Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

boot up issue


  • Please log in to reply

#1
walters12

walters12

    New Member

  • Member
  • Pip
  • 8 posts

Whenever i boot my laptop up i see this message.

 

"The module 'C:\ProgramData\joxeyUxudu\QojkeTapog.nko' failed to load.

 

Make sure the binary  is sorted at the specified  path or debug it to check for problem with the binary or  dependent.DLL files.

 

the specified module could not be found."

 

Any ideas? 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 18,779 posts
  • MVP
 
  •  
  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    walters12

    walters12

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
    Ran by Holly (administrator) on HOLLYS-LAPTOP (16-03-2017 21:43:27)
    Running from C:\Users\Holly\Downloads
    Loaded Profiles: Holly (Available Profiles: Holly)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
    (Advent) C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (DSGi) C:\Program Files (x86)\Advent\AIO\StatusMonitor\ADPrinterSDK.exe
    (Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
    (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Wistron Corp.) C:\Program Files\Launch Manager\HotkeyApp.exe
    (DSGi) C:\Program Files (x86)\Advent\AIO\StatusMonitor\ADStatusMonitor.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
    (Microsoft Corporation) C:\Windows\System32\osk.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Microsoft Corporation) C:\Windows\System32\AtBroker.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Windows\System32\AtBroker.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\AtBroker.exe
    (Microsoft Corporation) C:\Windows\System32\AtBroker.exe
    (Microsoft Corporation) C:\Windows\System32\AtBroker.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
    HKLM-x32\...\Run: [{CDF13D74-E6AA-4006-818A-B360D6A3573C}] => C:\Program Files\Launch Manager\HotkeyApp.exe [415272 2012-03-01] (Wistron Corp.)
    HKLM-x32\...\Run: [ADStatusMonitor] => C:\PROGRAM FILES (X86)\ADVENT\AIO\STATUSMONITOR\ADStatusMonitor.exe [2790816 2012-10-31] (DSGi)
    HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [114480 2016-10-27] (Panda Security, S.L.)
    HKLM-x32\...\Run: [DLLSuite2016] => C:\Program Files (x86)\DLL Suite\DLLSuite.exe
    HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3491399957-4132394281-3865697256-1000\...\Run: [JoxeyUxudu] => regsvr32.exe "C:\ProgramData\JoxeyUxudu\QojxeTapog.nko"
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
    GroupPolicyScripts: Restriction <======= ATTENTION
    GroupPolicyScripts-x32: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [S-1-5-21-3491399957-4132394281-3865697256-1000] => http=127.0.0.1:12537
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{8f060a73-d381-4daa-80ac-0643fe10e761}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{9836a2a1-04cc-4bdc-b6cb-25062c807e97}: [DhcpNameServer] 172.168.130.2

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3491399957-4132394281-3865697256-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={7FD07789-7AFB-4ABF-9E98-9A09BA14FFED}&mid=734d7442b75847cd8c0fa5ac05bde478-f51cedec47cacf3a1db5cfbbf1c1f42c9b524c30&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-05-12 19:55:53&v=4.3.7.452&pid=wtu&sg=&sap=hp
    HKU\S-1-5-21-3491399957-4132394281-3865697256-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3491399957-4132394281-3865697256-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    SearchScopes: HKU\S-1-5-21-3491399957-4132394281-3865697256-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7FD07789-7AFB-4ABF-9E98-9A09BA14FFED}&mid=734d7442b75847cd8c0fa5ac05bde478-f51cedec47cacf3a1db5cfbbf1c1f42c9b524c30&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2015-05-12 19:55:53&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
    BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2016-09-19] ()
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-10-28] (Atheros Commnucations)
    BHO-x32: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2016-09-19] ()
    Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2016-09-19] ()
    Toolbar: HKLM-x32 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2016-09-19] ()
    Toolbar: HKU\S-1-5-21-3491399957-4132394281-3865697256-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2009-05-01] (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-21] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-21] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
    CHR Profile: C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default [2017-03-07]
    CHR Extension: (Google Drive) - C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
    CHR Extension: (YouTube) - C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
    CHR Extension: (Google Search) - C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
    CHR Extension: (Google Docs Offline) - C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-26]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22]
    CHR Extension: (Gmail) - C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-27]
    CHR Extension: (Chrome Media Router) - C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-01]
    CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Advent AiO Network Discovery Service; C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe [395200 2012-10-31] (Advent)
    R2 ADVENT AIO Status Monitor Service; C:\Program Files (x86)\Advent\AIO\StatusMonitor\ADPrinterSDK.exe [722336 2012-10-31] (DSGi)
    S4 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited)
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
    R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109816 2016-10-24] (Panda Security, S.L.)
    R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
    R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-11-06] (Visicom Media Inc.)
    R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-10-27] (Panda Security, S.L.)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
    R2 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [119848 2011-12-21] (Wistron Corp.)
    R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-28] (Atheros) [File not signed]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2014-12-11] (AVG Technologies)
    S4 DamageGuard; C:\WINDOWS\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-11] (Lenovo)
    S4 dgFltr; C:\WINDOWS\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-06-20] (Malwarebytes Corporation)
    R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [106928 2016-07-05] (Panda Security, S.L.)
    R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211376 2016-07-05] (Panda Security, S.L.)
    R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [119728 2016-07-05] (Panda Security, S.L.)
    R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [125872 2016-07-05] (Panda Security, S.L.)
    R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [80152 2016-07-06] (Panda Security, S.L.)
    R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [116656 2016-07-05] (Panda Security, S.L.)
    R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [90032 2016-07-05] (Panda Security, S.L.)
    R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [135088 2016-07-05] (Panda Security, S.L.)
    R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [335792 2016-07-05] (Panda Security, S.L.)
    R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [197040 2016-07-05] (Panda Security, S.L.)
    R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [123312 2016-07-05] (Panda Security, S.L.)
    R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [278960 2016-07-05] (Panda Security, S.L.)
    R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [125360 2016-07-05] (Panda Security, S.L.)
    R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
    R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [179120 2016-10-24] (Panda Security, S.L.)
    R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [130992 2016-10-24] (Panda Security, S.L.)
    R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207792 2016-10-24] (Panda Security, S.L.)
    R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [133552 2016-10-24] (Panda Security, S.L.)
    R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [146864 2016-10-24] (Panda Security, S.L.)
    R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [117168 2016-10-24] (Panda Security, S.L.)
    U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [72112 2016-08-09] (Panda Security, S.L.)
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    U3 idsvc; no ImagePath
    U3 wpcsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-03-16 21:41 - 2017-03-16 21:41 - 00000000 _____ C:\Users\Holly\Downloads\Shortcut.txt
    2017-03-16 21:31 - 2017-03-16 21:33 - 00044141 _____ C:\Users\Holly\Downloads\Addition.txt
    2017-03-16 21:29 - 2017-03-16 21:43 - 00018694 _____ C:\Users\Holly\Downloads\FRST.txt
    2017-03-16 21:28 - 2017-03-16 21:43 - 00000000 ____D C:\FRST
    2017-03-16 21:28 - 2017-03-16 21:28 - 02424832 _____ (Farbar) C:\Users\Holly\Downloads\FRST64.exe
    2017-03-16 21:25 - 2017-03-16 21:25 - 01766912 _____ (Farbar) C:\Users\Holly\Downloads\FRST.exe
    2017-03-15 23:17 - 2017-03-15 23:17 - 00028012 _____ C:\Users\Holly\Downloads\Contract Note (3).pdf
    2017-03-15 23:17 - 2017-03-15 23:17 - 00027928 _____ C:\Users\Holly\Downloads\Contract Note (2).pdf
    2017-03-15 23:16 - 2017-03-15 23:16 - 00027936 _____ C:\Users\Holly\Downloads\Contract Note (1).pdf
    2017-03-15 22:59 - 2017-03-15 22:59 - 00027929 _____ C:\Users\Holly\Downloads\Contract Note.pdf
    2017-03-08 23:13 - 2017-03-08 23:13 - 00602112 _____ (OldTimer Tools) C:\Users\Holly\Downloads\OTL (1).exe
    2017-03-08 23:10 - 2017-03-16 20:55 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C03AE0F5-EF8F-44BD-8AB1-34DAC66F4A94}
    2017-03-08 23:02 - 2017-03-08 23:02 - 00000000 ____D C:\_OTL
    2017-03-08 22:42 - 2017-03-08 22:42 - 00003286 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2017-03-08 22:38 - 2017-03-08 23:18 - 00003988 _____ C:\Users\Holly\Downloads\OTL.Txt
    2017-03-08 22:28 - 2017-03-08 22:28 - 00602112 _____ (OldTimer Tools) C:\Users\Holly\Downloads\OTL.exe
    2017-03-08 02:33 - 2017-03-08 02:33 - 01101824 _____ C:\Users\Holly\Downloads\v3.3.90_Dll_Files_Fixer_License_Key_Crack_Free_Download (1).iso
    2017-03-08 02:31 - 2017-03-08 02:31 - 01101824 _____ C:\Users\Holly\Downloads\v3.3.90_Dll_Files_Fixer_License_Key_Crack_Free_Download.iso
    2017-03-08 02:31 - 2017-03-08 02:31 - 00000000 ____D C:\Users\Public\CyberLink
    2017-03-08 02:31 - 2017-03-08 02:31 - 00000000 ____D C:\Users\Holly\AppData\Roaming\CyberLink
    2017-03-08 02:17 - 2017-03-08 02:37 - 00000460 _____ C:\WINDOWS\Tasks\TechUtilities.job
    2017-03-08 02:17 - 2017-03-08 02:17 - 00003316 _____ C:\WINDOWS\System32\Tasks\TechUtilities
    2017-03-08 02:17 - 2017-03-08 02:17 - 00000924 _____ C:\Users\Public\Desktop\TechUtilities.lnk
    2017-03-08 02:17 - 2017-03-08 02:17 - 00000000 ____D C:\ProgramData\TechUtilities64
    2017-03-08 02:17 - 2017-03-08 02:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechUtilities
    2017-03-08 02:16 - 2017-03-08 02:17 - 00000000 ____D C:\Program Files\TechUtilities
    2017-03-08 02:15 - 2017-03-08 02:16 - 02282656 _____ (Seven Servos Software Pvt Ltd. ) C:\Users\Holly\Downloads\TechUtilities_setup_1.9.exe
    2017-03-08 02:06 - 2017-03-08 23:10 - 00000000 ____D C:\Program Files (x86)\DLL Suite
    2017-03-08 02:04 - 2017-03-08 02:05 - 21289424 _____ ( ) C:\Users\Holly\Downloads\DLLSuite.exe
    2017-03-08 01:56 - 2017-03-08 01:56 - 00000000 ____D C:\Users\Holly\Documents\DLL-Files Fixer 3.3.90.3079 (FULL + Crack)
    2017-03-08 01:04 - 2017-03-08 01:58 - 00000000 ____D C:\Program Files (x86)\DLL Care
    2017-03-08 00:29 - 2017-03-08 00:35 - 00000000 ____D C:\Program Files (x86)\Safer Technologies
    2017-03-07 23:51 - 2017-03-08 00:00 - 00000000 ____D C:\Users\Holly\Documents\depends22_x86
    2017-03-01 21:26 - 2017-03-01 21:26 - 00000000 ____D C:\Users\Holly\AppData\Roaming\pandasecuritytb

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-03-16 21:33 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
    2017-03-16 21:17 - 2015-02-10 15:10 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2017-03-16 20:56 - 2016-06-19 18:15 - 00000000 ____D C:\ProgramData\Advent
    2017-03-16 20:53 - 2012-07-06 08:28 - 00000828 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    2017-03-15 23:08 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-03-15 23:07 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-03-15 22:56 - 2017-01-21 12:30 - 00000000 ____D C:\ProgramData\panda_url_filtering
    2017-03-15 22:09 - 2012-10-10 20:52 - 00000000 ____D C:\Users\Holly\AppData\Local\Adobe
    2017-03-08 23:09 - 2016-06-19 18:19 - 01013760 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-03-08 23:06 - 2012-07-06 08:45 - 01179761 _____ C:\WINDOWS\system32\fastboot.set
    2017-03-08 23:03 - 2016-04-27 06:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-03-08 23:03 - 2015-10-30 06:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2017-03-08 22:42 - 2016-06-19 18:58 - 00002422 _____ C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-03-08 22:42 - 2016-06-19 18:58 - 00000000 ___RD C:\Users\Holly\OneDrive
    2017-03-08 21:50 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
    2017-03-08 21:16 - 2013-11-20 22:24 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-03-08 02:36 - 2016-04-27 06:29 - 00395936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-03-08 02:36 - 2013-04-19 00:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-03-08 02:36 - 2013-04-19 00:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-03-08 02:36 - 2012-07-06 08:38 - 00000000 ____D C:\Program Files\Google
    2017-03-08 02:36 - 2012-07-06 08:37 - 00000000 ____D C:\Program Files (x86)\Google
    2017-03-08 01:41 - 2013-07-18 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-03-08 00:37 - 2012-10-10 21:01 - 00000000 ____D C:\Users\Holly\AppData\Local\Google
    2017-03-07 23:54 - 2012-10-10 03:44 - 00000000 ____D C:\Users\Holly\AppData\Local\VirtualStore
    2017-03-07 22:55 - 2017-01-21 12:29 - 00000000 ____D C:\Users\Holly\AppData\LocalLow\pandasecuritytb
    2017-03-07 22:45 - 2016-10-29 14:32 - 00000000 ____D C:\Users\Holly\AppData\Local\Avg
    2017-03-07 22:45 - 2014-12-11 15:26 - 00000000 ____D C:\ProgramData\MFAData
    2017-03-07 22:44 - 2016-10-29 14:32 - 00000000 ____D C:\Users\Holly\AppData\Local\AvgSetupLog
    2017-03-07 22:43 - 2015-10-30 07:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
    2017-03-07 22:27 - 2015-10-30 06:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM

    ==================== Files in the root of some directories =======

    2014-12-20 00:20 - 2014-12-20 00:20 - 0000034 _____ () C:\Users\Holly\AppData\Roaming\AdobeWLCMCache.dat
    2015-01-30 12:51 - 2015-02-10 15:05 - 0000000 _____ () C:\Users\Holly\AppData\Local\nnryabvq.log
    2015-01-27 20:14 - 2015-01-27 20:14 - 0000000 _____ () C:\Users\Holly\AppData\Local\ogfksojr.log
    2015-01-27 20:15 - 2015-01-29 21:59 - 0000000 _____ () C:\Users\Holly\AppData\Local\quohpobk.log
    2012-10-10 20:47 - 2012-10-10 20:47 - 0017408 _____ () C:\Users\Holly\AppData\Local\WebpageIcons.db
    2015-01-27 20:08 - 2015-01-27 20:08 - 0000064 _____ () C:\ProgramData\ghkjcghv.log

    Some files in TEMP:
    ====================
    2016-10-29 14:32 - 2016-10-29 14:32 - 2892128 _____ (AVG Technologies) C:\Users\Holly\AppData\Local\Temp\avg-5c1bf30f-eaf5-4137-84c4-732e24298521.exe
    2017-03-08 01:39 - 2017-03-08 01:39 - 2612600 _____ (Microsoft Corporation) C:\Users\Holly\AppData\Local\Temp\DefaultPack.EXE
    2017-03-08 01:06 - 2017-03-08 02:35 - 0000000 _____ () C:\Users\Holly\AppData\Local\Temp\temp~.DLL
    2017-03-08 01:06 - 2017-03-08 02:35 - 0000000 _____ () C:\Users\Holly\AppData\Local\Temp\temp~.EXE
    2017-01-21 12:25 - 2017-01-21 12:27 - 57780944 _____ (Panda Security, S.L.) C:\Users\Holly\AppData\Local\Temp\{D7A1FC18-FD86-4A01-970B-8EF0F3FF24D9}.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-03-15 22:20

    ==================== End of FRST.txt ============================

     

    Addition:

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
    Ran by Holly (16-03-2017 21:45:11)
    Running from C:\Users\Holly\Downloads
    Windows 10 Home Version 1511 (X64) (2016-06-19 18:51:20)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3491399957-4132394281-3865697256-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3491399957-4132394281-3865697256-503 - Limited - Disabled)
    Guest (S-1-5-21-3491399957-4132394281-3865697256-501 - Limited - Disabled)
    Holly (S-1-5-21-3491399957-4132394281-3865697256-1000 - Administrator - Enabled) => C:\Users\Holly
    HomeGroupUser$ (S-1-5-21-3491399957-4132394281-3865697256-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Panda Protection (Enabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Panda Protection (Enabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
    FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
    Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
    ADVENT AIO Printer (Version: 2.0.0.0 - DSGi) Hidden
    Advent AIO Software (HKLM-x32\...\{27B5D9DE-D57D-48ee-A4F1-DC3D9DA0DF57}) (Version: 2.1.4.0 - Advent)
    Advent Essentials (x32 Version: 1.0.0.0 - DSGi) Hidden
    aioscnnr (x32 Version: 1.0.6.0 - DSGi) Hidden
    Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.7.42.71192 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader (x32 Version: 3.7.42.71192 - Alcor Micro Corp.) Hidden
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.103 - Atheros)
    Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.9.9 - Atheros Communications Inc.)
    Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
    Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.01 - Canon Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
    Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35132 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
    Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
    Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
    iscsicli (HKLM\...\{f48a0c57-7c48-461c-9957-ab255ddc986e}.sdb) (Version:  - )
    iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Launch Manager (HKLM-x32\...\{CDF13D74-E6AA-4006-818A-B360D6A3573C}) (Version: 1.0.1 - Wistron Corp.)
    Lenovo EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.56007.2 - Sonix)
    Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
    Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
    Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3491399957-4132394281-3865697256-1000\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    ocr (x32 Version: 6.0.0.0 - Eastman Kodak Company) Hidden
    Panda Devices Agent (x32 Version: 1.03.08 - Panda Security) Hidden
    Panda Devices Agent (x32 Version: 1.08.00 - Panda Security) Hidden
    Panda Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.00.00.0000 - Panda Security)
    Panda Protection (Version: 8.85.00 - Panda Security) Hidden
    Panda Safe Web (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.21 - Panda Security and Visicom Media Inc.)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.1 - Google, Inc.)
    Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
    PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6549 - Realtek Semiconductor Corp.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
    TechUtilities (HKLM\...\TechUtilities_is1) (Version: 1.1.3.8 - Seven Servos Software Pvt Ltd.)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
    UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
    VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
    Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3491399957-4132394281-3865697256-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\rdpencom.dll => No File <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03AB2D45-BD42-499F-B197-0EAC35C702A0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {08B4701A-52BB-46ED-8020-C69D4E65D597} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
    Task: {09053192-97D6-472D-8807-2AA5E77CF4E7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {0A1DEF39-36BA-43A7-AAA1-AF74118FF18D} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {0CA14F60-87D0-4C32-805F-AEFEC13BC693} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {1053E428-A3F9-4B4F-8410-067681FCCFD0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {14602A37-CBD2-43C1-A0FE-17D49F7472EF} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
    Task: {1E8E6C44-C693-4B0F-97C3-29D831D85293} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {1EFB70EC-236E-4A48-BAB0-DA05176A8583} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {28E9D65F-28DB-408E-8ECB-6407A4D612D9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
    Task: {30502153-A319-40F3-8107-B1BFE81437A0} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => %ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
    Task: {32C2E8CC-1E6C-4B45-B400-791C3AC2ECFC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {33915678-FB62-4DEA-857E-2FE03953B47A} - System32\Tasks\AdobeAAMUpdater-1.0-Hollys-Laptop-Holly => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
    Task: {370547C1-4639-44B0-92D8-782A5D11F142} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-19] (Adobe Systems Incorporated)
    Task: {377CAF9A-D82A-4C53-8FF4-5F98298B890F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {38AF8E04-6A19-492E-94B3-8628ECF53A78} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {3DC5FBBD-2276-4341-8179-BC2CDD874091} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    Task: {4448929B-213E-44CF-9193-6F05A7DEACB4} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
    Task: {4C91DD99-4A30-43E5-A3B8-9F9F70A512CE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {4CAF7290-0C81-4D17-AFD3-274AE33EDA09} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
    Task: {4EA62D17-948A-4454-BEE4-5BF692E60212} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {5BA0C3D7-6590-4C24-97D3-E0D903539E06} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {71C287B9-BE84-4C61-A990-39CA642C52A8} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
    Task: {72B17259-5E8B-4E06-8BFF-34C4247082B5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {769CFCFA-D598-4EE3-BC6B-AA25099D5A49} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
    Task: {77242815-18B6-41F8-87E6-C6C18196139F} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
    Task: {797270F1-EB64-46EE-9046-3D55F0F6767C} - \MirageAgent -> No File <==== ATTENTION
    Task: {79FBF79C-AC73-41EF-B482-DE1122ED77AC} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
    Task: {7FBF203A-77FE-4377-AB4C-47E1993AB8F7} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
    Task: {8630F2A2-7597-4E9F-AEB8-554A592ABFF1} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
    Task: {8E28FD27-9B94-4F77-BDB1-ABE4F150EFBC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
    Task: {90C00DFC-D2B3-4FB6-8F74-F9E757E4C588} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe [2017-01-25] (Seven Servos Software, Pvt Ltd.)
    Task: {91E02FDE-0C6D-41C8-BCDC-994149CD0AFB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {9200E954-5008-4289-888C-989FDF4CFE12} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {950BD223-2723-45E2-8946-023B16FD4FCA} - System32\Tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeNowTask => %SystemRoot%\System32\GWX\GWXUXWorker.exe
    Task: {96780DD9-B3F3-4D56-A9AF-E174D834754E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {9EC542EB-0353-4A4F-9FDB-AEDE82883F54} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
    Task: {9F4802AB-08C1-4BD1-A0F7-5E778ABB731D} - \CreateChoiceProcessTask -> No File <==== ATTENTION
    Task: {A68A07DA-D726-4F43-9C23-BECA15DCD170} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
    Task: {AD5F8642-5E11-4545-A683-89792813F988} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {B74B4BDB-BCC2-49B3-BC30-778E2A7398E6} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {C474A469-15FE-477D-A418-367D91347D3D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
    Task: {C6BB450B-27D2-4C36-A258-5DEAACD4B129} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {C8E1E41A-722B-48B9-85B2-632A5AAE4481} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {D8F31D14-198C-4809-AC27-38B73711A2DA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {DC8ECD79-5A38-4D31-9358-4F826C95CC78} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {DF886BEB-1784-467B-BC0F-75D6FAB3BF48} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {E266D999-BF25-4F03-B588-5AC7164063C1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {E9AB574A-E83E-41AD-8D9A-6FB6A47E3024} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {EB36F7EC-F15D-4688-8A71-75091BBB3776} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {EB99F1DA-8069-4BE0-B79E-A17E2C5E362E} - System32\Tasks\4701 => Wscript.exe C:\Users\Holly\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    Task: {F73AD4DB-A9B1-4217-B176-F83FFF9A4C28} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
    Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
    Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    Task: C:\WINDOWS\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe -t  C:\Program Files\TechUtilities\TechUtilities.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2012-07-06 08:27 - 2011-12-16 04:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-09-22 08:53 - 2016-07-01 04:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-09-22 08:53 - 2016-07-01 04:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2016-04-27 06:10 - 2016-04-27 06:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-09-22 08:55 - 2016-07-01 03:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-09-22 08:53 - 2016-07-01 03:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-09-22 08:53 - 2016-07-01 03:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-09-22 08:53 - 2016-07-01 03:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-09-22 08:53 - 2016-07-01 03:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2016-06-19 19:29 - 2016-06-19 19:29 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2016-09-19 14:04 - 2016-09-19 14:04 - 00131064 _____ () C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll
    2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-12-15 17:17 - 2015-12-15 17:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
    2012-07-06 08:17 - 2011-11-30 03:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
    2012-07-06 08:27 - 2011-12-16 02:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
    2016-06-19 19:29 - 2016-06-19 19:29 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-06-19 19:29 - 2016-06-19 19:29 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:373E1720 [290]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-3491399957-4132394281-3865697256-1000\...\trovi.com -> hxxp://www.trovi.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 02:34 - 2015-02-10 15:30 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1       localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3491399957-4132394281-3865697256-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Holly\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: ADStatusMonitor => C:\Program Files (x86)\Advent\AiO\StatusMonitor\ADStatusMonitor.exe
    MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    MSCONFIG\startupreg: Energy Management => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    MSCONFIG\startupreg: EnergyUtility => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: JoxeyUxudu => regsvr32.exe "C:\ProgramData\JoxeyUxudu\QojxeTapog.nko"
    MSCONFIG\startupreg: Lenovo EE Boot Optimizer => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
    MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
    MSCONFIG\startupreg: RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    MSCONFIG\startupreg: SynLenovoGestureMgr => %ProgramFiles%\Synaptics\SynTP\SynLenovoGestureMgr.exe
    MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    MSCONFIG\startupreg: UpdateP2GShortCut => "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
    MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
    MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    MSCONFIG\startupreg: YgwIjnwv => :\Users\Holly\AppData\Local\qafvynnf\ygwijnwv.ex
    MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
    MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [{9C33170B-2BCE-408D-AC5A-2A564C8C258E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    FirewallRules: [{C1A1668D-0D94-4A6B-A752-D1D5312F1A6D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    FirewallRules: [{07B8719D-5E74-4BC3-97AF-EF5314568E7C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{92543B6D-BF64-4D88-B3DC-918E9F0332C9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{DFF2D37E-DA45-4AD1-BB4C-DB9342FA6A35}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{FFB7D1CD-31EE-4D43-BC70-68070EC6010D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{CBA80CBC-77D5-401B-95A9-AF0457297550}] => (Allow) C:\Windows\taskmgr.exe
    FirewallRules: [{AA03C6E2-4FD7-4EDC-A7C0-CAF0837F156A}] => (Allow) C:\Windows\taskmgr.exe
    FirewallRules: [{BFC3B8ED-1045-494C-B612-43D9988B0896}] => (Allow) C:\Windows\wauctla.exe
    FirewallRules: [{38A20C78-2A43-4057-8AB3-5C6A64564861}] => (Allow) C:\Windows\wauctla.exe
    FirewallRules: [{C574EAD3-5E5A-4730-A4E9-28E1D252C201}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{FA6B7DFB-0C3D-4A80-897D-EDDA7499138D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{5B0D56A7-4210-4984-BC77-FD6E51123527}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{FA3769CA-C753-477F-A7CC-6904CCB2CE87}] => (Allow) LPort=5353
    FirewallRules: [{ED36D913-2C62-4ADD-B3D4-E15496CD879D}] => (Allow) LPort=9333
    FirewallRules: [{7AAEFFF1-FDFE-40E2-A422-CD0B22C32380}] => (Allow) C:\ProgramData\Advent\Installer\Setup.exe
    FirewallRules: [{D7555FCC-C864-4352-8F35-5B479CDF69A1}] => (Allow) C:\ProgramData\Advent\Installer\Setup.exe
    FirewallRules: [{F880F847-4210-45E9-AF1D-CC5B2D3F3EE3}] => (Allow) C:\Program Files (x86)\Advent\AIO\Firmware\AdventAIOUpdater.exe
    FirewallRules: [{E88832C7-7663-4ECE-8F49-9B442D36B0C6}] => (Allow) C:\Program Files (x86)\Advent\AIO\Firmware\AdventAIOUpdater.exe
    FirewallRules: [{797EF541-662E-4ED3-AB97-7FCAB4EA130B}] => (Allow) C:\Program Files (x86)\Advent\AIO\Center\AdNetworkPrinterDiscovery.exe
    FirewallRules: [{D09BA683-E3FC-4185-80C9-07953A915E7D}] => (Allow) C:\Program Files (x86)\Advent\AIO\Center\AdNetworkPrinterDiscovery.exe
    FirewallRules: [{F417BD5C-787D-4418-9105-891E05E0736A}] => (Allow) C:\Program Files (x86)\Advent\AIO\Center\Advent.Statistics.exe
    FirewallRules: [{C2E90CF5-22CD-47CC-8EB4-98734C460730}] => (Allow) C:\Program Files (x86)\Advent\AIO\Center\Advent.Statistics.exe
    FirewallRules: [{9303FD26-8B59-45E6-913E-98777B7F1607}] => (Allow) LPort=5353
    FirewallRules: [{CB085A80-E16F-4F39-A9B6-F8E44653854E}] => (Allow) LPort=9333
    FirewallRules: [{39CD686F-DC21-49B8-9DE5-9E7BC229BBDC}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
    FirewallRules: [{B4DD64A4-BEC4-4249-A030-CBB8F5264732}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
    FirewallRules: [{4646A121-D772-476F-B616-A6C4DE055139}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{9F821BA3-4324-4A86-ADF2-2A22CF8A56D1}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{B50C924F-7174-4341-B67B-8F21F3184727}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
    FirewallRules: [{18025E02-06DD-48CC-88B2-BA0618FB1ECF}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
    FirewallRules: [{CD53AC72-0B06-48BB-8A90-D34D097486C0}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{A28128E4-3EE0-4116-90D1-0424B1E283A7}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{78BA94A2-D691-41B3-907D-E760B8C389F0}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
    FirewallRules: [{DC17A584-0D4D-42ED-91F5-A0D54E3FAE76}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
    FirewallRules: [{F1A7B450-18B9-4590-B704-8595CA6F05C4}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
    FirewallRules: [{0CD5F2E3-9BF9-42C3-A6CE-478D9B39CF78}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
    FirewallRules: [{31FDB769-8BA2-4BBB-9C6E-B9745089EA8F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C115D850-AE29-4838-85CA-7C7B54468553}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{ECC65C0C-ADA1-4FD5-8842-2D664098AC55}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{8B31B804-7224-422D-8530-75420D8D23EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{79ACE6CA-4FF9-40BE-BA2F-87E109F9DF85}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{68D5B911-D0CF-44A4-9FEC-F2C838661E8F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{B56234D1-A3F4-4B76-8C36-9F3A54A2FA56}] => (Allow) LPort=1900
    FirewallRules: [{D2C140BB-9281-4F16-9D2E-DE2F2602E036}] => (Allow) LPort=2869
    FirewallRules: [{46553C05-C6A0-4EBA-94A9-42A26594CA3C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{E7999DC6-4816-4081-92FB-3A99F4087BD6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{9ABA1007-100B-4D6E-AB46-E0879F68709D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{14D26DA1-D7AD-4AD1-8666-1DA98E8F9D26}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
    FirewallRules: [{0A47DD90-96B6-412C-AB97-B5A3AF934713}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
    FirewallRules: [{3E9B962B-3C88-4BAE-957F-9245CB06CB6E}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
    FirewallRules: [{B684E1D5-CFBD-40AD-8915-17F68FCB5722}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
    FirewallRules: [{F774A420-4C1D-4E99-A5A1-B0571B113FEB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    08-03-2017 22:47:14 OTL Restore Point - 3/8/2017 10:47:14 PM

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/15/2017 10:42:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Hollys-Laptop)
    Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/15/2017 10:28:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2375

    Error: (03/15/2017 10:28:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2375

    Error: (03/15/2017 10:28:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (03/15/2017 10:28:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1156

    Error: (03/15/2017 10:28:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1156

    Error: (03/15/2017 10:28:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (03/15/2017 08:46:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1363391

    Error: (03/15/2017 08:46:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1363391

    Error: (03/15/2017 08:46:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    System errors:
    =============
    Error: (03/15/2017 11:19:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_f23cf9 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (03/15/2017 11:19:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_f23cf9 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (03/15/2017 11:19:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_f23cf9 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (03/15/2017 11:19:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_f23cf9 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (03/15/2017 10:28:39 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    Error: (03/15/2017 09:03:55 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    Error: (03/15/2017 08:50:58 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    Error: (03/15/2017 08:50:38 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    Error: (03/15/2017 08:50:11 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    Error: (03/15/2017 08:47:02 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    CodeIntegrity:
    ===================================
      Date: 2017-03-07 22:24:13.280
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-03-07 22:24:13.263
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-03-01 21:32:00.342
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-03-01 21:32:00.322
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-03-01 21:18:09.034
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-03-01 21:18:09.000
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-03-01 21:13:59.485
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-03-01 21:13:59.468
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-03-01 21:12:59.432
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-03-01 21:12:59.389
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    ==================== Memory info ===========================

    Processor: Intel® Celeron® CPU B820 @ 1.70GHz
    Percentage of memory in use: 49%
    Total physical RAM: 5989.41 MB
    Available physical RAM: 3032.18 MB
    Total Virtual: 12133.41 MB
    Available Virtual: 9152.95 MB

    ==================== Drives ================================

    Drive c: (Windows7_OS) (Fixed) (Total:653.44 GB) (Free:607.54 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:11.87 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 914BCE41)
    Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=653.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)

    ==================== End of Addition.txt ============================


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 18,779 posts
    • MVP
    Uninstall Bonjour.  Your version is not W10 compatible.  You will get a new version when you update Apple software.
     
    Download the attached fixlist.txt to the same location as FRST
     
    Attached File  fixlist.txt   28.98KB   11 downloads
     
    Run FRST and press Fix.  PC will reboot.
    A fix log will be generated please post that 
     
     
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     

    • 0

    #5
    walters12

    walters12

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Sent documents requested as attachments. Won't allow me to copy and paste for some reason.

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
    Ran by Holly (administrator) on HOLLYS-LAPTOP (17-03-2017 09:19:33)
    Running from C:\Users\Holly\Downloads
    Loaded Profiles: Holly (Available Profiles: Holly)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Advent) C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe
    (DSGi) C:\Program Files (x86)\Advent\AIO\StatusMonitor\ADPrinterSDK.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
    (Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Wistron Corp.) C:\Program Files\Launch Manager\HotkeyApp.exe
    (DSGi) C:\Program Files (x86)\Advent\AIO\StatusMonitor\ADStatusMonitor.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\System32\PickerHost.exe
     
    ==================== Registry (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
    HKLM-x32\...\Run: [{CDF13D74-E6AA-4006-818A-B360D6A3573C}] => C:\Program Files\Launch Manager\HotkeyApp.exe [415272 2012-03-01] (Wistron Corp.)
    HKLM-x32\...\Run: [ADStatusMonitor] => C:\PROGRAM FILES (X86)\ADVENT\AIO\STATUSMONITOR\ADStatusMonitor.exe [2790816 2012-10-31] (DSGi)
    HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [114480 2016-10-27] (Panda Security, S.L.)
    HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{8f060a73-d381-4daa-80ac-0643fe10e761}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{9836a2a1-04cc-4bdc-b6cb-25062c807e97}: [DhcpNameServer] 172.168.130.2
     
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3491399957-4132394281-3865697256-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
    BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2016-09-19] ()
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-10-28] (Atheros Commnucations)
    BHO-x32: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2016-09-19] ()
    Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2016-09-19] ()
    Toolbar: HKLM-x32 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2016-09-19] ()
     
    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2009-05-01] (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-21] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-21] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
     
    Chrome: 
    =======
    CHR DefaultProfile: Default
    CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
    CHR Profile: C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default [2017-03-07]
    CHR Extension: (Google Drive) - C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
    CHR Extension: (YouTube) - C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
    CHR Extension: (Google Search) - C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
    CHR Extension: (Google Docs Offline) - C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-26]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22]
    CHR Extension: (Gmail) - C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-27]
    CHR Extension: (Chrome Media Router) - C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-01]
    CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
     
    ==================== Services (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 Advent AiO Network Discovery Service; C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe [395200 2012-10-31] (Advent)
    R2 ADVENT AIO Status Monitor Service; C:\Program Files (x86)\Advent\AIO\StatusMonitor\ADPrinterSDK.exe [722336 2012-10-31] (DSGi)
    S4 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited)
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
    R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109816 2016-10-24] (Panda Security, S.L.)
    R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
    R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-11-06] (Visicom Media Inc.)
    R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-10-27] (Panda Security, S.L.)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
    R2 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [119848 2011-12-21] (Wistron Corp.)
    R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-28] (Atheros) [File not signed]
     
    ===================== Drivers (Whitelisted) ======================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2014-12-11] (AVG Technologies)
    S4 DamageGuard; C:\WINDOWS\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-11] (Lenovo)
    S4 dgFltr; C:\WINDOWS\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-06-20] (Malwarebytes Corporation)
    R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [106928 2016-07-05] (Panda Security, S.L.)
    R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211376 2016-07-05] (Panda Security, S.L.)
    R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [119728 2016-07-05] (Panda Security, S.L.)
    R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [125872 2016-07-05] (Panda Security, S.L.)
    R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [80152 2016-07-06] (Panda Security, S.L.)
    R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [116656 2016-07-05] (Panda Security, S.L.)
    R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [90032 2016-07-05] (Panda Security, S.L.)
    R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [135088 2016-07-05] (Panda Security, S.L.)
    R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [335792 2016-07-05] (Panda Security, S.L.)
    R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [197040 2016-07-05] (Panda Security, S.L.)
    R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [123312 2016-07-05] (Panda Security, S.L.)
    R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [278960 2016-07-05] (Panda Security, S.L.)
    R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [125360 2016-07-05] (Panda Security, S.L.)
    R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
    R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [179120 2016-10-24] (Panda Security, S.L.)
    R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [130992 2016-10-24] (Panda Security, S.L.)
    R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207792 2016-10-24] (Panda Security, S.L.)
    R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [133552 2016-10-24] (Panda Security, S.L.)
    R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [146864 2016-10-24] (Panda Security, S.L.)
    R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [117168 2016-10-24] (Panda Security, S.L.)
    R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [72112 2016-08-09] (Panda Security, S.L.)
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-03-17 08:04 - 2017-03-17 09:17 - 00048042 _____ C:\Users\Holly\Downloads\Fixlog.txt
    2017-03-16 21:41 - 2017-03-16 21:46 - 00051387 _____ C:\Users\Holly\Downloads\Shortcut.txt
    2017-03-16 21:31 - 2017-03-17 08:16 - 00028376 _____ C:\Users\Holly\Downloads\Addition.txt
    2017-03-16 21:29 - 2017-03-17 09:19 - 00016968 _____ C:\Users\Holly\Downloads\FRST.txt
    2017-03-16 21:28 - 2017-03-17 09:19 - 00000000 ____D C:\FRST
    2017-03-16 21:28 - 2017-03-16 21:28 - 02424832 _____ (Farbar) C:\Users\Holly\Downloads\FRST64.exe
    2017-03-16 21:25 - 2017-03-16 21:25 - 01766912 _____ (Farbar) C:\Users\Holly\Downloads\FRST.exe
    2017-03-15 23:17 - 2017-03-15 23:17 - 00028012 _____ C:\Users\Holly\Downloads\Contract Note (3).pdf
    2017-03-15 23:17 - 2017-03-15 23:17 - 00027928 _____ C:\Users\Holly\Downloads\Contract Note (2).pdf
    2017-03-15 23:16 - 2017-03-15 23:16 - 00027936 _____ C:\Users\Holly\Downloads\Contract Note (1).pdf
    2017-03-15 22:59 - 2017-03-15 22:59 - 00027929 _____ C:\Users\Holly\Downloads\Contract Note.pdf
    2017-03-08 23:13 - 2017-03-08 23:13 - 00602112 _____ (OldTimer Tools) C:\Users\Holly\Downloads\OTL (1).exe
    2017-03-08 23:10 - 2017-03-17 07:43 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C03AE0F5-EF8F-44BD-8AB1-34DAC66F4A94}
    2017-03-08 23:02 - 2017-03-08 23:02 - 00000000 ____D C:\_OTL
    2017-03-08 22:42 - 2017-03-08 22:42 - 00003286 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2017-03-08 22:38 - 2017-03-08 23:18 - 00003988 _____ C:\Users\Holly\Downloads\OTL.Txt
    2017-03-08 22:28 - 2017-03-08 22:28 - 00602112 _____ (OldTimer Tools) C:\Users\Holly\Downloads\OTL.exe
    2017-03-08 02:33 - 2017-03-08 02:33 - 01101824 _____ C:\Users\Holly\Downloads\v3.3.90_Dll_Files_Fixer_License_Key_Crack_Free_Download (1).iso
    2017-03-08 02:31 - 2017-03-08 02:31 - 01101824 _____ C:\Users\Holly\Downloads\v3.3.90_Dll_Files_Fixer_License_Key_Crack_Free_Download.iso
    2017-03-08 02:31 - 2017-03-08 02:31 - 00000000 ____D C:\Users\Public\CyberLink
    2017-03-08 02:31 - 2017-03-08 02:31 - 00000000 ____D C:\Users\Holly\AppData\Roaming\CyberLink
    2017-03-08 00:29 - 2017-03-08 00:35 - 00000000 ____D C:\Program Files (x86)\Safer Technologies
    2017-03-07 23:51 - 2017-03-08 00:00 - 00000000 ____D C:\Users\Holly\Documents\depends22_x86
    2017-03-01 21:26 - 2017-03-01 21:26 - 00000000 ____D C:\Users\Holly\AppData\Roaming\pandasecuritytb
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-03-17 09:01 - 2017-01-21 12:29 - 00000000 ____D C:\Users\Holly\AppData\LocalLow\pandasecuritytb
    2017-03-17 08:53 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
    2017-03-17 08:14 - 2016-06-19 18:19 - 01013760 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-03-17 08:11 - 2012-10-10 20:52 - 00000000 ____D C:\Users\Holly\AppData\Local\Adobe
    2017-03-17 08:09 - 2012-07-06 08:45 - 01179915 _____ C:\WINDOWS\system32\fastboot.set
    2017-03-17 08:07 - 2016-06-19 18:15 - 00000000 ____D C:\ProgramData\Advent
    2017-03-17 08:06 - 2017-01-21 12:30 - 00000000 ____D C:\ProgramData\panda_url_filtering
    2017-03-17 08:06 - 2016-04-27 06:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-03-17 08:06 - 2015-10-30 06:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2017-03-17 08:04 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
    2017-03-17 08:04 - 2009-07-14 03:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
    2017-03-17 07:42 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-03-15 23:07 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-03-08 22:42 - 2016-06-19 18:58 - 00002422 _____ C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-03-08 22:42 - 2016-06-19 18:58 - 00000000 ___RD C:\Users\Holly\OneDrive
    2017-03-08 21:50 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
    2017-03-08 21:16 - 2013-11-20 22:24 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-03-08 02:36 - 2016-04-27 06:29 - 00395936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-03-08 02:36 - 2013-04-19 00:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-03-08 02:36 - 2013-04-19 00:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-03-08 02:36 - 2012-07-06 08:38 - 00000000 ____D C:\Program Files\Google
    2017-03-08 02:36 - 2012-07-06 08:37 - 00000000 ____D C:\Program Files (x86)\Google
    2017-03-08 01:41 - 2013-07-18 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-03-08 00:37 - 2012-10-10 21:01 - 00000000 ____D C:\Users\Holly\AppData\Local\Google
    2017-03-07 23:54 - 2012-10-10 03:44 - 00000000 ____D C:\Users\Holly\AppData\Local\VirtualStore
    2017-03-07 22:45 - 2016-10-29 14:32 - 00000000 ____D C:\Users\Holly\AppData\Local\Avg
    2017-03-07 22:45 - 2014-12-11 15:26 - 00000000 ____D C:\ProgramData\MFAData
    2017-03-07 22:44 - 2016-10-29 14:32 - 00000000 ____D C:\Users\Holly\AppData\Local\AvgSetupLog
    2017-03-07 22:44 - 2016-10-29 14:32 - 00000000 ____D C:\ProgramData\Avg
    2017-03-07 22:43 - 2015-10-30 07:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
    2017-03-07 22:27 - 2015-10-30 06:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
     
    ==================== Files in the root of some directories =======
     
    2014-12-20 00:20 - 2014-12-20 00:20 - 0000034 _____ () C:\Users\Holly\AppData\Roaming\AdobeWLCMCache.dat
     
    Some files in TEMP:
    ====================
    2017-01-21 12:25 - 2017-01-21 12:27 - 57780944 _____ (Panda Security, S.L.) C:\Users\Holly\AppData\Local\Temp\{D7A1FC18-FD86-4A01-970B-8EF0F3FF24D9}.exe
     
    ==================== Bamital & volsnap ======================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    LastRegBack: 2017-03-15 22:20
     
    ==================== End of FRST.txt ============================
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
    Ran by Holly (17-03-2017 08:15:25)
    Running from C:\Users\Holly\Downloads
    Windows 10 Home Version 1511 (X64) (2016-06-19 18:51:20)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-3491399957-4132394281-3865697256-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3491399957-4132394281-3865697256-503 - Limited - Disabled)
    Guest (S-1-5-21-3491399957-4132394281-3865697256-501 - Limited - Disabled)
    Holly (S-1-5-21-3491399957-4132394281-3865697256-1000 - Administrator - Enabled) => C:\Users\Holly
    HomeGroupUser$ (S-1-5-21-3491399957-4132394281-3865697256-1002 - Limited - Enabled)
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Panda Protection (Enabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Panda Protection (Enabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
    FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
    Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
    ADVENT AIO Printer (Version: 2.0.0.0 - DSGi) Hidden
    Advent AIO Software (HKLM-x32\...\{27B5D9DE-D57D-48ee-A4F1-DC3D9DA0DF57}) (Version: 2.1.4.0 - Advent)
    Advent Essentials (x32 Version: 1.0.0.0 - DSGi) Hidden
    aioscnnr (x32 Version: 1.0.6.0 - DSGi) Hidden
    Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.7.42.71192 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader (x32 Version: 3.7.42.71192 - Alcor Micro Corp.) Hidden
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.103 - Atheros)
    Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.9.9 - Atheros Communications Inc.)
    Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
    Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.01 - Canon Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
    Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35132 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
    Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
    Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
    iscsicli (HKLM\...\{f48a0c57-7c48-461c-9957-ab255ddc986e}.sdb) (Version:  - )
    iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Launch Manager (HKLM-x32\...\{CDF13D74-E6AA-4006-818A-B360D6A3573C}) (Version: 1.0.1 - Wistron Corp.)
    Lenovo EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.56007.2 - Sonix)
    Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
    Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
    Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3491399957-4132394281-3865697256-1000\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    ocr (x32 Version: 6.0.0.0 - Eastman Kodak Company) Hidden
    Panda Devices Agent (x32 Version: 1.03.08 - Panda Security) Hidden
    Panda Devices Agent (x32 Version: 1.08.00 - Panda Security) Hidden
    Panda Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.00.00.0000 - Panda Security)
    Panda Protection (Version: 8.85.00 - Panda Security) Hidden
    Panda Safe Web (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.21 - Panda Security and Visicom Media Inc.)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.1 - Google, Inc.)
    Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
    PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6549 - Realtek Semiconductor Corp.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
    TechUtilities (HKLM\...\TechUtilities_is1) (Version: 1.1.3.8 - Seven Servos Software Pvt Ltd.)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
    UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
    VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
    Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {1053E428-A3F9-4B4F-8410-067681FCCFD0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {30502153-A319-40F3-8107-B1BFE81437A0} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => %ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe 
    Task: {33915678-FB62-4DEA-857E-2FE03953B47A} - System32\Tasks\AdobeAAMUpdater-1.0-Hollys-Laptop-Holly => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
    Task: {370547C1-4639-44B0-92D8-782A5D11F142} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-19] (Adobe Systems Incorporated)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
     
    ==================== Shortcuts =============================
     
    (The entries could be listed to be restored or removed.)
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2012-07-06 08:27 - 2011-12-16 04:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    2016-09-22 08:53 - 2016-07-01 04:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-09-22 08:53 - 2016-07-01 04:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2016-04-27 06:10 - 2016-04-27 06:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-09-22 08:55 - 2016-07-01 03:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-09-22 08:53 - 2016-07-01 03:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-09-22 08:53 - 2016-07-01 03:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-09-22 08:53 - 2016-07-01 03:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-09-22 08:53 - 2016-07-01 03:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2016-06-19 19:29 - 2016-06-19 19:29 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-12-15 17:17 - 2015-12-15 17:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
    2016-06-19 19:29 - 2016-06-19 19:29 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-06-19 19:29 - 2016-06-19 19:29 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2012-07-06 08:17 - 2011-11-30 03:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
    2012-07-06 08:27 - 2011-12-16 02:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
    AlternateDataStreams: C:\ProgramData\Temp:373E1720 [290]
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
    IE restricted site: HKU\S-1-5-21-3491399957-4132394281-3865697256-1000\...\trovi.com -> hxxp://www.trovi.com
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-14 02:34 - 2015-02-10 15:30 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
     
    127.0.0.1       localhost
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-3491399957-4132394281-3865697256-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Holly\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: ADStatusMonitor => C:\Program Files (x86)\Advent\AiO\StatusMonitor\ADStatusMonitor.exe
    MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    MSCONFIG\startupreg: Energy Management => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    MSCONFIG\startupreg: EnergyUtility => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: JoxeyUxudu => regsvr32.exe "C:\ProgramData\JoxeyUxudu\QojxeTapog.nko"
    MSCONFIG\startupreg: Lenovo EE Boot Optimizer => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
    MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
    MSCONFIG\startupreg: RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    MSCONFIG\startupreg: SynLenovoGestureMgr => %ProgramFiles%\Synaptics\SynTP\SynLenovoGestureMgr.exe
    MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    MSCONFIG\startupreg: UpdateP2GShortCut => "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
    MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
    MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    MSCONFIG\startupreg: YgwIjnwv => :\Users\Holly\AppData\Local\qafvynnf\ygwijnwv.ex
    MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
    MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [{CBA80CBC-77D5-401B-95A9-AF0457297550}] => (Allow) C:\Windows\taskmgr.exe
    FirewallRules: [{AA03C6E2-4FD7-4EDC-A7C0-CAF0837F156A}] => (Allow) C:\Windows\taskmgr.exe
    FirewallRules: [{BFC3B8ED-1045-494C-B612-43D9988B0896}] => (Allow) C:\Windows\wauctla.exe
    FirewallRules: [{38A20C78-2A43-4057-8AB3-5C6A64564861}] => (Allow) C:\Windows\wauctla.exe
    FirewallRules: [{5B0D56A7-4210-4984-BC77-FD6E51123527}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{FA3769CA-C753-477F-A7CC-6904CCB2CE87}] => (Allow) LPort=5353
    FirewallRules: [{ED36D913-2C62-4ADD-B3D4-E15496CD879D}] => (Allow) LPort=9333
    FirewallRules: [{7AAEFFF1-FDFE-40E2-A422-CD0B22C32380}] => (Allow) C:\ProgramData\Advent\Installer\Setup.exe
    FirewallRules: [{D7555FCC-C864-4352-8F35-5B479CDF69A1}] => (Allow) C:\ProgramData\Advent\Installer\Setup.exe
    FirewallRules: [{F880F847-4210-45E9-AF1D-CC5B2D3F3EE3}] => (Allow) C:\Program Files (x86)\Advent\AIO\Firmware\AdventAIOUpdater.exe
    FirewallRules: [{E88832C7-7663-4ECE-8F49-9B442D36B0C6}] => (Allow) C:\Program Files (x86)\Advent\AIO\Firmware\AdventAIOUpdater.exe
    FirewallRules: [{797EF541-662E-4ED3-AB97-7FCAB4EA130B}] => (Allow) C:\Program Files (x86)\Advent\AIO\Center\AdNetworkPrinterDiscovery.exe
    FirewallRules: [{D09BA683-E3FC-4185-80C9-07953A915E7D}] => (Allow) C:\Program Files (x86)\Advent\AIO\Center\AdNetworkPrinterDiscovery.exe
    FirewallRules: [{F417BD5C-787D-4418-9105-891E05E0736A}] => (Allow) C:\Program Files (x86)\Advent\AIO\Center\Advent.Statistics.exe
    FirewallRules: [{C2E90CF5-22CD-47CC-8EB4-98734C460730}] => (Allow) C:\Program Files (x86)\Advent\AIO\Center\Advent.Statistics.exe
    FirewallRules: [{9303FD26-8B59-45E6-913E-98777B7F1607}] => (Allow) LPort=5353
    FirewallRules: [{CB085A80-E16F-4F39-A9B6-F8E44653854E}] => (Allow) LPort=9333
    FirewallRules: [{79ACE6CA-4FF9-40BE-BA2F-87E109F9DF85}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{68D5B911-D0CF-44A4-9FEC-F2C838661E8F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{B56234D1-A3F4-4B76-8C36-9F3A54A2FA56}] => (Allow) LPort=1900
    FirewallRules: [{D2C140BB-9281-4F16-9D2E-DE2F2602E036}] => (Allow) LPort=2869
    FirewallRules: [{46553C05-C6A0-4EBA-94A9-42A26594CA3C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{14D26DA1-D7AD-4AD1-8666-1DA98E8F9D26}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
    FirewallRules: [{0A47DD90-96B6-412C-AB97-B5A3AF934713}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
    FirewallRules: [{3E9B962B-3C88-4BAE-957F-9245CB06CB6E}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
    FirewallRules: [{B684E1D5-CFBD-40AD-8915-17F68FCB5722}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
    FirewallRules: [{F774A420-4C1D-4E99-A5A1-B0571B113FEB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
    ==================== Restore Points =========================
     
    08-03-2017 22:47:14 OTL Restore Point - 3/8/2017 10:47:14 PM
    17-03-2017 07:57:27 Removed Bonjour
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (03/17/2017 08:08:20 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: utilman.exe, version: 10.0.10586.0, time stamp: 0x5632d7bf
    Faulting module name: DUI70.dll, version: 10.0.10586.494, time stamp: 0x5775e2de
    Exception code: 0xc0000005
    Fault offset: 0x000000000003eb7e
    Faulting process id: 0x11b8
    Faulting application start time: 0x01d29ef595b1b21a
    Faulting application path: C:\WINDOWS\system32\utilman.exe
    Faulting module path: C:\WINDOWS\system32\DUI70.dll
    Report Id: 53a43210-4718-4342-85b3-ae312c0eea5a
    Faulting package full name: 
    Faulting package-relative application ID:
     
     
    System errors:
    =============
    Error: (03/17/2017 08:06:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
     
    Error: (03/17/2017 08:05:51 AM) (Source: DCOM) (EventID: 10010) (User: Hollys-Laptop)
    Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
     
    Error: (03/17/2017 08:05:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_27c5dc4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
     
    Error: (03/17/2017 08:05:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_27c5dc4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
     
    Error: (03/17/2017 08:05:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_27c5dc4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
     
    Error: (03/17/2017 08:05:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_27c5dc4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Celeron® CPU B820 @ 1.70GHz
    Percentage of memory in use: 29%
    Total physical RAM: 5989.41 MB
    Available physical RAM: 4245.3 MB
    Total Virtual: 12133.41 MB
    Available Virtual: 10448.81 MB
     
    ==================== Drives ================================
     
    Drive c: (Windows7_OS) (Fixed) (Total:653.44 GB) (Free:607.57 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:11.87 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 914BCE41)
    Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=653.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)
     
    ==================== End of Addition.txt ============================

    Attached Files


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 18,779 posts
    • MVP

    Search for 

     

    services.msc

    hit Enter

     

    scroll down to 

    Net.Tcp Listener Adapter

    and right click and select Properties.  Change the Startup Type: to Disabled. OK

     

    There are usually 4 services which start with Net. something.  Make sure they are all set to Disabled.  (If there is no . after net then leave them alone).  These are sometimes turned on by mistake by the windows 10 upgrade.  Don't really hurt anything just slow the boot a tad.

     

    Copy the next line:
    DISM  /Online  /Cleanup-Image  /RestoreHealth
    Open an elevated command prompt:
     
     
     
    If you open an elevated command prompt it will by default open in c:\Windows\system32
     
    Once you have an elevated command prompt:
     
    Right click and Paste (or Edit then Paste) and the copied line will appear.  Hit Enter.
     
    This will take a while to complete.  If it can't complete or gives you an error let me know.  Once the prompt returns:
     
    Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
     
    sfc  /scannow
     
     
     
    This will also take a few minutes.  
     
    When it finishes it will say one of the following:
     
    1. Windows did not find any integrity violations (a good thing)
    2. Windows Resource Protection found corrupt files and repaired them (a good thing)
    3. Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)
     

    Which do you get?  1, 2 or 3?

     

     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

     

     

    How is it running now?  Any more problems?

     

    I'm going on a trip today.  Got about a 10 hour drive so won't be on line again until late.  


    • 0

    #7
    walters12

    walters12

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Shows up with error whenever I attempt to run 'DISM  /Online  /Cleanup-Image  /RestoreHealth' on command prompt (error:740 Elevated permissions are required to run DISM. Use elevated command prompt to complete these tasks).

     

    Thanks

     


    • 0

    #8
    walters12

    walters12

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Wait, I believe the magic is happening!


    • 0

    #9
    walters12

    walters12

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    vew = output log. v = application

    Attached Files

    • Attached File  VEW.txt   6.78KB   19 downloads
    • Attached File  v.txt   6.78KB   11 downloads

    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 18,779 posts
    • MVP

    Both logs are the same = system

     

    You have two tasks that are broken.  I can fix one.

     

    Search for:Download the attached zip file.

     

    Save it then right click and Extract All Exrtract.  Note the location of the file.

     

    task scheduler

    hit Enter.

     

    Click on the arror in front of Task Scheduler Library then on  Lenovo.  In the middle pane you should see three tasks.  The top one is Lenovo Customer Feedback Program.  Right click on it and Delete.

    Right click on Lenovo and Import Task.  Point it at the file you just unzipped.  OK.  That should recreate the task so that you again have three tasks.

     

    The other task that is broken is One Drive and I don't have One Drive on my win 10.  I would disable the task for now.  In Task Scheduler, Click on the arrow in front of Microsoft and then on One Drive.  I assume the task is called:

    OneDrive Standalone Update Task v2  Right click on it and Disable.  I expect that reinstalling OneDrive (if you use it would fix the task).

     

    If it made it through DISM and SFC without complaints then things are looking pretty good.  How is it running now?


    • 0

    #11
    walters12

    walters12

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Thanks.

     

    Computer seems to be running okay (Not completed the latest task), not had any issues on boot up. I will do above task shortly. Appreciate all the assistance given!


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP