Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MULTIPLE MALWARE IN MY LAPTOP! HELP! :(

Started by aevimaob , Nov 19 2016 07:20 AM
Malware Virus Spyware Help

  • Please log in to reply

#16
aevimaob
Posted 20 November 2016 - 08:19 AM

aevimaob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Result of the TASKLIST

 

 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       340 N/A                                         
csrss.exe                      472 N/A                                         
wininit.exe                    540 N/A                                         
csrss.exe                      560 N/A                                         
services.exe                   604 N/A                                         
lsass.exe                      620 KeyIso, SamSs                               
lsm.exe                        628 N/A                                         
svchost.exe                    744 DcomLaunch, PlugPlay, Power                 
nvvsvc.exe                     804 nvsvc                                       
svchost.exe                    844 RpcEptMapper, RpcSs                         
MsMpEng.exe                    904 MsMpSvc                                     
winlogon.exe                   952 N/A                                         
svchost.exe                    320 AudioSrv, Dhcp, eventlog, lmhosts, wscsvc   
svchost.exe                    480 AudioEndpointBuilder, CscService, hidserv,  
                                   Netman, PcaSvc, SysMain, TrkWks, UxSms,     
                                   WdiSystemHost, Wlansvc, wudfsvc             
svchost.exe                    380 AeLookupSvc, Appinfo, BITS, Browser,        
                                   EapHost, gpsvc, IKEEXT, iphlpsvc,           
                                   LanmanServer, MMCSS, ProfSvc, RasMan,       
                                   Schedule, SENS, ShellHWDetection, Themes,   
                                   Winmgmt, wuauserv                           
svchost.exe                   1132 EventSystem, netprofm, nsi, SstpSvc,        
                                   WdiServiceHost                              
nvvsvc.exe                    1232 N/A                                         
svchost.exe                   1244 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc, TapiSrv                             
wlanext.exe                   1416 N/A                                         
conhost.exe                   1428 N/A                                         
spoolsv.exe                   1536 Spooler                                     
svchost.exe                   1568 BFE, DPS, MpsSvc                            
AGSService.exe                1772 AGSService                                  
taskhost.exe                  1880 N/A                                         
dwm.exe                       1588 N/A                                         
Connect.Service.ContentSe     1728 Autodesk Content Service                    
explorer.exe                  1848 N/A                                         
Bentley.Structural.Proper     2052 Bentley Property Catalog Service            
FNPLicensingService64.exe     2120 FlexNet Licensing Service 64                
LMS.exe                       2176 LMS                                         
cAudioFilterAgent64.exe       2200 N/A                                         
SynTPEnh.exe                  2256 N/A                                         
OnekeyStudio.exe              2304 N/A                                         
OnekeySupport.exe             2392 N/A                                         
msseces.exe                   2436 N/A                                         
MSOSYNC.EXE                   2452 N/A                                         
BTTray.exe                    2584 N/A                                         
rundll32.exe                  2664 N/A                                         
svchost.exe                   2756 stisvc                                      
IAStorDataMgrSvc.exe          2808 IAStorDataMgrSvc                            
IAStorIcon.exe                2936 N/A                                         
acrotray.exe                  2980 N/A                                         
SearchIndexer.exe             3160 WSearch                                     
svchost.exe                   3188 bthserv                                     
BTStackServer.exe             3444 N/A                                         
SynTPHelper.exe               3700 N/A                                         
NisSrv.exe                    3816 NisSrv                                      
BluetoothHeadsetProxy.exe     3492 N/A                                         
AdAppMgrSvc.exe               3776 AdAppMgrSvc                                 
svchost.exe                    860 FontCache, SSDPSRV, upnphost                
UNS.exe                       3436 UNS                                         
wmpnetwk.exe                  3796 WMPNetworkSvc                               
chrome.exe                    2000 N/A                                         
chrome.exe                    3376 N/A                                         
chrome.exe                    3736 N/A                                         
chrome.exe                    4560 N/A                                         
MpCmdRun.exe                  4176 N/A                                         
MpCmdRun.exe                  1972 N/A                                         
conhost.exe                   3356 N/A                                         
chrome.exe                    4124 N/A                                         
chrome.exe                    3936 N/A                                         
chrome.exe                    4400 N/A                                         
audiodg.exe                   4104 N/A                                         
taskeng.exe                   3200 N/A                                         
procexp.exe                   1844 N/A                                         
procexp64.exe                 1164 N/A                                         
WmiPrvSE.exe                  1068 N/A                                         
WmiPrvSE.exe                  4804 N/A                                         
cmd.exe                       2552 N/A                                         
conhost.exe                   1672 N/A                                         
tasklist.exe                  4140 N/A                                         
 
