: 1

Outdacell

Discussion Starter · #5 · Jul 11, 2017

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by Sharon-Toshiba (11-07-2017 09:09:49) Run:1
Running from C:\Users\Sharon-Toshiba\Downloads
Loaded Profiles: Sharon-Toshiba (Available Profiles: defaultuser0 & Sharon-Toshiba)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM-x32\...\Run: [cpx] => "C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] ()
C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [InterStat] => C:\Users\Sharon-Toshiba\AppData\Roaming\InterStat\interstat.exe <==== ATTENTION
C:\Users\Sharon-Toshiba\AppData\Roaming\InterStat
"drmkpro64" => service could not be unlocked. <==== ATTENTION
R2 Dataup; C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R2 windowsmanagementservice; C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda\cshzvz\ct.exe [689664 2017-05-30] () [File not signed] <==== ATTENTION
C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda
2017-07-05 00:02 - 2017-07-05 00:02 - 01192400 _____ C:\WINDOWS\is-MAP9U.exe
2017-07-05 00:02 - 2017-07-05 00:02 - 00022709 _____ C:\WINDOWS\is-MAP9U.msg
2017-07-05 00:02 - 2017-07-05 00:02 - 00000334 _____ C:\WINDOWS\is-MAP9U.lst
2017-06-30 17:12 - 2017-06-30 20:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\llssoft
2017-06-30 17:02 - 2017-06-30 18:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist
2017-06-30 17:02 - 2017-06-30 17:02 - 00003796 _____ C:\WINDOWS\System32\Tasks\AdapterUpdater
2017-06-30 17:02 - 2017-06-30 17:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\devnull
2017-06-30 17:02 - 2017-06-30 17:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\ggxfkhl
2017-06-30 17:02 - 2017-06-30 17:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda
2017-06-30 17:02 - 2017-06-30 17:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\AdvinstAnalytics
2017-06-30 17:01 - 2017-06-30 17:01 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\c
2017-06-30 17:00 - 2017-06-30 17:00 - 00000000 ____D C:\Program Files (x86)\GenlTybros
2017-06-30 16:54 - 2017-06-30 17:01 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-06-30 16:54 - 2017-06-30 16:55 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\AGData
Task: {F8A53A33-5AF0-4D4E-B297-45BAF58707FA} - \update-sys -> No File <==== ATTENTION
emptytemp:
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value could not remove.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value could not remove.
"C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist" folder move:
Could not move "C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist" => Scheduled to move on reboot.
HKU\S-1-5-21-1391234854-2931249872-507013314-1001\Software\Microsoft\Windows\CurrentVersion\Run\\InterStat => value removed successfully
"C:\Users\Sharon-Toshiba\AppData\Roaming\InterStat" => not found.
"drmkpro64" => service could not be unlocked. <==== ATTENTION => Error: No automatic fix found for this entry.
Dataup => Unable to stop service.
HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
windowsmanagementservice => Unable to stop service.
HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected
C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda => moved successfully
C:\WINDOWS\is-MAP9U.exe => moved successfully
C:\WINDOWS\is-MAP9U.msg => moved successfully
C:\WINDOWS\is-MAP9U.lst => moved successfully
"C:\Users\Sharon-Toshiba\AppData\Local\llssoft" folder move:
Could not move "C:\Users\Sharon-Toshiba\AppData\Local\llssoft" => Scheduled to move on reboot.

"C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist" folder move:
Could not move "C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist" => Scheduled to move on reboot.
C:\WINDOWS\System32\Tasks\AdapterUpdater => moved successfully
C:\Users\Sharon-Toshiba\AppData\Roaming\devnull => moved successfully
C:\Users\Sharon-Toshiba\AppData\Local\ggxfkhl => moved successfully
"C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda" => not found.
C:\Users\Sharon-Toshiba\AppData\Local\AdvinstAnalytics => moved successfully
C:\Users\Sharon-Toshiba\AppData\Roaming\c => moved successfully
C:\Program Files (x86)\GenlTybros => moved successfully
C:\Program Files (x86)\AnonymizerGadget => moved successfully
C:\Users\Sharon-Toshiba\AppData\Roaming\AGData => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8A53A33-5AF0-4D4E-B297-45BAF58707FA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8A53A33-5AF0-4D4E-B297-45BAF58707FA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-sys => key removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 68352430 B
Java, Flash, Steam htmlcache => 4243 B
Windows/system/drivers => 21907112 B
Edge => 277060127 B
Chrome => 778676194 B
Firefox => 379349288 B
Opera => 587571013 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 897528 B
LocalService => 15736 B
NetworkService => 731378 B
defaultuser0 => 0 B
Sharon-Toshiba => 1397529965 B
RecycleBin => 7602309 B
EmptyTemp: => 3.3 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-07-2017 09:27:56)
C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist => Is moved successfully
C:\Users\Sharon-Toshiba\AppData\Local\llssoft => Is moved successfully
C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist => Is moved successfully
Result of scheduled keys to remove after reboot:
HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected
==== End of Fixlog 09:27:56 ====

See less See more

Outdacell

Discussion Starter · #6 · Jul 11, 2017

dvk01 said:
Download attached fixlist.txt file and save it to your downloads folder.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Thanks for replying!

dvk01

· #7 · Jul 11, 2017

looks like it still has problems
download & run the Emsisoft Emergency Repair Kit and see what that manages to fix
please post back any logs it makes so we can see what next steps to take

Reactions: 1

Outdacell

Discussion Starter · #8 · Jul 11, 2017

dvk01 said:
looks like it still has problems
download & run the Emsisoft Emergency Repair Kit and see what that manages to fix
please post back any logs it makes so we can see what next steps to take

Do I quarantine these or delete them?

Emsisoft Emergency Kit - Version 2017.6
Last update: 7/11/2017 6:42:16 PM
User account: DESKTOP-RL5BCH2\Sharon-Toshiba
Computer name: DESKTOP-RL5BCH2
OS version: Windows 10x64
Scan settings:
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off
Scan start: 7/11/2017 6:44:27 PM
C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe detected: Application.Agent.ASX (B) [krnl.xmd]
C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe detected: Application.Agent.ASY (B) [krnl.xmd]
C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist detected: Trojan.Trafmous (A) [286865]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C} detected: Adware.Win32.Stripow (A) [257116]
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR -> {669695BC-A811-4A9D-8CDF-BA8C795F261C} detected: Adware.Win32.Stripow (A) [257125]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9} detected: Adware.Win32.FastSearch (A) [267829]
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DATAUP detected: Trojan.Trafmous (A) [286844]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} detected: Trojan.SmartService (A) [287271]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} detected: Trojan.SmartService (A) [287271]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} detected: Trojan.SmartService (A) [287272]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} detected: Trojan.SmartService (A) [287273]
C:\ProgramData\Malwarebytes' Anti-Malware (portable)\ndistpr64.sys-k.mbam detected: Rootkit.Agent.AJGT (B) [krnl.xmd]
C:\ProgramData\Malwarebytes' Anti-Malware (portable)\ndistpr64.sys-r.mbam detected: Rootkit.Agent.AJGT (B) [krnl.xmd]
C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\regtool\regtool.exe detected: Trojan.GenericKD.5377594 (B) [krnl.xmd]
C:\Users\Sharon-Toshiba\AppData\Local\Opera Software\Opera Stable\old_Cache_000\f_01a059 -> (INFECTED_JS) detected: JS:Trojan.Cryxos.1018 (B) [krnl.xmd]
Scanned 116537
Found 15
Scan end: 7/11/2017 7:38:24 PM
Scan time: 0:53:57

See less See more

Outdacell

Discussion Starter · #9 · Jul 11, 2017

I'll quarantine them for now.

Outdacell

Discussion Starter · #10 · Jul 11, 2017

For now, I'll select ok.

Rectangle Azure Font Screenshot Parallel

See less See more

dvk01

· #11 · Jul 12, 2017

release these 2 from quarantine.
they are a false positive
C:\ProgramData\Malwarebytes' Anti-Malware (portable)\ndistpr64.sys-k.mbam detected: Rootkit.Agent.AJGT (B) [krnl.xmd]
C:\ProgramData\Malwarebytes' Anti-Malware (portable)\ndistpr64.sys-r.mbam detected: Rootkit.Agent.AJGT (B) [krnl.xmd]

how is it now
Are you still getting any problems

Outdacell

Discussion Starter · #12 · Jul 12, 2017

dvk01 said:
release these 2 from quarantine.
they are a false positive
C:\ProgramData\Malwarebytes' Anti-Malware (portable)\ndistpr64.sys-k.mbam detected: Rootkit.Agent.AJGT (B) [krnl.xmd]
C:\ProgramData\Malwarebytes' Anti-Malware (portable)\ndistpr64.sys-r.mbam detected: Rootkit.Agent.AJGT (B) [krnl.xmd]

how is it now
Are you still getting any problems

Yes I am, I can't run Malwarebytes without it saying its running even though the service is stopped.

dvk01

· #13 · Jul 12, 2017

it looks like the malware is still there
I have been doing a bit of research on fixing this one and there is an alternative fix. It is quite long & reasonably complicated but has been laid out in easy to follow steps
https://www.bleepingcomputer.com/virus-removal/remove-ntuserlitelist-adware-and-Trojans

I don't normally like suggesting a victim follows self help guides from another site, but in this case, it appears to be the only solution that does normally work.

Reactions: 1

Outdacell

Discussion Starter · #14 · Jul 12, 2017

dvk01 said:
it looks like the malware is still there
I have been doing a bit of research on fixing this one and there is an alternative fix. It is quite long & reasonably complicated but has been laid out in easy to follow steps
https://www.bleepingcomputer.com/virus-removal/remove-ntuserlitelist-adware-and-Trojans

I don't normally like suggesting a victim follows self help guides from another site, but in this case, it appears to be the only solution that does normally work.

Ok, I'll follow it and follow back on the results.
I also ran another scan

Emsisoft Emergency Kit - Version 2017.6
Last update: 7/11/2017 6:42:16 PM
User account: DESKTOP-RL5BCH2\Sharon-Toshiba
Computer name: DESKTOP-RL5BCH2
OS version: Windows 10x64
Scan settings:
Scan type: Quick Scan
Objects: Rootkits, Memory, Traces
Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off
Scan start: 7/12/2017 2:15:38 AM
C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe detected: Application.Agent.ASX (B) [krnl.xmd]
C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe detected: Application.Agent.ASY (B) [krnl.xmd]
C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist detected: Trojan.Trafmous (A) [286865]
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DATAUP detected: Trojan.Trafmous (A) [286844]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} detected: Trojan.SmartService (A) [287271]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} detected: Trojan.SmartService (A) [287271]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} detected: Trojan.SmartService (A) [287272]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} detected: Trojan.SmartService (A) [287273]
Scanned 63146
Found 8
Scan end: 7/12/2017 2:16:53 AM
Scan time: 0:01:15
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} Trojan.SmartService (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} Trojan.SmartService (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} Trojan.SmartService (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} Trojan.SmartService (A)
C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist Trojan.Trafmous (A)
C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe Application.Agent.ASY (B)
C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe Application.Agent.ASX (B)
Quarantined 7

See less See more

dvk01

· #15 · Jul 12, 2017

You could just try running Rkill from the bleeping computer link https://www.bleepingcomputer.com/download/rkill/
then immediately running Emsisoft again after it
Do NOT reboot between running Rkill & Emsisoft

Reactions: 1

Outdacell

Discussion Starter · #16 · Jul 12, 2017

dvk01 said:
You could just try running Rkill from the bleeping computer link https://www.bleepingcomputer.com/download/rkill/
then immediately running Emsisoft again after it
Do NOT reboot between running Rkill & Emsisoft

Ok I'll do that now before following that guide.

Outdacell

Discussion Starter · #17 · Jul 12, 2017

@dvk01 I get this every time lol. Its nerve wrecking. I just finished downloading the app, then when I try to run it for the 1st time its says its in use. How?

Rectangle Font Screenshot Software Operating system

See less See more

dvk01

· #18 · Jul 12, 2017

Sorry this malware does that
you need to use the link on the page that downloads the renamed version
select the link Iexplore
that way the horrible malware thinks it is internet explorer running & allows it to run

Reactions: 1

dvk01

· #19 · Jul 12, 2017

or right click the rkill file you downloaded & rename it to iexplore.exe
that should run

Outdacell

Discussion Starter · #20 · Jul 12, 2017

dvk01 said:
Sorry this malware does that
you need to use the link on the page that downloads the renamed version
select the link Iexplore
that way the horrible malware thinks it is internet explorer running & allows it to run

Lol it produces the same results

1 - 20 of 35 Posts

Status: Not open for further replies.