 
**************************************************************************
 
New System Idle Process Result
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
acrotray.exe 2,508 K 928 K 2980 AcroTray Adobe Systems Inc. (Verified) Adobe Systems
AdAppMgrSvc.exe 5,452 K 3,776 K 3776 Autodesk Application Manager Autodesk Inc. (Verified) Autodesk
audiodg.exe 16,432 K 16,480 K 4104 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
BluetoothHeadsetProxy.exe 1,348 K 564 K 3492 Bluetooth Headset Skype Proxy Broadcom Corporation. (A certificate was explicitly revoked by its issuer) Broadcom Corporation.
cAudioFilterAgent64.exe 2,424 K 1,320 K 2200 Conexant High Definition Audio Filter Agent Conexant Systems, Inc. (Verified) Conexant Systems
chrome.exe 1,384 K 1,708 K 3376 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 35,100 K 44,380 K 4124 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 77,868 K 48,096 K 3736 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 88,680 K 85,404 K 4560 Google Chrome Google Inc. (Verified) Google Inc
cmd.exe 2,248 K 2,776 K 2552 Windows Command Processor Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1,884 K 5,436 K 1672 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1,072 K 420 K 1428 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
Connect.Service.ContentService.exe 35,452 K 11,192 K 1728 AutoCAD component Autodesk, Inc. (Verified) Autodesk
FNPLicensingService64.exe 1,820 K 780 K 2120 Activation Licensing Service Flexera Software LLC (Verified) Flexera Software LLC
lsass.exe 4,756 K 5,552 K 620 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 2,680 K 1,756 K 628 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
MpCmdRun.exe 2,124 K 3,164 K 4176 Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Corporation
MpCmdRun.exe 2,672 K 6,468 K 1972 Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Corporation
msseces.exe 7,120 K 1,448 K 2436 Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
NisSrv.exe 14,116 K 7,148 K 3816 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
notepad.exe 1,976 K 6,384 K 5052 Notepad Microsoft Corporation (Verified) Microsoft Windows
nvvsvc.exe 1,656 K 528 K 804 NVIDIA Driver Helper Service, Version 189.90 NVIDIA Corporation (Verified) NVIDIA Corporation
OnekeySupport.exe 1,340 K 568 K 2392 (Verified) Lenovo (Beijing) Limited
procexp.exe 2,696 K 6,744 K 4292 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
rundll32.exe 4,580 K 3,448 K 2664 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
services.exe 5,836 K 4,580 K 604 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
smss.exe 552 K 384 K 340 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 7,760 K 3,216 K 1536 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,020 K 648 K 2756 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,500 K 2,960 K 860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,140 K 1,744 K 3188 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 16,512 K 8,184 K 320 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,000 K 4,672 K 1132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,312 K 3,696 K 844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 10,964 K 6,236 K 1568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,564 K 616 K 3700 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
taskhost.exe 3,588 K 1,708 K 1880 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
UNS.exe 3,548 K 1,600 K 3436 User Notification Service Intel Corporation (Verified) Intel Corporation
wininit.exe 1,652 K 212 K 540 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 3,560 K 1,668 K 952 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 1,952 K 1,372 K 1416 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,008 K 6,308 K 1068 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 4,816 K 7,860 K 4804 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
Bentley.Structural.PropertyCatalog.Server.exe < 0.01 30,112 K 1,800 K 2052 Bentley.Structural.PropertyCatalog.Server for Windows Bentley Systems Inc. (No signature was present in the subject) Bentley Systems Inc.
AGSService.exe < 0.01 2,088 K 736 K 1772 Adobe Genuine Software Integrity Service Adobe Systems, Incorporated (Verified) Adobe Systems Incorporated
IAStorIcon.exe < 0.01 22,596 K 5,008 K 2936 IAStorIcon Intel Corporation (Verified) Intel Corporation
BTStackServer.exe < 0.01 31,784 K 3,392 K 3444 Bluetooth Stack COM Server Broadcom Corporation. (A certificate was explicitly revoked by its issuer) Broadcom Corporation.
svchost.exe < 0.01 17,140 K 9,276 K 1244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
conhost.exe < 0.01 1,144 K 1,484 K 3356 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
nvvsvc.exe < 0.01 3,588 K 596 K 1232 NVIDIA Driver Helper Service, Version 189.90 NVIDIA Corporation (Verified) NVIDIA Corporation
wmpnetwk.exe < 0.01 11,016 K 6,940 K 3796 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
MSOSYNC.EXE < 0.01 5,252 K 2,656 K 2452 Microsoft Office Document Cache Microsoft Corporation (Verified) Microsoft Corporation
csrss.exe < 0.01 2,140 K 1,700 K 472 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
chrome.exe < 0.01 40,736 K 45,568 K 3936 Google Chrome Google Inc. (Verified) Google Inc
OnekeyStudio.exe < 0.01 7,908 K 1,524 K 2304 Lenovo Onekey Theater Application Lenovo (Verified) Lenovo (Beijing) Limited
svchost.exe 0.01 4,772 K 3,416 K 744 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
BTTray.exe 0.01 7,768 K 3,432 K 2584 Bluetooth Tray Application Broadcom Corporation. (A certificate was explicitly revoked by its issuer) Broadcom Corporation.
explorer.exe 0.02 55,400 K 58,900 K 1848 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
IAStorDataMgrSvc.exe 0.02 18,064 K 4,000 K 2808 IAStorDataSvc Intel Corporation (Verified) Intel Corporation
LMS.exe 0.02 2,476 K 1,508 K 2176 Local Manageability Service Intel Corporation (Verified) Intel Corporation
SearchIndexer.exe 0.03 25,680 K 20,628 K 3160 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 0.07 28,840 K 16,020 K 1588 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.08 2,676 K 3,000 K 560 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe 0.10 130,944 K 94,360 K 904 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
SynTPEnh.exe 0.19 9,596 K 3,764 K 2256 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
chrome.exe 0.22 71,552 K 155,052 K 4400 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.28 128,132 K 117,848 K 480 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System 0.62 180 K 336 K 4
Interrupts 1.01 0 K 0 K n/a Hardware Interrupts and DPCs
procexp64.exe 1.95 31,264 K 48,956 K 4268 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
chrome.exe 3.20 42,728 K 59,472 K 2000 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 24.05 1,152,908 K 546,924 K 380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 68.08 0 K 24 K 0
 
 
*******************************************************************************************
frst64.txt Result:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-11-2016 01
Ran by joey (administrator) on JOEY-PC (20-11-2016 22:12:01)
Running from C:\Users\joey\Desktop\Fixer
Loaded Profiles: joey (Available Profiles: joey)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Bentley Systems Inc.) C:\Program Files (x86)\Bentley\Engineering\SPC Server v8i SS4\Bentley.Structural.PropertyCatalog.Server.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1894696 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-24] (Autodesk Inc.)
HKU\S-1-5-21-3334329050-1205438810-3444544024-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-3334329050-1205438810-3444544024-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-3334329050-1205438810-3444544024-1000\...\MountPoints2: {a5462f60-adf1-11e5-bcf9-806e6f6e6963} - E:\AutoLauncher.exe
HKU\S-1-5-21-3334329050-1205438810-3444544024-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP DeskJet 2130 series.lnk [2016-11-20]
ShortcutTarget: Monitor Ink Alerts - HP DeskJet 2130 series.lnk -> C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{54C8C10A-1541-48E5-8BB0-81B76293547E}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F885A14C-F9A5-4EAF-8326-A7FE5F25CBD7}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-3334329050-1205438810-3444544024-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3334329050-1205438810-3444544024-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-10-01] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-10-01] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-10-01] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3334329050-1205438810-3444544024-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3334329050-1205438810-3444544024-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-10-19]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\joey\AppData\Local\Google\Chrome\User Data\Default [2016-11-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-17]
CHR Extension: (Chrome Media Router) - C:\Users\joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-10-01]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk Inc.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
R2 Bentley Property Catalog Service; C:\Program Files (x86)\Bentley\Engineering\SPC Server v8i SS4\Bentley.Structural.PropertyCatalog.Server.exe [8704 2015-05-28] (Bentley Systems Inc.) [File not signed]
S3 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [197888 2010-01-22] (SMI)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [97792 2011-09-22] (WIBU-SYSTEMS AG)
U0 aswVmm; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-20 22:10 - 2016-11-20 22:10 - 00008566 _____ C:\Users\joey\Desktop\System Idle Process.txt
2016-11-20 22:03 - 2016-11-20 22:08 - 00006725 _____ C:\junk.txt
2016-11-20 19:42 - 2016-11-20 22:06 - 00000000 ____D C:\Users\joey\Desktop\Fixer
2016-11-20 15:10 - 2016-11-20 15:10 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-11-20 15:10 - 2016-11-20 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-20 15:09 - 2016-11-20 15:10 - 00000000 ____D C:\Program Files\CCleaner
2016-11-20 15:09 - 2016-11-20 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-11-20 15:09 - 2016-11-20 15:09 - 00000000 ____D C:\Program Files\Speccy
2016-11-20 14:56 - 2016-11-20 14:57 - 00001067 _____ C:\VEW.txt
2016-11-20 13:58 - 2016-11-20 13:59 - 00000000 ____D C:\Users\joey\Desktop\Right
2016-11-20 13:53 - 2016-11-20 13:53 - 00000000 ____D C:\Users\joey\Desktop\Left
2016-11-19 21:06 - 2016-11-20 22:12 - 00000000 ____D C:\FRST
2016-11-19 20:56 - 2016-11-19 20:57 - 00084442 _____ C:\Windows\ntbtlog.txt
2016-11-19 20:56 - 2016-11-19 20:56 - 319663712 _____ C:\Windows\MEMORY.DMP
2016-11-19 20:56 - 2016-11-19 20:56 - 00292320 _____ C:\Windows\Minidump\111916-27315-01.dmp
2016-11-19 20:56 - 2016-11-19 20:56 - 00000000 ____D C:\Windows\Minidump
2016-11-19 16:24 - 2016-11-20 06:32 - 00000000 ____D C:\AdwCleaner
2016-11-19 10:59 - 2016-11-19 10:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-19 10:44 - 2016-11-19 10:44 - 00000000 ____D C:\Users\joey\AppData\Roaming\AVG
2016-11-19 10:40 - 2016-11-19 10:40 - 00000000 ____D C:\Users\joey\AppData\Roaming\TuneUp Software
2016-11-19 10:29 - 2016-11-20 08:58 - 00000000 ____D C:\ProgramData\MFAData
2016-11-19 10:29 - 2016-11-19 10:29 - 00000000 ____D C:\Users\joey\AppData\Local\MFAData
2016-11-19 10:12 - 2016-11-19 10:13 - 03312392 _____ (AVG Technologies CZ, s.r.o.) C:\Users\joey\Downloads\AVG_Performance_709 (1).exe
2016-11-19 10:07 - 2016-11-19 10:08 - 03312392 _____ (AVG Technologies CZ, s.r.o.) C:\Users\joey\Downloads\AVG_Performance_709.exe
2016-11-19 10:06 - 2016-11-20 09:21 - 00000000 ____D C:\Users\joey\AppData\Local\AvgSetupLog
2016-11-19 10:06 - 2016-11-20 09:21 - 00000000 ____D C:\ProgramData\Avg
2016-11-19 10:06 - 2016-11-20 08:58 - 00000000 ____D C:\Users\joey\AppData\Local\Avg
2016-11-19 10:05 - 2016-11-19 10:06 - 03312896 _____ (AVG Technologies CZ, s.r.o.) C:\Users\joey\Downloads\AVG_Protection_Free_1606.exe
2016-11-19 08:22 - 2016-11-19 08:22 - 00000000 ____D C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2016-10-27 23:55 - 2016-10-27 23:58 - 16112168 _____ (EaseUS ) C:\Users\joey\Downloads\drw_trial.exe
2016-10-27 23:54 - 2016-10-27 23:56 - 04426120 _____ (Piriform Ltd) C:\Users\joey\Downloads\rcsetup152.exe
2016-10-27 01:20 - 2016-10-27 01:20 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-10-27 01:19 - 2016-10-27 01:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-10-27 01:19 - 2016-10-27 01:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-10-27 00:51 - 2016-10-27 00:51 - 00925628 _____ C:\Users\joey\Documents\duplicate.txt
2016-10-26 04:05 - 2016-11-19 22:52 - 00007596 _____ C:\Users\joey\AppData\Local\Resmon.ResmonCfg
2016-10-25 22:53 - 2016-10-25 22:57 - 08270712 _____ (Piriform Ltd) C:\Users\joey\Downloads\ccsetup523.exe
2016-10-25 22:50 - 2016-10-25 22:58 - 00000000 ____D C:\Users\joey\Downloads\New folder
2016-10-24 22:43 - 2016-10-24 22:58 - 02376392 _____ (BitTorrent Inc.) C:\Users\joey\Downloads\BitTorrent.exe
2016-10-24 21:27 - 2016-10-24 21:28 - 00000000 ____D C:\Windows\TempEB4B5FE3-6894-BCEF-886D-52A735640C0C-Signatures
2016-10-24 17:50 - 2016-10-27 01:20 - 00001945 _____ C:\Windows\epplauncher.mif
2016-10-24 17:40 - 2016-10-24 17:41 - 14324408 _____ (Microsoft Corporation) C:\Users\joey\Downloads\mseinstall.exe
2016-10-24 16:38 - 2016-10-24 16:38 - 00010120 ____N C:\bootsqm.dat
2016-10-24 11:27 - 2016-10-24 11:26 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-10-24 09:02 - 2016-10-26 19:51 - 00000000 ____D C:\Windows\pss
2016-10-24 08:18 - 2016-10-24 08:18 - 00044952 _____ () C:\Windows\system32\Drivers\staport.sys
2016-10-24 08:16 - 2016-11-20 08:44 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-24 00:43 - 2016-11-20 21:31 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-10-24 00:19 - 2016-10-24 11:26 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.147728010658107
2016-10-24 00:19 - 2016-10-24 11:26 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.147728011041810
2016-10-24 00:19 - 2016-10-24 11:26 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.147728011419412
2016-10-23 16:26 - 2014-05-15 00:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-10-23 16:26 - 2014-05-15 00:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-10-23 16:26 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-10-23 16:26 - 2014-05-15 00:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-10-23 16:26 - 2014-05-15 00:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-10-23 16:26 - 2014-05-15 00:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-10-23 16:26 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-10-23 16:26 - 2014-05-15 00:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-10-23 16:26 - 2014-05-15 00:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-10-23 16:26 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-10-23 16:26 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-10-23 16:26 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-10-23 16:26 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-10-23 16:26 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-10-23 08:15 - 2016-10-23 08:15 - 00000000 ____D C:\ProgramData\CyberLink
2016-10-23 00:21 - 2016-10-23 00:17 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-10-22 23:57 - 2016-10-22 23:57 - 00000000 ____D C:\Users\joey\AppData\Local\Downloaded Installations
2016-10-22 23:49 - 2016-10-23 00:37 - 00000000 ____D C:\Users\joey\AppData\Local\IIIQF
2016-10-22 22:35 - 2016-10-22 23:42 - 00002072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-10-22 22:35 - 2016-10-22 23:42 - 00001918 _____ C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2016-10-22 22:35 - 2016-10-22 23:42 - 00001918 _____ C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk
2016-10-21 16:30 - 2016-10-21 16:30 - 00090375 _____ C:\Users\joey\Downloads\DryStar Electrical Specification.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-20 22:05 - 2015-12-29 08:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-20 21:38 - 2009-07-14 12:45 - 00021088 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-20 21:38 - 2009-07-14 12:45 - 00021088 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-20 21:31 - 2016-10-19 19:24 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-11-20 21:31 - 2016-10-19 19:24 - 00000000 ____D C:\ProgramData\Documents\AdobeGC
2016-11-20 21:31 - 2015-12-29 08:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-20 21:31 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\tracing
2016-11-20 21:30 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-20 18:15 - 2009-07-14 13:08 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-20 08:40 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2016-11-19 20:43 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-17 07:18 - 2016-09-07 20:38 - 00000452 __RSH C:\ProgramData\ntuser.pol
2016-11-15 13:04 - 2015-12-28 22:25 - 00000000 ____D C:\Users\joey\Documents\Bluetooth Exchange Folder
2016-11-15 10:26 - 2015-12-29 08:50 - 00000000 ____D C:\Users\joey\AppData\Local\Google
2016-11-07 04:02 - 2009-07-14 13:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-01 10:54 - 2015-12-28 23:03 - 00000000 ____D C:\Users\joey\AppData\Local\Autodesk
2016-10-30 14:55 - 2015-12-29 00:08 - 00000000 ____D C:\Users\joey\AppData\Roaming\vlc
2016-10-28 09:22 - 2010-11-21 11:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-28 00:25 - 2015-12-28 22:15 - 00000000 ____D C:\Users\joey
2016-10-25 23:24 - 2015-12-29 14:01 - 00000000 ____D C:\Windows\Panther
2016-10-25 23:24 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\ModemLogs
2016-10-25 05:26 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Vss
2016-10-24 23:52 - 2016-10-01 19:34 - 00000000 ____D C:\Users\joey\AppData\LocalLow\BitTorrent
2016-10-24 22:57 - 2015-12-29 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2016-10-24 11:15 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-10-24 09:07 - 2015-12-29 08:50 - 00000000 ____D C:\Program Files\Google
2016-10-24 09:07 - 2015-12-29 08:50 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-23 08:47 - 2016-10-17 00:36 - 00000000 ____D C:\Users\joey\Documents\Outlook Files
2016-10-23 00:37 - 2010-11-21 15:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-10-23 00:37 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-10-23 00:37 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-10-23 00:37 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration
2016-10-22 23:51 - 2009-07-14 10:34 - 00000644 _____ C:\Windows\win.ini
2016-10-21 23:40 - 2016-10-14 17:38 - 00000000 ____D C:\Users\joey\AppData\Local\Wings of Prey
 
==================== Files in the root of some directories =======
 
2016-08-30 22:26 - 2016-08-30 22:26 - 0003584 _____ () C:\Users\joey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-26 04:05 - 2016-11-19 22:52 - 0007596 _____ () C:\Users\joey\AppData\Local\Resmon.ResmonCfg
2015-12-29 08:45 - 2015-12-29 08:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-10-01 20:40 - 2016-10-01 20:40 - 0000092 _____ () C:\ProgramData\CameraRecorder.ini
2015-12-28 23:02 - 2015-12-28 23:02 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Some files in TEMP:
====================
C:\Users\joey\AppData\Local\Temp\libeay32.dll
C:\Users\joey\AppData\Local\Temp\msvcr120.dll
C:\Users\joey\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-16 22:24
 
==================== End of FRST.txt ============================
 
 
*****************************************************
Addition.txt Result 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2016 01
Ran by joey (20-11-2016 22:14:11)
Running from C:\Users\joey\Desktop\Fixer
Windows 7 Professional Service Pack 1 (X64) (2015-12-28 14:14:57)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3334329050-1205438810-3444544024-500 - Administrator - Disabled)
Guest (S-1-5-21-3334329050-1205438810-3444544024-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3334329050-1205438810-3444544024-1002 - Limited - Enabled)
joey (S-1-5-21-3334329050-1205438810-3444544024-1000 - Administrator - Enabled) => C:\Users\joey
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.18 - Adobe Systems)
AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Bentley OpenSTAADOEM (HKLM-x32\...\{4F180E04-ED69-40A7-95F0-2228E5C60AB2}) (Version: 08.02.09.41 - Bentley Systems, Inc.)
Bentley SPC Server v8i SS4 (HKLM-x32\...\{C88234D5-2327-4B3D-9D75-9F2749930B04}) (Version: 8.11.11.14 - Bentley Systems, Inc.)
Bentley Structure Property Catalog V8i SS4 v3.1.4.2 (HKLM-x32\...\{1D70E5D3-34E6-4EE8-BFB7-AB1DDC8DE0D1}) (Version: 3.1.4.2 - Bentley Systems, Inc.)
Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.62 - Conexant)
DriverDoc (x32 Version: 1.3.2 - Solvusoft Corporation) Hidden
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.8 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP DeskJet 2130 series Basic Device Software (HKLM\...\{54A80AED-ADB5-4D32-83F2-A9A5DF4ED2C1}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP DeskJet 2130 series Help (HKLM-x32\...\{1CDFD3C9-BDF8-4DDC-BDA2-EBC53F938B5F}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Lenovo EasyCamera (HKLM\...\Lenovo EasyCamera) (Version: 5.38.2.4 - Silicon Motion)
Lenovo EasyCamera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.38.2.4 - Silicon Motion)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.61.39 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.7 - Lenovo)
PipeLink for STAAD.Pro V8i (Build 20.14.11.04) (HKLM-x32\...\{A7979F57-9431-4CD4-AE4B-50D407EBA400}) (Version: 20.14.11.04 - Bentley Systems, Inc.)
Product Improvement Study for HP DeskJet 2130 series (HKLM\...\{EA4DB54A-FAE0-4FDA-A66D-AEB8F5FFBE83}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
SketchUp 2015 (HKLM\...\{319CD380-1AAB-4CAD-BE1D-59189A780FA6}) (Version: 15.2.685 - Trimble Navigation Limited)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
STAAD.foundation V8i (SELECTseries 4) Release 5.3 (HKLM-x32\...\{EF9432B0-F705-46FB-A864-2AE17F571E7A}) (Version: 05.03.00.37 - Bentley Systems Inc.)
STAAD.Pro V8i SELECTseries 6 (HKLM-x32\...\{8A6D0892-27A0-4429-8C85-15DCF73B8529}) (Version: 20.07.11.33 - Bentley Systems, Inc.)
StrucLink for STAAD.Pro V8i (Build 20.14.11.05) (HKLM-x32\...\{127FE612-C33A-410E-B11C-A98025A6D366}) (Version: 20.14.11.05 - Bentley Systems, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3334329050-1205438810-3444544024-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3334329050-1205438810-3444544024-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3334329050-1205438810-3444544024-1000_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3334329050-1205438810-3444544024-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {609C0955-D202-4C46-BAC3-0A17B40E1164} - System32\Tasks\HPCustParticipation HP DeskJet 2130 series => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP)
Task: {7819E578-BC76-4965-AE5B-8AD3811D046D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-04] (Google Inc.)
Task: {AB60778F-F579-4541-A8AB-14EACA45F0CB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-27] (Piriform Ltd)
Task: {C228B85B-C298-47C9-98EA-00620EF063A5} - \DriverDoc Auto Start -> No File <==== ATTENTION
Task: {C266F004-4397-4429-B0A9-8827E69C46AB} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION
Task: {F18AC037-012D-451D-AB2D-6C2AE1296242} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-04] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\joey\Desktop\Left\Shortcuts\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
Shortcut: C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
 
ShortcutWithArgument: C:\Users\joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-12-28 22:28 - 2009-12-19 02:52 - 00201120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2015-12-28 22:28 - 2009-12-19 02:53 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-08-11 16:59 - 2009-08-11 16:59 - 00173344 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2015-12-28 22:28 - 2009-12-19 02:52 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2015-12-28 22:28 - 2009-12-19 02:50 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2015-12-28 22:28 - 2009-12-19 02:51 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2015-12-28 22:19 - 2009-12-23 17:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-12-28 23:04 - 2016-02-24 12:48 - 00062024 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2015-12-28 23:04 - 2016-02-24 12:47 - 00110664 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2016-11-15 11:09 - 2016-11-09 04:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 11:09 - 2016-11-09 04:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-3334329050-1205438810-3444544024-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-10-24 23:58 - 2016-10-26 21:14 - 00000828 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3334329050-1205438810-3444544024-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\joey\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: BitTorrent => "C:\Users\joey\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Energy Management => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
MSCONFIG\startupreg: EnergyUtility => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{FC761DEB-9513-494F-AF3B-A2BB17AD68AC}] => (Allow) LPort=50248
FirewallRules: [{71AA814A-4BC7-4225-B86F-64CE3514385B}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe
FirewallRules: [{4B08A3D5-E199-4CE6-83E5-A7E9601BAE46}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{EE75F78E-92CE-4569-8889-D616C60B0D39}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4BF0C8D7-D3A3-4A23-A1EC-0AF6CB55242A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{D0C1DD3E-2A61-4EB0-ABEC-0FBD2AF9DF7B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
 
==================== Restore Points =========================
 
24-10-2016 21:22:28 Windows Update
25-10-2016 03:00:30 Windows Update
10-11-2016 09:04:02 Windows Update
15-11-2016 18:54:57 Windows Update
19-11-2016 10:30:18 Installed AVG 2016
19-11-2016 10:33:45 Installed AVG
19-11-2016 16:32:46 JRT Pre-Junkware Removal
19-11-2016 16:46:46 Windows Update
20-11-2016 08:37:32 Removed AVG
20-11-2016 08:44:26 Removed AVG 2016
20-11-2016 09:05:18 Removed Visual Studio 2012 x64 Redistributables
20-11-2016 09:22:49 Removed Visual Studio 2012 x86 Redistributables
20-11-2016 09:24:18 Removed Visual Studio 2012 x64 Redistributables
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/20/2016 09:32:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/20/2016 06:17:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/20/2016 02:07:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (11/20/2016 07:45:54 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.233.86.0
 
Update Source: Microsoft Update Server
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13303.0
 
Error code: 0x8024001e
 
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
 
Error: (11/20/2016 06:16:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Rapid Storage Technology service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/20/2016 06:16:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.
 
Error: (11/20/2016 04:29:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
 
Error: (11/20/2016 04:28:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UNS service.
 
 
CodeIntegrity:
===================================
  Date: 2016-10-26 02:45:19.803
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-26 02:45:19.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-26 02:45:19.756
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-26 02:45:19.740
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-26 02:45:19.725
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-26 02:45:19.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-26 02:45:11.847
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-26 02:45:11.815
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-26 02:45:11.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-26 02:45:11.769
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 87%
Total physical RAM: 1974.85 MB
Available physical RAM: 244.51 MB
Total Virtual: 4935.85 MB
Available Virtual: 1907.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:195.21 GB) (Free:133.68 GB) NTFS
Drive d: (Data) (Fixed) (Total:269.36 GB) (Free:221.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=269.4 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1.1 GB) - (Type=12)
 
==================== End of Addition.txt ============================
 

  • 0

Advertisements

#17
RKinner
Posted 20 November 2016 - 09:15 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

I expect the freezes are coming from Intel® Rapid Storage Technology.  See if you can update it on the Lenovo or Interl site.

 

We can remove some deadwood with a fixlist.

 

 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
Then run FRST again with the Addition.txt box checked before hitting Scan.  Post both logs.
 
The slowness is probably caused by Windows Updates.  Search for
 
services.msc
and hit Enter
 
Scroll down to Windows Updates and Stop the service.
 
Run Process Explorer again and see if System Idle is now about 90% or better.
 
If it is then try:
Restart the Windows Update Service then get the 
System Update Readiness Tool for Windows 7
 
 
 
 
Once that runs- may take a few hours - then get
 
 KB3083710 and KB3102810
 
 
 
Then run Process Explorer and post the new log.

 


  • 0

#18
aevimaob
Posted 21 November 2016 - 09:42 AM

aevimaob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Sorry for late reply sir. Right now I'm doing your instructions. thank you 


  • 0

#19
aevimaob
Posted 21 November 2016 - 09:49 AM

aevimaob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

fixlist.txt Result

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01
Ran by joey (21-11-2016 23:42:32) Run:1
Running from C:\Users\joey\Desktop\Fixer
Loaded Profiles: joey (Available Profiles: joey)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKU\S-1-5-21-3334329050-1205438810-3444544024-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = 
Toolbar: HKU\S-1-5-21-3334329050-1205438810-3444544024-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
Task: {C228B85B-C298-47C9-98EA-00620EF063A5} - \DriverDoc Auto Start -> No File <==== ATTENTION
Task: {C266F004-4397-4429-B0A9-8827E69C46AB} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION
Shortcut: C:\Users\joey\Desktop\Left\Shortcuts\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
Shortcut: C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
ShortcutWithArgument: C:\Users\joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
 
 
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKU\S-1-5-21-3334329050-1205438810-3444544024-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3334329050-1205438810-3444544024-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C228B85B-C298-47C9-98EA-00620EF063A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C228B85B-C298-47C9-98EA-00620EF063A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverDoc Auto Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C266F004-4397-4429-B0A9-8827E69C46AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C266F004-4397-4429-B0A9-8827E69C46AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => key removed successfully
C:\Users\joey\Desktop\Left\Shortcuts\Gооglе Сhrоmе.lnk => moved successfully
C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk => moved successfully
C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk => moved successfully
C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk => moved successfully
C:\Users\joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk => moved successfully
C:\Users\joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
 
==== End of Fixlog 23:42:48 ====
 
********************************************************************************
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01
Ran by joey (21-11-2016 23:42:32) Run:1
Running from C:\Users\joey\Desktop\Fixer
Loaded Profiles: joey (Available Profiles: joey)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKU\S-1-5-21-3334329050-1205438810-3444544024-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = 
Toolbar: HKU\S-1-5-21-3334329050-1205438810-3444544024-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
Task: {C228B85B-C298-47C9-98EA-00620EF063A5} - \DriverDoc Auto Start -> No File <==== ATTENTION
Task: {C266F004-4397-4429-B0A9-8827E69C46AB} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION
Shortcut: C:\Users\joey\Desktop\Left\Shortcuts\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
Shortcut: C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
ShortcutWithArgument: C:\Users\joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
 
 
*****************
 
System Idle Process.txt Result
 
Note: After the frst64 scan with fixlist
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKU\S-1-5-21-3334329050-1205438810-3444544024-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3334329050-1205438810-3444544024-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C228B85B-C298-47C9-98EA-00620EF063A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C228B85B-C298-47C9-98EA-00620EF063A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverDoc Auto Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C266F004-4397-4429-B0A9-8827E69C46AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C266F004-4397-4429-B0A9-8827E69C46AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => key removed successfully
C:\Users\joey\Desktop\Left\Shortcuts\Gооglе Сhrоmе.lnk => moved successfully
C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk => moved successfully
C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk => moved successfully
C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk => moved successfully
C:\Users\joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk => moved successfully
C:\Users\joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
 
==== End of Fixlog 23:42:48 ====
 
Next Step on going..

  • 0

#20
aevimaob
Posted 22 November 2016 - 03:06 AM

aevimaob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
New System Idle Process Result after installing everything. 
 
 
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
acrotray.exe 2,544 K 4,712 K 2328 AcroTray Adobe Systems Inc. (Verified) Adobe Systems
AdAppMgrSvc.exe 5,900 K 16,444 K 2376 Autodesk Application Manager Autodesk Inc. (Verified) Autodesk
AdobeGCClient.exe 3,456 K 5,160 K 2600 Adobe GC Client Application Adobe Systems, Incorporated (Verified) Adobe Systems Incorporated
audiodg.exe 16,588 K 16,116 K 984 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
Bentley.Structural.PropertyCatalog.Server.exe 30,148 K 10,508 K 1620 Bentley.Structural.PropertyCatalog.Server for Windows Bentley Systems Inc. (No signature was present in the subject) Bentley Systems Inc.
BluetoothHeadsetProxy.exe 1,404 K 3,732 K 3860 Bluetooth Headset Skype Proxy Broadcom Corporation. (A certificate was explicitly revoked by its issuer) Broadcom Corporation.
cAudioFilterAgent64.exe 2,420 K 4,736 K 2116 Conexant High Definition Audio Filter Agent Conexant Systems, Inc. (Verified) Conexant Systems
chrome.exe 1,428 K 4,240 K 3908 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 61,800 K 59,760 K 368 Google Chrome Google Inc. (Verified) Google Inc
conhost.exe 1,060 K 2,148 K 1456 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
Connect.Service.ContentService.exe 37,128 K 16,736 K 548 AutoCAD component Autodesk, Inc. (Verified) Autodesk
FNPLicensingService64.exe 1,840 K 3,140 K 2144 Activation Licensing Service Flexera Software LLC (Verified) Flexera Software LLC
MSOSYNC.EXE 5,236 K 7,596 K 2620 Microsoft Office Document Cache Microsoft Corporation (Verified) Microsoft Corporation
msseces.exe 7,156 K 9,708 K 2496 Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
nvvsvc.exe 1,640 K 3,224 K 824 NVIDIA Driver Helper Service, Version 189.90 NVIDIA Corporation (Verified) NVIDIA Corporation
OnekeyStudio.exe 7,928 K 8,264 K 2456 Lenovo Onekey Theater Application Lenovo (Verified) Lenovo (Beijing) Limited
OnekeySupport.exe 1,388 K 3,964 K 2548 (Verified) Lenovo (Beijing) Limited
procexp.exe 2,684 K 6,932 K 3724 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
SearchFilterHost.exe 2,584 K 6,124 K 3304 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
smss.exe 536 K 1,108 K 340 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 7,740 K 8,836 K 1568 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
sppsvc.exe 8,036 K 13,328 K 4068 Microsoft Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,292 K 8,308 K 1116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,776 K 42,320 K 3792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,128 K 4,356 K 3116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,004 K 4,496 K 2656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,564 K 2,656 K 3620 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
taskeng.exe 2,028 K 4,384 K 2024 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
UNS.exe 3,684 K 8,276 K 3704 User Notification Service Intel Corporation (Verified) Intel Corporation
wininit.exe 1,904 K 3,632 K 524 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 3,624 K 5,532 K 676 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 1,956 K 4,248 K 1416 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,956 K 7,192 K 4616 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,180 K 6,600 K 3496 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 11,544 K 27,000 K 2092 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
AGSService.exe < 0.01 2,148 K 5,084 K 1724 Adobe Genuine Software Integrity Service Adobe Systems, Incorporated (Verified) Adobe Systems Incorporated
SearchProtocolHost.exe < 0.01 3,356 K 6,236 K 3980 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
IAStorIcon.exe < 0.01 22,516 K 14,996 K 3036 IAStorIcon Intel Corporation (Verified) Intel Corporation
lsm.exe < 0.01 2,608 K 3,656 K 612 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe < 0.01 4,596 K 8,700 K 2688 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,096 K 3,472 K 468 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
nvvsvc.exe < 0.01 3,552 K 5,364 K 1172 NVIDIA Driver Helper Service, Version 189.90 NVIDIA Corporation (Verified) NVIDIA Corporation
svchost.exe < 0.01 17,800 K 14,072 K 1012 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe < 0.01 3,672 K 6,356 K 1792 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
services.exe < 0.01 6,696 K 6,916 K 592 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 23,684 K 14,664 K 1688 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
NisSrv.exe 0.01 14,564 K 9,080 K 2880 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
BTTray.exe 0.02 7,916 K 14,072 K 2664 Bluetooth Tray Application Broadcom Corporation. (A certificate was explicitly revoked by its issuer) Broadcom Corporation.
IAStorDataMgrSvc.exe 0.02 19,116 K 11,512 K 2860 IAStorDataSvc Intel Corporation (Verified) Intel Corporation
LMS.exe 0.02 2,400 K 4,208 K 2208 Local Manageability Service Intel Corporation (Verified) Intel Corporation
svchost.exe 0.03 16,748 K 14,324 K 1232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.04 30,240 K 64,980 K 3796 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.10 4,212 K 6,304 K 864 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
BTStackServer.exe 0.10 31,784 K 12,104 K 3564 Bluetooth Stack COM Server Broadcom Corporation. (A certificate was explicitly revoked by its issuer) Broadcom Corporation.
svchost.exe 0.11 10,860 K 11,812 K 1600 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.12 23,452 K 30,420 K 464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.12 60,020 K 80,224 K 1564 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.13 4,884 K 7,296 K 760 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.15 97,576 K 97,752 K 352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.19 2,588 K 7,284 K 544 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.19 43,428 K 54,296 K 1952 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 0.22 8,840 K 13,876 K 600 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe 0.52 134,140 K 108,316 K 932 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
System 0.57 184 K 748 K 4
dwm.exe 0.60 28,120 K 20,052 K 1896 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 0.60 2,444 K 5,868 K 4788 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
SynTPEnh.exe 0.83 8,724 K 10,244 K 2268 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
Interrupts 0.90 0 K 0 K n/a Hardware Interrupts and DPCs
procexp64.exe 6.45 29,168 K 47,236 K 708 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 87.94 0 K 24 K 0

  • 0

#21
RKinner
Posted 22 November 2016 - 05:50 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Where you able to update  Intel® Rapid Storage Technology?

 

You missed this one:

 

Then run FRST again with the Addition.txt box checked before hitting Scan.  Post both logs.


  • 0

#22
aevimaob
Posted 22 November 2016 - 06:51 AM

aevimaob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Sir How am I going to update the Intel® Rapid Storage Technology?


  • 0

#23
RKinner
Posted 22 November 2016 - 07:29 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

http://www.intel.com...ort/detect.html


  • 0

#24
aevimaob
Posted 22 November 2016 - 10:24 AM

aevimaob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Sir. it says that no drivers were detected for your product. what to do now?


  • 0

#25
RKinner
Posted 22 November 2016 - 10:22 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Did you check the PC maker's website?  


  • 0

Advertisements

#26
aevimaob
Posted 23 November 2016 - 07:26 AM

aevimaob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

I checked the laptop company maker(Lenovo), yet there were no update nor the Intel Rapid Storage Tech Driver


  • 0

#27
RKinner
Posted 23 November 2016 - 07:27 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

What version of  Intel® Rapid Storage Technology do you have?


  • 0

#28
aevimaob
Posted 24 November 2016 - 05:10 AM

aevimaob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Intel Rapid Storage Technology 9.5.6.1002


  • 0

#29
RKinner
Posted 24 November 2016 - 07:27 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

That's a pretty old driver.  The latest is 15.2.0.1020 but that one might be too advanced for your motherboard.  I would try 14. 8 

 

https://downloadcent...r?product=55005


  • 0

#30
aevimaob
Posted 24 November 2016 - 09:02 AM

aevimaob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Sir How am I going to put this update? Should I copy and paste it on the Intel Rapid Storage technology folder?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Malware, Virus, Spyware Help

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP