Nova Rambler Infection - Please help!

This forum is for removing Malware, Spyware, Adware. Post your HijackThis, DDS, RSIT, Combofix logs here.

Moderator: Moderators

Nova Rambler Infection - Please help!

Postby esiso » Thu Apr 20, 2017 5:40 am

Nova Rambler hijacked my Chrome browser a couple weeks ago, but I don't recall the exact software I installed then. I have checked my list of software to uninstall any strange new one, but nothing unusual shows up.

I have tried every suggested solution I've seen, but it's still there. Searches in Firefox seem not to be affected, but searches in chrome always redirect to Nova search (even though I have reset Chrome, removed suspicious additions to its shortcut, removed every search engine except Google, even scanned my system with different malware software). Equally suspicious is that clicking on most links in Chrome redirects and opens new tabs, which wasn't happening before.

This is the log from HJT below. Please help!

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:20:29 AM, on 20-Apr-17
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)

FIREFOX: 52.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\browsernativehost.exe
C:\Program Files (x86)\Adguard\Adguard.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\browsernativehost.exe
C:\Users\kumad\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?bcutc=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?bcutc=sp-006&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE01DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?bcutc=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?bcutc=sp-006&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?bcutc=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Soda PDF 5 IE Helper - {C737F472-1193-4281-BF53-A00B67AB3E19} - C:\Program Files (x86)\Soda PDF 5\PDFIEHelper.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O3 - Toolbar: Soda PDF 8 Toolbar - {A2689669-AD38-4AFD-B370-23E97E2B9D18} - C:\Program Files (x86)\Soda PDF 8\creator-ie-plugin.dll
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
O4 - HKCU\..\Run: [OneDrive] "C:\Users\kumad\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [B6FB95571921934E331CD775874641EC9FB7FB2D._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service /prefetch:8
O4 - HKCU\..\Run: [BlueStacks Agent] C:\Program Files (x86)\Bluestacks\HD-Agent.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_1D561F9312BC72D2A5A5C182583CAD03] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [Adguard] C:\Program Files (x86)\Adguard\Adguard.exe /nosplash
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all with FDM - file://C:/Program Files (x86)/FreeDownloadManager.ORG/Free Download Manager/dlall.htm
O8 - Extra context menu item: Download selected with FDM - file://C:/Program Files (x86)/FreeDownloadManager.ORG/Free Download Manager/dlselected.htm
O8 - Extra context menu item: Download with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Users\kumad\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\kumad\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: NCapture for NVivo - res://C:\Program Files (x86)\QSR\NCapture\Internet Explorer\QSR.NCapture.IE.Resources.dll/101
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: NCapture for NVivo - {b9c5d5a9-2b89-427d-bb30-32f567eaa60d} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: N&Capture for NVivo - {b9c5d5a9-2b89-427d-bb30-32f567eaa60d} - mscoree.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 4564222912
O17 - HKLM\System\CCS\Services\Tcpip\..\{06af8416-d71a-4be2-8027-a63c7983490c}: NameServer = 172.24.8.50,172.24.8.52
O17 - HKLM\System\CCS\Services\Tcpip\..\{d9847769-c5d1-495e-98a4-938c9963445e}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{06af8416-d71a-4be2-8027-a63c7983490c}: NameServer = 172.24.8.50,172.24.8.52
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adguard Service - Performix LLC - C:\Program Files (x86)\Adguard\AdguardSvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @oem11.inf,%fpCSEvtService_SvcDesc%;fpCSEvtSvc (fpCsEvtSvc) - Unknown owner - C:\Windows\system32\fpCSEvtSvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem13.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\Windows\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Printer Dianostics Service - Unknown owner - C:\Windows\system32\\spdsvc.exe
O23 - Service: Samsung UPD Utility Service (SamsungUPDUtilSvc) - Unknown owner - C:\Windows\SysWoW64\SecUPDUtilSvc.exe
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soda PDF 8 - LULU SOFTWARE LIMITED - C:\Program Files\Soda PDF 8\ws.exe
O23 - Service: Soda PDF 8 CrashHandler - LULU SOFTWARE LIMITED - C:\Program Files\Soda PDF 8\crash-handler-ws.exe
O23 - Service: Soda PDF 8 Creator - LULU SOFTWARE LIMITED - C:\Program Files\Soda PDF 8\creator-ws.exe
O23 - Service: Soda PDF 8 Manager - LULU Software Limited - C:\ProgramData\LULU Software\Soda PDF 8 Manager\Soda PDF 8\Soda Manager.exe
O23 - Service: Soda PDF Desktop - LULU SOFTWARE LIMITED - C:\Program Files\Soda PDF Desktop\ws.exe
O23 - Service: Soda PDF Desktop CrashHandler - LULU SOFTWARE LIMITED - C:\Program Files\Soda PDF Desktop\crash-handler-ws.exe
O23 - Service: Soda PDF Desktop Creator - LULU SOFTWARE LIMITED - C:\Program Files\Soda PDF Desktop\creator-ws.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom ISD Service (WTabletServiceISD) - Wacom Technology, Corp. - C:\Program Files\Tablet\ISD\WTabletServiceISD.exe

--
End of file - 14881 bytes
esiso
 
Posts: 3
Joined: Thu Apr 20, 2017 5:18 am

Re: Nova Rambler Infection - Please help!

Postby patrik » Fri Apr 21, 2017 3:06 am

Hello, welcome to the Myantispyware forums.

Please download Farbar Recovery Scan Tool from here.
* Save it to your desktop.
* Double click on the icon on your desktop.
* Push the "Scan" button.
* The scan should take just a few minutes.
* Two reports will open (FRST.txt and Addition.txt).


Post back with both FRST logs. Post each log in separate post.
patrik
Site Admin
 
Posts: 9313
Joined: Sun Jan 08, 2006 1:11 pm

Re: Nova Rambler Infection - Please help!

Postby esiso » Fri Apr 21, 2017 6:58 am

This is the FRST lod file:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-04-2017
Ran by kumad (administrator) on KUMA-TAB-PC (21-04-2017 07:49:33)
Running from C:\Users\kumad\Desktop
Loaded Profiles: kumad (Available Profiles: defaultuser0 & kumad)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Performix LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(LULU SOFTWARE LIMITED) C:\Program Files\Soda PDF 8\creator-ws.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Windows\SysWOW64\spdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(LULU SOFTWARE LIMITED) C:\Program Files\Soda PDF Desktop\creator-ws.exe
(LULU Software Limited) C:\ProgramData\LULU Software\Soda PDF 8 Manager\Soda PDF 8\Soda Manager.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
() C:\Windows\System32\fpCSEvtSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Performix LLC) C:\Program Files (x86)\Adguard\Adguard.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\browsernativehost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\browsernativehost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe
(FreeDownloadManager.org) C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
() C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8104.42387.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8104.42387.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\kumad\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8515832 2015-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [225280 2017-03-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files (x86)\Connectify\Connectify.exe [4131384 2016-12-14] (Connectify)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-18] (Malwarebytes)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-06] (AVAST Software)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-219130860-3722789173-52809494-1001\...\Run: [B6FB95571921934E331CD775874641EC9FB7FB2D._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-219130860-3722789173-52809494-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [1694344 2016-12-13] (BlueStack Systems, Inc.)
HKU\S-1-5-21-219130860-3722789173-52809494-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-219130860-3722789173-52809494-1001\...\Run: [GoogleChromeAutoLaunch_1D561F9312BC72D2A5A5C182583CAD03] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-219130860-3722789173-52809494-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5622032 2017-03-27] (Performix LLC)
IFEO\bluestacks.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\connectify.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\connectifyshutdown.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\connectifystartup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\connectifysupportcenter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\fdm.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\lastpass.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\lpuninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\soda pdf 5.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\soda_pdf_8_installer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-06] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-06] (AVAST Software)
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-09-22]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 keystone.mwbsys.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{06af8416-d71a-4be2-8027-a63c7983490c}: [NameServer] 172.24.8.50,172.24.8.52
Tcpip\..\Interfaces\{d9847769-c5d1-495e-98a4-938c9963445e}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{d9847769-c5d1-495e-98a4-938c9963445e}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-219130860-3722789173-52809494-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-219130860-3722789173-52809494-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-04-18] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-09-22] (LastPass)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-04-18] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-04-18] (Microsoft Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-09-22] (LastPass)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Soda PDF 5 IE Helper -> {C737F472-1193-4281-BF53-A00B67AB3E19} -> C:\Program Files (x86)\Soda PDF 5\PDFIEHelper.dll [2013-01-29] (LULU Software)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-18] (Microsoft Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-09-22] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-09-22] (LastPass)
Toolbar: HKLM-x32 - Soda PDF 8 Toolbar - {A2689669-AD38-4AFD-B370-23E97E2B9D18} - C:\Program Files (x86)\Soda PDF 8\creator-ie-plugin.dll [2016-04-19] (LULU SOFTWARE LIMITED)
IE Session Restore: HKU\S-1-5-21-219130860-3722789173-52809494-1001 -> is enabled.
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/ ... 4564222912
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-18] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-18] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-18] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-18] (Microsoft Corporation)

Edge:
======
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.44.0_neutral__qq0fmhteeht3j [2017-04-01]

FireFox:
========
FF ProfilePath: C:\Users\kumad\AppData\Roaming\Mozilla\Firefox\Profiles\r8dmf4ze.default-1483473579248 [2017-04-21]
FF NewTab: Mozilla\Firefox\Profiles\r8dmf4ze.default-1483473579248 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\r8dmf4ze.default-1483473579248 -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\r8dmf4ze.default-1483473579248 -> hxxps://www.google.com/search?bcutc=sp-006
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\r8dmf4ze.default-1483473579248 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\r8dmf4ze.default-1483473579248 -> Google
FF Homepage: Mozilla\Firefox\Profiles\r8dmf4ze.default-1483473579248 -> hxxps://www.google.com/?bcutc=sp-006
FF Session Restore: Mozilla\Firefox\Profiles\r8dmf4ze.default-1483473579248 -> is enabled.
FF Keyword.URL: Mozilla\Firefox\Profiles\r8dmf4ze.default-1483473579248 -> hxxps://www.google.com/search?bcutc=sp-006
FF Extension: (Free Download Manager extension) - C:\Users\kumad\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\fdm_ffext@freedownloadmanager.org [2016-11-18]
FF Extension: (Video Downloader Pro) - C:\Users\kumad\AppData\Roaming\Mozilla\Firefox\Profiles\r8dmf4ze.default-1483473579248\Extensions\@video_downloader_pro.xpi [2017-03-28]
FF Extension: (LastPass) - C:\Users\kumad\AppData\Roaming\Mozilla\Firefox\Profiles\r8dmf4ze.default-1483473579248\Extensions\support@lastpass.com [2017-03-28]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\kumad\AppData\Roaming\Mozilla\Firefox\Profiles\r8dmf4ze.default-1483473579248\features\{08607998-5de5-494e-bb2c-330b332a09a7}\disable-cert-transparency@mozilla.org.xpi [2017-04-18]
FF Extension: (Disable Prefetch) - C:\Users\kumad\AppData\Roaming\Mozilla\Firefox\Profiles\r8dmf4ze.default-1483473579248\features\{08607998-5de5-494e-bb2c-330b332a09a7}\disable-prefetch@mozilla.org.xpi [2017-04-18]
FF SearchPlugin: C:\Users\kumad\AppData\Roaming\Mozilla\Firefox\Profiles\r8dmf4ze.default-1483473579248\searchplugins\google-avast.xml [2017-04-05]
FF Extension: (Site Deployment Checker) - C:\Program Files\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-28] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-09]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-09]
FF HKLM\...\Firefox\Extensions: [soda_pdf_8_conv@sodapdf.com] - C:\Program Files\Soda PDF 8\resources\sodapdf8firefoxextension
FF Extension: (Soda PDF 8 Creator) - C:\Program Files\Soda PDF 8\resources\sodapdf8firefoxextension [2016-11-26] [not signed]
FF HKLM\...\Firefox\Extensions: [soda_pdf_desktop_conv@sodapdf.com] - C:\Program Files\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension
FF Extension: (Soda PDF Desktop Creator) - C:\Program Files\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension [2016-11-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [FFSodaPDF5Converter@sodapdf.com] - C:\Program Files (x86)\Soda PDF 5\FFSoda5Ext
FF Extension: (Soda PDF 5 Converter For Firefox) - C:\Program Files (x86)\Soda PDF 5\FFSoda5Ext [2016-09-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-03-14] [not signed]
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-09-22] (LastPass)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-18] (Microsoft Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-09-22] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-04-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-04-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-23] (Google Inc.)
FF Plugin-x32: Soda PDF 8 -> C:\Program Files (x86)\Soda PDF 8\np-previewer.dll [2016-04-19] (LULU SOFTWARE LIMITED)
FF Plugin-x32: Soda PDF Desktop -> C:\Program Files (x86)\Soda PDF Desktop\np-previewer.dll [2016-10-21] (LULU SOFTWARE LIMITED)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.\u003C!doctype html>","hxxp://www.\u003C!doctype html>?type=hppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default [2017-04-21]
CHR Extension: (Yahoo Web) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2017-04-19]
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2017-04-19]
CHR Extension: (Google Drive) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-23]
CHR Extension: (WebCamera360) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnhdeincpllgeldajmlncemfloafomon [2017-04-19]
CHR Extension: (Virtual Piano) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohgcponedmbhgbbdinajeoapmoaifdj [2017-04-19]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-04-19]
CHR Extension: (Video Downloader professional) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-03-26]
CHR Extension: (Avast SafePrice) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-20]
CHR Extension: (Wunderlist New Tab) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgikemaeelgbhjnhnnahcpkjpafaeion [2017-04-19]
CHR Extension: (Google Docs Offline) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-21]
CHR Extension: (Avast Online Security) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-04]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-04-04]
CHR Extension: (Video Downloader Pro) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2017-04-09]
CHR Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2017-04-19]
CHR Extension: (NCapture) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgomjifbpjfhpodjhihemafahhmegbek [2017-03-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-20]
CHR Extension: (Google Maps) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-04-19]
CHR Extension: (Video Downloader GetThemAll) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-04-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-20]
CHR Extension: (Chrome Media Router) - C:\Users\kumad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-20]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-219130860-3722789173-52809494-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\kumad\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-03-21]
CHR HKU\S-1-5-21-219130860-3722789173-52809494-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lgomjifbpjfhpodjhihemafahhmegbek] - C:\Program Files (x86)\QSR\NCapture\Chrome\QSR.NCapture.Chrome.crx [2016-06-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [151312 2017-03-27] (Performix LLC)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-06] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-06] (AVAST Software)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
S4 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-13] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-13] (BlueStack Systems, Inc.)
S4 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-13] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801792 2017-04-09] (Microsoft Corporation)
S4 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [257592 2016-12-14] (Connectify)
S3 DevicesFlowUserSvc; C:\WINDOWS\System32\DevicesFlowBroker.dll [689152 2017-03-18] (Microsoft Corporation)
S3 DevicesFlowUserSvc_9b8f11; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation)
S3 DevicesFlowUserSvc_9b8f11; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation)
R2 DusmSvc; C:\WINDOWS\System32\dusmsvc.dll [302592 2017-03-18] (Microsoft Corporation)
R2 fpCsEvtSvc; C:\WINDOWS\system32\fpCSEvtSvc.exe [22528 2015-06-10] ()
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [19424 2015-11-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373736 2016-08-05] (Intel Corporation)
S3 IpxlatCfgSvc; C:\WINDOWS\System32\IpxlatCfg.dll [64000 2017-03-18] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-18] (Malwarebytes)
S3 NaturalAuthentication; C:\WINDOWS\System32\NaturalAuth.dll [723968 2017-03-18] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312064 2015-08-19] (Realtek Semiconductor)
R2 Samsung Printer Dianostics Service; C:\Windows\SysWOW64\\spdsvc.exe [499000 2016-08-17] ()
R2 SamsungUPDUtilSvc; C:\Windows\SysWoW64\SecUPDUtilSvc.exe [143664 2016-11-06] ()
R2 SecurityHealthService; C:\WINDOWS\system32\SecurityHealthService.exe [335808 2017-03-18] (Microsoft Corporation)
S3 SEMgrSvc; C:\WINDOWS\system32\SEMgrSvc.dll [1191424 2017-03-18] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
S4 SIMSVC; C:\Program Files (x86)\HP lt4211 Gobi 4G\Utilities\SIM based Firmware Switching Tool\SIMService.exe [2081288 2016-09-02] (HP)
S4 Soda PDF 5 Helper Service; C:\Program Files (x86)\Soda PDF 5\HelperService.exe [1069408 2013-01-29] (LULU Software)
S4 Soda PDF 5 Service; C:\Program Files (x86)\Soda PDF 5\ConversionService.exe [794464 2013-01-29] (LULU Software)
S3 Soda PDF 8; C:\Program Files\Soda PDF 8\ws.exe [2263504 2016-04-19] (LULU SOFTWARE LIMITED)
S3 Soda PDF 8 CrashHandler; C:\Program Files\Soda PDF 8\crash-handler-ws.exe [920016 2016-04-19] (LULU SOFTWARE LIMITED)
R2 Soda PDF 8 Creator; C:\Program Files\Soda PDF 8\creator-ws.exe [733136 2016-04-19] (LULU SOFTWARE LIMITED)
R2 Soda PDF 8 Manager; C:\ProgramData\LULU Software\Soda PDF 8 Manager\Soda PDF 8\Soda Manager.exe [900120 2016-08-11] (LULU Software Limited)
S3 Soda PDF Desktop; C:\Program Files\Soda PDF Desktop\ws.exe [2529744 2016-10-21] (LULU SOFTWARE LIMITED)
S3 Soda PDF Desktop CrashHandler; C:\Program Files\Soda PDF Desktop\crash-handler-ws.exe [925648 2016-10-21] (LULU SOFTWARE LIMITED)
R2 Soda PDF Desktop Creator; C:\Program Files\Soda PDF Desktop\creator-ws.exe [733648 2016-10-21] (LULU SOFTWARE LIMITED)
S3 spectrum; C:\WINDOWS\system32\spectrum.exe [891904 2017-03-18] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255608 2016-08-22] (Synaptics Incorporated)
R3 TokenBroker; C:\WINDOWS\System32\TokenBroker.dll [1054720 2017-03-18] (Microsoft Corporation)
R3 TokenBroker; C:\WINDOWS\SysWOW64\TokenBroker.dll [799232 2017-03-18] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [53248 2015-06-10] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WFDSConMgrSvc; C:\WINDOWS\System32\wfdsconmgrsvc.dll [555008 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1295360 2017-03-18] (Microsoft Corporation)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [738512 2015-08-04] (Wacom Technology, Corp.)
S3 xbgm; C:\WINDOWS\System32\xbgmsvc.dll [301216 2017-03-18] (Microsoft Corporation)
S3 XboxGipSvc; C:\WINDOWS\System32\XboxGipSvc.dll [18944 2017-03-18] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [81000 2017-03-27] ()
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [307736 2017-04-06] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-04-06] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334088 2017-04-06] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-04-06] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [82936 2016-11-28] (AVAST Software)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-04-06] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-04-06] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [127112 2017-04-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-04-06] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-04-06] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1005048 2017-04-06] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [556784 2017-04-06] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [164064 2017-04-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-04-06] (AVAST Software)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-13] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
R3 CAD; C:\WINDOWS\System32\drivers\CAD.sys [53664 2017-03-18] (Microsoft Corporation)
R1 cfywlan2; C:\WINDOWS\system32\DRIVERS\cfywlan2.sys [46088 2016-12-16] (Connectify)
S2 CldFlt; C:\WINDOWS\System32\drivers\cldflt.sys [12288 2017-03-18] (Microsoft Corporation)
R1 cnnctfy4; C:\WINDOWS\system32\DRIVERS\cnnctfy4.sys [53216 2016-12-16] (Connectify)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [548848 2016-01-23] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-15] ()
S3 iaLPSS2i_GPIO2_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504 2017-03-18] (Intel Corporation)
S3 iaLPSS2i_I2C_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448 2017-03-18] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [345872 2016-05-26] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 mausbhost; C:\WINDOWS\System32\drivers\mausbhost.sys [405408 2017-03-18] (Microsoft Corporation)
S3 mausbip; C:\WINDOWS\System32\drivers\mausbip.sys [51104 2017-03-18] (Microsoft Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-04-10] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-04-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-21] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-21] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-04-21] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [122368 2017-03-18] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2017-03-18] (Intel Corporation)
S3 nvdimmn; C:\WINDOWS\System32\drivers\nvdimmn.sys [80896 2017-03-18] (Microsoft Corporation)
S3 pmem; C:\WINDOWS\System32\drivers\pmem.sys [101376 2017-03-18] (Microsoft Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [772336 2015-08-27] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3222016 2017-03-09] (Realtek Semiconductor Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51320 2016-08-22] (Synaptics Incorporated)
S3 SpatialGraphFilter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [40352 2017-03-20] (Microsoft Corporation)
S3 SzCCID; C:\WINDOWS\system32\DRIVERS\SzCCID.sys [68776 2015-08-27] (Generic)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-03-29] (AVG Netherlands B.V.)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [40008 2015-06-09] (Intel Corporation)
R3 WacHidRouter; C:\WINDOWS\system32\DRIVERS\wachidrouter_isd.sys [108256 2015-08-04] (Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 WinNat; C:\WINDOWS\System32\drivers\winnat.sys [217088 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2016-04-14] (HP)
R3 wmbclass; C:\WINDOWS\System32\drivers\wmbclass.sys [326656 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-04-05] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-04-05] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: NaturalAuthentication -> C:\Windows\System32\NaturalAuth.dll (Microsoft Corporation)
NETSVC: xbgm -> C:\Windows\System32\xbgmsvc.dll (Microsoft Corporation)
NETSVC: TokenBroker -> C:\Windows\System32\TokenBroker.dll (Microsoft Corporation)
NETSVC: XboxGipSvc -> C:\Windows\System32\XboxGipSvc.dll (Microsoft Corporation)
NETSVCx32: TokenBroker -> C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-21 07:49 - 2017-04-21 07:50 - 00038853 _____ C:\Users\kumad\Desktop\FRST.txt
2017-04-21 07:48 - 2017-04-21 07:49 - 00000000 ____D C:\FRST
2017-04-21 07:44 - 2017-04-21 07:46 - 02424832 _____ (Farbar) C:\Users\kumad\Desktop\FRST64 (1).exe
2017-04-21 07:44 - 2017-04-21 07:44 - 02424832 _____ C:\Users\kumad\Downloads\FRST64.exe.fdmdownload
2017-04-21 06:23 - 2017-04-21 07:47 - 490493337 _____ C:\Users\kumad\Downloads\lineage-14.1-20170420-nightly-oneplus2-signed.zip.fdmdownload
2017-04-21 04:08 - 2017-04-21 04:08 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-20 23:27 - 2017-04-01 01:25 - 06756920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-20 23:27 - 2017-04-01 01:03 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-20 23:27 - 2017-04-01 01:01 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-04-20 23:27 - 2017-04-01 00:56 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-04-20 23:27 - 2017-03-25 08:58 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-04-20 23:26 - 2017-04-01 02:05 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-20 23:26 - 2017-04-01 02:05 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-20 23:26 - 2017-04-01 02:04 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-20 23:26 - 2017-04-01 02:04 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-20 23:26 - 2017-04-01 02:04 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-20 23:26 - 2017-04-01 01:59 - 08319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-20 23:26 - 2017-04-01 01:57 - 01411640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-20 23:26 - 2017-04-01 01:57 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-20 23:26 - 2017-04-01 01:57 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-20 23:26 - 2017-04-01 01:52 - 02444184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-20 23:26 - 2017-04-01 01:52 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-20 23:26 - 2017-04-01 01:51 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-04-20 23:26 - 2017-04-01 01:51 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-20 23:26 - 2017-04-01 01:51 - 00205728 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-20 23:26 - 2017-04-01 01:50 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-04-20 23:26 - 2017-04-01 01:48 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-20 23:26 - 2017-04-01 01:47 - 01323880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-20 23:26 - 2017-04-01 01:29 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-20 23:26 - 2017-04-01 01:28 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-04-20 23:26 - 2017-04-01 01:25 - 00986592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-20 23:26 - 2017-04-01 01:19 - 23675392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-20 23:26 - 2017-04-01 01:11 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-20 23:26 - 2017-04-01 01:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-20 23:26 - 2017-04-01 01:09 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-20 23:26 - 2017-04-01 01:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-20 23:26 - 2017-04-01 01:08 - 19334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-20 23:26 - 2017-04-01 01:06 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-20 23:26 - 2017-04-01 01:05 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-20 23:26 - 2017-04-01 01:04 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-04-20 23:26 - 2017-04-01 01:04 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-20 23:26 - 2017-04-01 01:02 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-20 23:26 - 2017-04-01 01:02 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-04-20 23:26 - 2017-04-01 00:59 - 11869696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-20 23:26 - 2017-04-01 00:58 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-20 23:26 - 2017-04-01 00:58 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-20 23:26 - 2017-04-01 00:58 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-20 23:26 - 2017-04-01 00:58 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-04-20 23:26 - 2017-04-01 00:55 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-20 23:26 - 2017-04-01 00:55 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-04-20 23:26 - 2017-04-01 00:55 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-04-20 23:26 - 2017-04-01 00:53 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-20 23:26 - 2017-04-01 00:52 - 08247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-20 23:26 - 2017-04-01 00:52 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-20 23:26 - 2017-04-01 00:52 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-20 23:26 - 2017-04-01 00:50 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-04-20 23:26 - 2017-04-01 00:50 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-20 23:26 - 2017-04-01 00:48 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-04-20 23:26 - 2017-04-01 00:47 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-04-20 23:26 - 2017-04-01 00:45 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-20 23:26 - 2017-04-01 00:44 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-20 23:26 - 2017-03-31 22:00 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-04-20 23:26 - 2017-03-25 09:28 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-04-20 21:12 - 2017-04-20 21:12 - 00035526 _____ C:\Users\kumad\Desktop\BitLocker Drive Encryption recovery key.pdf
2017-04-20 21:08 - 2017-04-20 21:08 - 00000000 ____D C:\Users\kumad\AppData\Roaming\PDF Producer
2017-04-20 21:01 - 2017-04-20 20:08 - 00000000 ____D C:\Windows.old
2017-04-20 21:00 - 2017-04-20 21:00 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-04-20 21:00 - 2017-04-20 20:05 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-04-20 20:59 - 2017-04-20 20:59 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-04-20 20:59 - 2017-04-20 20:59 - 00000000 ____D C:\Program Files\MSBuild
2017-04-20 20:59 - 2017-04-20 20:59 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-04-20 20:59 - 2017-04-20 20:59 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-04-20 20:59 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-04-20 20:59 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-04-20 20:59 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-04-20 20:59 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-04-20 20:59 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-04-20 20:59 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-04-20 20:56 - 2017-04-20 20:56 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2017-04-20 20:38 - 2017-04-20 20:38 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-04-20 20:36 - 2017-04-20 20:36 - 00000020 ___SH C:\Users\kumad\ntuser.ini
2017-04-20 20:21 - 2017-04-20 20:21 - 00000000 ____D C:\ProgramData\USOShared
2017-04-20 20:19 - 2017-04-20 20:21 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2017-04-20 20:19 - 2017-04-20 20:21 - 00011433 _____ C:\WINDOWS\diagerr.xml
2017-04-20 20:16 - 2017-04-21 00:20 - 00910696 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-20 20:15 - 2017-04-21 01:49 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-04-20 20:15 - 2017-04-21 00:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-20 20:15 - 2017-04-20 20:39 - 00003282 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-20 20:15 - 2017-04-20 20:15 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-04-20 20:15 - 2017-04-20 20:15 - 00003362 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1474654084
2017-04-20 20:15 - 2017-04-20 20:15 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-20 20:15 - 2017-04-20 20:15 - 00003296 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{459BF3D8-9620-40A0-84EA-31C5B2818F89}
2017-04-20 20:15 - 2017-04-20 20:15 - 00003148 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-04-20 20:15 - 2017-04-20 20:15 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-20 20:15 - 2017-04-20 20:15 - 00002840 _____ C:\WINDOWS\System32\Tasks\klcp_update
2017-04-20 20:15 - 2017-04-20 20:15 - 00002038 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2017-04-20 20:15 - 2017-04-20 20:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-04-20 20:10 - 2017-04-20 20:10 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-04-20 20:07 - 2017-04-21 00:30 - 00000000 ____D C:\Users\kumad
2017-04-20 20:07 - 2017-04-20 20:14 - 00000000 ____D C:\Users\defaultuser0
2017-04-20 20:07 - 2017-04-20 20:10 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-04-20 20:06 - 2017-04-21 03:45 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-04-20 20:06 - 2017-04-21 03:45 - 00000000 ____D C:\ProgramData\Validity
2017-04-20 20:06 - 2017-04-20 20:36 - 00000000 ____D C:\Intel
2017-04-20 20:06 - 2017-04-20 20:06 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2017-04-20 20:06 - 2017-04-20 20:06 - 00006890 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-04-20 20:06 - 2017-04-20 20:06 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-04-20 20:06 - 2017-04-20 20:06 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-04-20 20:06 - 2017-04-20 20:06 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_wbf_vfs_003f_adv_01_09_00.Wdf
2017-04-20 20:06 - 2017-04-20 20:06 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-04-20 20:06 - 2017-04-20 20:06 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-04-20 20:06 - 2017-04-20 20:06 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-04-20 20:06 - 2017-04-20 20:06 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-04-20 20:06 - 2017-04-20 20:06 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-04-20 20:06 - 2017-04-20 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-04-20 20:06 - 2017-04-20 20:06 - 00000000 ____D C:\Program Files\Synaptics
2017-04-20 20:06 - 2017-04-20 20:06 - 00000000 ____D C:\Program Files\Realtek
2017-04-20 20:06 - 2017-04-20 20:06 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-04-20 20:06 - 2017-03-18 21:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-04-20 20:06 - 2016-08-05 06:02 - 00099864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-04-20 20:05 - 2017-04-21 06:17 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-20 20:05 - 2017-04-21 00:15 - 00389120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-20 20:05 - 2017-04-20 20:08 - 00000000 ____D C:\Program Files\Intel
2017-04-20 20:05 - 2017-04-20 20:08 - 00000000 ____D C:\Program Files (x86)\HP
2017-04-20 20:05 - 2017-04-20 20:05 - 00001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Pen.lnk
2017-04-20 20:05 - 2017-04-20 20:05 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_wachidrouter_isd_01009.Wdf
2017-04-20 20:05 - 2017-04-20 20:05 - 00000000 ____D C:\Program Files\Tablet
2017-04-20 18:42 - 2017-04-20 20:36 - 00000000 ___DC C:\WINDOWS\Panther
2017-04-20 18:42 - 2017-04-20 19:10 - 00000000 ___HD C:\$WINDOWS.~BT
2017-04-20 18:27 - 2017-04-20 18:42 - 00000036 _____ C:\WINDOWS\progress.ini
2017-04-20 11:58 - 2017-04-20 11:58 - 00000000 ____D C:\Users\kumad\Downloads\MKEGH U ICHIAN JIJINGI.pages
2017-04-20 11:45 - 2017-04-20 11:45 - 00193203 _____ C:\Users\kumad\Downloads\scan0031.pdf
2017-04-20 08:25 - 2017-04-20 20:35 - 00000000 ___HD C:\$GetCurrent
2017-04-20 08:24 - 2017-04-20 20:36 - 00000000 ____D C:\Windows10Upgrade
2017-04-20 08:24 - 2017-04-20 08:24 - 00000738 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-04-20 08:24 - 2017-04-20 08:24 - 00000726 _____ C:\Users\kumad\Desktop\Windows 10 Upgrade Assistant.lnk
2017-04-20 08:22 - 2017-04-20 08:22 - 06581904 _____ (Microsoft Corporation) C:\Users\kumad\Downloads\Windows10Upgrade28085.exe
2017-04-20 06:58 - 2017-04-20 06:58 - 09594465 _____ C:\Users\kumad\Downloads\1692.mp4
2017-04-20 06:54 - 2017-04-20 06:55 - 15322774 _____ C:\Users\kumad\Downloads\1434.mp4
2017-04-20 06:52 - 2017-04-20 06:52 - 20120410 _____ C:\Users\kumad\Downloads\1470.mp4
2017-04-20 06:49 - 2017-04-20 06:50 - 24341874 _____ C:\Users\kumad\Downloads\124.mp4
2017-04-20 06:29 - 2017-04-20 06:29 - 00014965 _____ C:\Users\kumad\Documents\hijackthis2
2017-04-20 06:28 - 2017-04-20 06:28 - 00388608 _____ (Trend Micro Inc.) C:\Users\kumad\Desktop\HijackThis (1).exe
2017-04-20 06:17 - 2017-04-20 06:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\kumad\Desktop\HijackThis.exe
2017-04-20 06:15 - 2017-04-20 06:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\kumad\Downloads\HijackThis.exe
2017-04-19 20:22 - 2017-03-27 08:01 - 00081000 _____ () C:\WINDOWS\system32\Drivers\adgnetworkwfpdrv.sys
2017-04-19 20:21 - 2017-04-21 07:50 - 00000000 ____D C:\ProgramData\Adguard
2017-04-19 20:21 - 2017-04-21 00:15 - 00000000 ____D C:\Program Files (x86)\Adguard
2017-04-19 20:21 - 2017-04-20 20:11 - 00000255 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2017-04-19 20:21 - 2017-04-20 20:11 - 00000255 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2017-04-19 20:21 - 2017-04-20 20:11 - 00000255 _____ C:\ProgramData\fontcacheev1.dat
2017-04-19 20:21 - 2017-04-20 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2017-04-19 20:21 - 2017-04-19 20:21 - 00001001 _____ C:\Users\Public\Desktop\Adguard.lnk
2017-04-19 20:21 - 2017-04-19 20:21 - 00000000 ____D C:\Users\kumad\AppData\Roaming\Performix LLC
2017-04-19 20:21 - 2017-04-19 20:21 - 00000000 ____D C:\Users\kumad\AppData\Local\Performix_LLC
2017-04-19 19:29 - 2017-04-19 20:16 - 35366216 _____ (Performix LLC) C:\Users\kumad\Downloads\setup.exe
2017-04-19 19:26 - 2017-04-19 20:39 - 00000000 ____D C:\AdwCleaner
2017-04-19 19:21 - 2017-04-19 19:25 - 04089296 _____ C:\Users\kumad\Downloads\adwcleaner_6.045.exe
2017-04-19 19:21 - 2017-04-19 19:22 - 00173328 _____ C:\Users\kumad\Downloads\adguardInstaller.exe
2017-04-18 19:46 - 2017-04-18 20:18 - 21904283 _____ C:\Users\kumad\Downloads\108.mp4
2017-04-18 11:59 - 2017-04-18 11:59 - 01029002 _____ C:\Users\kumad\Downloads\March 2017 PMI Final.pdf
2017-04-18 10:26 - 2017-04-18 11:59 - 00000000 ____D C:\Users\kumad\Desktop\PMI Survey Instruments
2017-04-17 15:25 - 2017-04-17 15:25 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-04-16 21:17 - 2017-04-16 22:49 - 02374789 _____ C:\Users\kumad\Downloads\thinkbayes.pdf
2017-04-16 21:16 - 2017-04-16 21:17 - 00557733 _____ C:\Users\kumad\Downloads\9780521632324_frontmatter.pdf
2017-04-16 21:14 - 2017-04-17 03:25 - 00000000 ____D C:\Users\kumad\Downloads\coursera-statistics-making-sense-of-data
2017-04-16 21:12 - 2017-04-16 21:12 - 01693810 _____ C:\Users\kumad\Downloads\DistributionsHandbook.pdf
2017-04-15 13:09 - 2017-04-15 14:00 - 24705996 _____ C:\Users\kumad\Downloads\vaOpO.mp4
2017-04-15 07:12 - 2017-04-15 07:29 - 354735609 _____ C:\Users\kumad\Downloads\1108166_1920x1080_4000k.mp4
2017-04-14 12:14 - 2017-04-14 22:59 - 331680310 _____ C:\Users\kumad\Downloads\[MP4 480p] The Most Powerful Birds in the World - National Geographic Documentary.mp4
2017-04-14 08:19 - 2017-04-14 08:19 - 00129944 _____ C:\Users\kumad\Downloads\MKEGH U ICHIAN JIJINGI.pages.zip
2017-04-09 20:01 - 2017-04-09 21:00 - 80776436 _____ C:\Users\kumad\Downloads\[MP4 1080p] OnePlus 3T, 3 months later_ The best smartphone value on the market_.mp4
2017-04-09 19:59 - 2017-04-10 20:36 - 101243862 _____ C:\Users\kumad\Downloads\[MP4 1080p] LG G6 vs OnePlus 3T - 2017 flagship vs flagship killer.mp4
2017-04-09 00:27 - 2017-04-09 00:27 - 00001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-04-09 00:25 - 2017-04-06 03:03 - 00399944 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-04-05 02:13 - 2017-04-05 02:13 - 00001530 _____ C:\WINDOWS\system32\.crusader
2017-04-05 02:06 - 2017-04-05 02:24 - 00000000 ____D C:\ProgramData\HitmanPro
2017-04-05 01:52 - 2017-04-21 07:49 - 00163940 _____ C:\WINDOWS\ZAM.krnl.trace
2017-04-05 01:52 - 2017-04-21 07:49 - 00129559 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-04-05 01:52 - 2017-04-05 01:52 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-04-05 01:52 - 2017-04-05 01:52 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-04-05 01:52 - 2017-04-05 01:52 - 00000000 ____D C:\Users\kumad\AppData\Local\Zemana
2017-04-01 11:07 - 2017-04-13 18:27 - 00000000 ____D C:\Users\kumad\Downloads\Friends Season 10 (1080p x265 Joy)
2017-03-28 03:40 - 2017-03-28 03:40 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2017-03-28 03:40 - 2017-03-28 03:40 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2017-03-23 21:16 - 2017-04-05 01:50 - 00009909 _____ C:\Users\kumad\Desktop\Naira Online Rates.xlsx
2017-03-23 21:10 - 2017-03-23 21:10 - 02249938 _____ C:\Users\kumad\Desktop\Kuma_Address.bmp
2017-03-23 20:50 - 2017-03-23 20:51 - 01476942 _____ C:\Users\kumad\Desktop\Kuma@@78Address.bmp
2017-03-23 11:21 - 2017-03-23 11:21 - 00025272 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2017-03-23 11:21 - 2017-03-23 11:21 - 00023744 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-23 11:21 - 2017-03-23 11:21 - 00019648 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-03-23 11:21 - 2017-03-23 11:21 - 00019648 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-03-23 11:21 - 2017-03-23 11:21 - 00019136 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-23 11:21 - 2017-03-23 11:21 - 00019136 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00633072 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00395528 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00333592 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00087792 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00021696 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-2-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00021184 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00021184 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00020160 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00020160 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00020152 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00019648 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00019648 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00019648 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00019640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-2-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00019640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00019640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00019136 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00019136 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00019136 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00019136 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-23 11:20 - 2017-03-23 11:20 - 00018624 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-23 11:19 - 2017-03-23 11:19 - 00071360 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2017-03-23 11:19 - 2017-03-23 11:19 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2017-03-23 11:19 - 2017-03-23 11:19 - 00027328 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-23 11:19 - 2017-03-23 11:19 - 00023232 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-03-23 11:19 - 2017-03-23 11:19 - 00022720 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-23 11:19 - 2017-03-23 11:19 - 00021696 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2017-03-23 11:19 - 2017-03-23 11:19 - 00021184 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-23 11:19 - 2017-03-23 11:19 - 00020160 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-03-23 11:19 - 2017-03-23 11:19 - 00020160 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-23 11:19 - 2017-03-23 11:19 - 00019648 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-23 11:19 - 2017-03-23 11:19 - 00019648 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-23 11:19 - 2017-03-23 11:19 - 00019136 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-23 11:19 - 2017-03-23 11:19 - 00019136 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-23 11:19 - 2017-03-23 11:19 - 00019136 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-23 11:19 - 2017-03-23 11:19 - 00019136 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l2-1-0.dll
2017-03-23 11:19 - 2017-03-23 11:19 - 00019136 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-2-0.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-21 07:50 - 2016-09-22 20:34 - 00000000 ____D C:\Users\kumad\AppData\Local\Free Download Manager
2017-04-21 07:35 - 2017-03-11 19:08 - 00000000 ____D C:\Users\kumad\Desktop\2016 HLS
2017-04-21 07:27 - 2016-09-21 20:27 - 00000000 ____D C:\Users\kumad\AppData\Local\Packages
2017-04-21 07:26 - 2017-03-20 05:58 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-04-21 04:15 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-04-21 03:49 - 2017-03-16 22:17 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-04-21 03:49 - 2016-11-21 20:22 - 00000000 ____D C:\Users\kumad\AppData\LocalLow\Mozilla
2017-04-21 03:49 - 2016-09-22 06:56 - 00000000 ____D C:\Users\kumad\AppData\LocalLow\LastPass
2017-04-21 03:46 - 2017-02-24 07:36 - 00000000 ___RD C:\Users\kumad\Google Drive
2017-04-21 03:45 - 2016-09-22 00:05 - 00000000 __SHD C:\Users\kumad\IntelGraphicsProfiles
2017-04-21 00:16 - 2017-03-20 05:58 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-21 00:16 - 2017-03-20 05:58 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-04-21 00:16 - 2017-03-20 05:58 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-04-21 00:16 - 2017-03-18 22:01 - 00000000 ____D C:\WINDOWS\INF
2017-04-21 00:15 - 2017-03-18 12:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-04-21 00:14 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-04-21 00:14 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-04-21 00:13 - 2016-09-21 20:29 - 00000000 ___RD C:\Users\kumad\OneDrive
2017-04-20 23:28 - 2017-03-18 21:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-20 22:53 - 2017-03-18 22:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-20 22:53 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-20 22:42 - 2016-09-22 00:25 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-20 21:08 - 2016-11-26 20:56 - 00000000 ____D C:\Users\kumad\Documents\Soda PDF Files
2017-04-20 21:04 - 2017-03-18 22:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-04-20 21:03 - 2017-03-18 12:40 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-04-20 21:01 - 2017-03-18 22:06 - 00000000 ____D C:\WINDOWS\Setup
2017-04-20 20:39 - 2016-09-21 20:29 - 00002408 _____ C:\Users\kumad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-20 20:37 - 2016-09-21 20:27 - 00000000 ____D C:\Users\kumad\AppData\Local\ConnectedDevicesPlatform
2017-04-20 20:36 - 2017-03-18 22:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-20 20:36 - 2016-09-21 20:27 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-20 20:22 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\rescache
2017-04-20 20:21 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-04-20 20:21 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-04-20 20:18 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\Registration
2017-04-20 20:18 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-20 20:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-04-20 20:16 - 2017-03-20 04:44 - 00000000 ____D C:\WINDOWS\HoloShell
2017-04-20 20:15 - 2017-03-18 22:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-20 20:11 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-20 20:11 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-04-20 20:10 - 2017-03-20 05:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-20 20:10 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-04-20 20:10 - 2017-03-07 23:48 - 00000000 ____D C:\Users\kumad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkipSoft Android Toolkit
2017-04-20 20:10 - 2017-02-24 07:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-04-20 20:10 - 2017-02-08 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Data Recovery
2017-04-20 20:10 - 2017-02-08 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Undelete360
2017-04-20 20:10 - 2017-02-07 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSPro 6.3
2017-04-20 20:10 - 2017-01-06 08:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-04-20 20:10 - 2016-12-29 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TryMyUIRecorder
2017-04-20 20:10 - 2016-12-16 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify 2016
2017-04-20 20:10 - 2016-11-28 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\ClockworkMod
2017-04-20 20:10 - 2016-11-27 05:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop
2017-04-20 20:10 - 2016-11-26 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF 8
2017-04-20 20:10 - 2016-11-06 15:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2017-04-20 20:10 - 2016-10-12 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EViews 9
2017-04-20 20:10 - 2016-10-10 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Usenet.nl
2017-04-20 20:10 - 2016-09-23 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2017-04-20 20:10 - 2016-09-23 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jetAudio
2017-04-20 20:10 - 2016-09-22 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2017-04-20 20:10 - 2016-09-22 18:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-04-20 20:10 - 2016-09-22 06:56 - 00000000 ____D C:\Users\kumad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2017-04-20 20:10 - 2016-09-22 06:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2017-04-20 20:10 - 2016-09-22 00:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-04-20 20:10 - 2016-09-21 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF 5
2017-04-20 20:10 - 2016-09-21 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2017-04-20 20:08 - 2017-03-20 04:42 - 00000000 ____D C:\WINDOWS\OCR
2017-04-20 20:08 - 2017-03-20 04:41 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-04-20 20:08 - 2017-03-20 04:41 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-04-20 20:08 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-20 20:08 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-20 20:08 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-04-20 20:08 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-04-20 20:08 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-20 20:08 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-20 20:08 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-20 20:08 - 2017-02-08 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QSR
2017-04-20 20:08 - 2016-11-02 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-04-20 20:07 - 2016-11-30 14:21 - 00000000 ____D C:\Users\kumad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-04-20 20:07 - 2016-09-21 20:25 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2017-04-20 20:07 - 2016-07-16 12:47 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-04-20 20:06 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-04-20 20:06 - 2017-03-18 12:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-04-20 19:51 - 2016-11-26 22:15 - 00000000 ____D C:\Users\kumad\AppData\Roaming\WhatsApp
2017-04-20 16:07 - 2016-10-13 10:02 - 00341504 ___SH C:\Users\kumad\Desktop\Thumbs.db
2017-04-20 15:39 - 2016-10-26 05:53 - 00862208 ___SH C:\Users\kumad\Downloads\Thumbs.db
2017-04-20 11:56 - 2016-11-29 11:34 - 00216576 ___SH C:\Users\kumad\Documents\Thumbs.db
2017-04-20 06:18 - 2016-09-21 20:27 - 00000000 ____D C:\Users\kumad\AppData\Local\VirtualStore
2017-04-19 20:38 - 2016-09-23 19:08 - 00001044 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-04-19 20:21 - 2016-09-22 18:49 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-19 19:07 - 2016-11-08 00:10 - 00000000 ____D C:\Program Files (x86)\Minimal ADB and Fastboot
2017-04-19 16:40 - 2016-09-23 22:43 - 00000000 ____D C:\Users\kumad\AppData\Roaming\MPC-HC
2017-04-18 13:14 - 2016-11-07 22:23 - 00000000 ____D C:\Users\kumad\Documents\Syncios Data Transfer
2017-04-18 11:51 - 2016-09-21 20:58 - 00000000 ____D C:\Program Files\Microsoft Office
2017-04-15 09:09 - 2016-09-22 00:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-15 09:02 - 2016-09-22 00:23 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-15 00:07 - 2017-03-19 23:09 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-04-14 06:55 - 2016-09-22 18:31 - 00000000 ____D C:\Users\kumad\AppData\Local\ElevatedDiagnostics
2017-04-10 21:08 - 2017-03-20 05:58 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-04-09 13:31 - 2016-09-23 19:08 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-07 05:35 - 2016-09-23 19:41 - 00000000 ____D C:\Users\kumad\Desktop\KIV
2017-04-06 03:03 - 2016-09-23 19:07 - 01005048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-04-06 03:03 - 2016-09-23 19:07 - 00556784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-04-06 03:03 - 2016-09-23 19:07 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-04-06 03:03 - 2016-09-23 19:07 - 00164064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-04-06 03:03 - 2016-09-23 19:07 - 00127112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-04-06 03:03 - 2016-09-23 19:07 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-04-06 03:03 - 2016-09-23 19:07 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-04-06 03:03 - 2016-09-23 19:07 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-04-06 03:03 - 2016-09-23 19:07 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-04-06 03:02 - 2017-03-16 13:30 - 00334088 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-04-06 03:02 - 2017-03-16 13:30 - 00307736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-04-06 03:02 - 2017-03-16 13:30 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-04-06 03:02 - 2017-03-16 13:30 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-04-05 02:30 - 2016-09-22 06:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-05 01:56 - 2016-09-22 06:44 - 00001240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-05 01:35 - 2016-09-22 06:44 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-05 01:15 - 2016-09-22 06:54 - 00000988 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-05 01:15 - 2016-09-22 06:54 - 00000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-03 17:56 - 2017-03-18 22:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-03 17:56 - 2017-03-18 22:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-30 20:07 - 2016-09-22 06:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-28 03:42 - 2017-02-24 07:34 - 00002122 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-03-28 03:42 - 2017-02-24 07:34 - 00002120 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-03-28 03:42 - 2017-02-24 07:34 - 00002110 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-03-24 01:01 - 2016-09-23 19:05 - 00000000 ____D C:\ProgramData\AVAST Software

==================== Files in the root of some directories =======

2016-09-22 06:57 - 2016-09-22 06:57 - 21874200 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2017-02-22 00:44 - 2017-02-22 00:44 - 0003584 _____ () C:\Users\kumad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-26 16:55 - 2016-11-23 14:37 - 0000570 _____ () C:\Users\kumad\AppData\Local\TroubleshooterConfig.json
2017-04-19 20:21 - 2017-04-20 20:11 - 0000255 _____ () C:\ProgramData\fontcacheev1.dat

Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat


Some files in TEMP:
====================
2017-04-20 21:11 - 2016-11-27 05:38 - 9748744 _____ (LULU Software) C:\Users\kumad\AppData\Local\Temp\678cf0d9-1f99-4fc0-a5b8-04e4afa8a00c.exe
2017-04-20 21:11 - 2017-04-20 21:16 - 9926703 _____ () C:\Users\kumad\AppData\Local\Temp\9520a2e7-f9be-4037-8e8e-53aacb9d8371.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-20 20:05

==================== End of FRST.txt ============================
esiso
 
Posts: 3
Joined: Thu Apr 20, 2017 5:18 am

Re: Nova Rambler Infection - Please help!

Postby esiso » Fri Apr 21, 2017 7:00 am

This is the Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2017
Ran by kumad (21-04-2017 07:50:52)
Running from C:\Users\kumad\Desktop
Windows 10 Pro Version 1703 (X64) (2017-04-20 19:35:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-219130860-3722789173-52809494-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-219130860-3722789173-52809494-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-219130860-3722789173-52809494-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-219130860-3722789173-52809494-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-219130860-3722789173-52809494-1003 - Limited - Enabled)
kumad (S-1-5-21-219130860-3722789173-52809494-1001 - Administrator - Enabled) => C:\Users\kumad

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adguard (HKLM-x32\...\{e2a82ed3-dba7-43f6-8ef3-e303140c55dd}) (Version: 6.1.331.1732 - Performix LLC)
Adguard (x32 Version: 6.1.331.1732 - Performix LLC) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.74.1 - AVG Technologies) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.83.6332 - BlueStack Systems, Inc.)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Connectify 2016 (HKLM\...\Connectify) (Version: 2016.0.12.37996 - Connectify)
CSPro 6.3 (HKLM-x32\...\{125049F3-B5D8-416D-99B9-8CBFD0E56885}) (Version: 6.3.2 - U.S. Census Bureau)
EViews 9 (64-bit) (HKLM-x32\...\InstallShield_{907404D2-8C9D-428D-AB5B-FD8CA68A7305}) (Version: 9.00.0000 - IHS Global Inc.)
EViews 9 (64-bit) (Version: 9.00.0000 - IHS Global Inc.) Hidden
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: 5.1.18.4671 - FreeDownloadManager.ORG)
Free Download Manager (HKLM-x32\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: - FreeDownloadManager.ORG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP ESU for Microsoft Windows 10 (HKLM-x32\...\{94D0EB60-8B2F-4A80-BA74-3D312434415F}) (Version: 11.2.2 - HP)
HP lt4211 Gobi 4G Drivers (HKLM-x32\...\{3D086079-8F41-45B9-A760-30E58913D6D6}) (Version: 1.1.0.85 - HP)
IBM SPSS Statistics 24 (HKLM\...\{4762AE15-E5A3-43BF-8822-1CFC70FB147A}) (Version: 24.0.0.0 - IBM Corp)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.11 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4268 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
jetAudio Plus (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
K-Lite Codec Pack 12.3.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes version 3.0.6.1458 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1458 - Malwarebytes)
Manager (x32 Version: 8.1.4.29179 - LULU Software Limited) Hidden
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.7870.2038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-219130860-3722789173-52809494-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.7870.2038 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.7870.2038 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 en-US)) (Version: 52.0.1 - Mozilla)
Mozilla Firefox 52.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 52.0.2 (x64 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
NCapture for Internet Explorer (HKLM-x32\...\{B32CD9BC-7C16-4152-A579-2AA32730E24E}) (Version: 1.0.231.0 - QSR International Pty Ltd)
NVivo 11 (HKLM\...\{FA708D03-302F-45FA-BB45-F33BFE52766A}) (Version: 11.4.0.1062 - QSR International Pty Ltd)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7967.2035 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2035 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
ONEPLUS USB Drivers 1.0.1.0 (HKLM\...\{DB82C171-0600-4DF4-A6F1-89E92C46B790}_is1) (Version: 1.0.1.0 - )
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
QSR NCapture for Chrome (HKLM-x32\...\{EB78E6E7-6E0B-4EEE-A485-9361C3500096}) (Version: 1.0.182.0 - QSR International Pty Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7561 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(25-May-15) - Samsung Electronics Co., Ltd.)
Samsung M2020 Series XPS (Windows 8) (HKLM-x32\...\Samsung M2020 Series XPS (Windows 8)) (Version: 3.03.08.00:05 - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Soda PDF 5 (HKLM-x32\...\{B756A738-AC20-4C26-9EFD-80810B624642}) (Version: 5.0.133.9133 - LULU SOFTWARE LIMITED)
Soda PDF 8 (HKLM-x32\...\Soda8) (Version: 8.1.3.28371 - LULU Software Limited)
Soda PDF 8 Asian Fonts Pack (Version: 8.1.3.27559 - LULU Software Limited) Hidden
Soda PDF 8 Convert Module (Version: 8.1.3.27559 - LULU Software Limited) Hidden
Soda PDF 8 Create Module (Version: 8.1.3.27559 - LULU Software Limited) Hidden
Soda PDF 8 Edit Module (Version: 8.1.3.27559 - LULU Software Limited) Hidden
Soda PDF 8 Forms Module (Version: 8.1.3.27559 - LULU Software Limited) Hidden
Soda PDF 8 Insert Module (Version: 8.1.3.27559 - LULU Software Limited) Hidden
Soda PDF 8 OCR Module (Version: 8.1.3.27559 - LULU Software Limited) Hidden
Soda PDF 8 Review Module (Version: 8.1.3.27559 - LULU Software Limited) Hidden
Soda PDF 8 Secure Module (Version: 8.1.3.27559 - LULU Software Limited) Hidden
Soda PDF 8 View Module (Version: 8.1.3.27559 - LULU Software Limited) Hidden
Soda PDF Desktop (HKLM-x32\...\SodaDesktop) (Version: 9.0.24.30401 - LULU Software)
Soda PDF Desktop Asian Fonts Pack (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Convert Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Create Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Edit Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Forms Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Insert Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop OCR Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Review Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Secure Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop View Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF OCR (HKLM-x32\...\{8BE88409-618C-4136-ADD2-BE49B2B45048}) (Version: 1.0.25.9129 - LULU Software)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.54 - Synaptics Incorporated)
TryMyUIRecorder 1.0.2 (HKLM-x32\...\4295-7270-9283-5586) (Version: 1.0.2 - TryMyUI, Inc.)
Undelete 360 (HKLM-x32\...\Undelete 360_is1) (Version: - File Recovery Ltd.)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.67 - Samsung Electronics CO., LTD.)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version: - )
UserTesting (HKU\S-1-5-21-219130860-3722789173-52809494-1001\...\UserTestingPlugin) (Version: - UserTesting.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WhatsApp (HKU\S-1-5-21-219130860-3722789173-52809494-1001\...\WhatsApp) (Version: 0.2.3699 - WhatsApp)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Wise Data Recovery 3.87 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 3.87 - WiseCleaner.com, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-219130860-3722789173-52809494-1001_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll ()
CustomCLSID: HKU\S-1-5-21-219130860-3722789173-52809494-1001_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfFilter.dll ()
CustomCLSID: HKU\S-1-5-21-219130860-3722789173-52809494-1001_Classes\CLSID\{8A862E2D-CEB8-480D-AA78-A24367C6EF3C}\InprocServer32 -> C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\iedownloadmanager.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10159549-831B-4541-9E96-7D79D2DDD7B1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-06] (AVAST Software)
Task: {18A4FE5F-A2B8-4359-B96E-7B352784C9CF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-04-18] (Microsoft Corporation)
Task: {4A5DC059-F777-4F43-B0F2-6D1037588423} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-04-18] (Microsoft Corporation)
Task: {62A0C06F-51C5-4592-BD8C-6619F0EF581C} - \SBW_UpdateTask_Time_333436313432383435322d4a5b5b345a417845455a376c -> No File <==== ATTENTION
Task: {64D227A1-CAF2-4F62-893C-CB71B7F5593F} - System32\Tasks\Microsoft\Windows\EDP\EDP Inaccessible Credentials Task
Task: {693F02EA-12F7-4661-8730-A5DF1AFD642F} - System32\Tasks\Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh
Task: {6BD9FDA3-C8EE-4C02-95CB-1B221BF24F79} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged
Task: {6F826844-5D38-495A-997C-E72E33DA799D} - System32\Tasks\SafeZone scheduled Autoupdate 1474654084 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {7E48EB16-2459-437A-B3B5-DD91866302CC} - System32\Tasks\Microsoft\Windows\EDP\StorageCardEncryption Task
Task: {9AC3DB7E-D07D-4F17-A747-D1195EA24BA2} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\WINDOWS\system32\ClipRenew.exe [2017-03-20] (Microsoft Corporation)
Task: {9BFBFF63-27D1-4C7C-ADFA-AE5B98B90F78} - System32\Tasks\Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask
Task: {A5D4E054-BE69-44E7-A4D1-73DE6F017102} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
Task: {AD738B09-D780-4F40-A79A-31F1B16A8612} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
Task: {AED94A4C-73E3-43F5-B6D1-86658D8AEE77} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-09] (Microsoft Corporation)
Task: {B1A64A58-E169-490F-87D1-DCBFEE91BDB2} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\WINDOWS\system32\ClipRenew.exe [2017-03-20] (Microsoft Corporation)
Task: {B994C841-2C69-4A1E-9803-9B0D915C24C1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-09] (Microsoft Corporation)
Task: {E074859C-DCE7-405D-84BC-EFD9E6E56548} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-02-21] (AVG Technologies CZ, s.r.o.)
Task: {E2C84211-7315-49DE-B3CD-4BDF3325DAC9} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
Task: {EBC30271-7C67-4F3D-A49B-728FFE9EA374} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {F7C9CC1A-8877-4EC0-A1DB-9001884C42B1} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-12-14 08:44 - 2014-10-30 13:18 - 00029184 _____ () C:\WINDOWS\System32\ssj2mlm.dll
2016-02-15 21:01 - 2016-02-15 21:01 - 00031256 _____ () C:\WINDOWS\System32\us008lm.dll
2016-11-06 15:57 - 2015-03-12 03:43 - 00022528 _____ () C:\WINDOWS\System32\us00alm.dll
2017-03-20 05:57 - 2017-04-15 00:07 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-20 05:57 - 2017-04-15 00:07 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-14 08:34 - 2016-08-17 13:43 - 00499000 _____ () C:\WINDOWS\SysWOW64\spdsvc.exe
2016-11-06 15:57 - 2016-11-06 15:57 - 00143664 _____ () C:\Windows\SysWoW64\SecUPDUtilSvc.exe
2015-06-10 17:33 - 2015-06-10 17:33 - 00022528 _____ () C:\WINDOWS\system32\fpCSEvtSvc.exe
2017-03-18 21:58 - 2017-03-18 21:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-08-05 06:02 - 2016-08-05 06:02 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-18 21:59 - 2017-03-20 04:43 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-04 19:05 - 2015-08-04 19:05 - 01375440 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 13:38 - 2014-09-08 13:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2017-02-22 23:56 - 2017-02-01 10:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-22 23:56 - 2017-02-01 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-11-18 20:02 - 2016-10-21 20:02 - 00682184 _____ () C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\browsernativehost.exe
2017-03-28 20:46 - 2017-03-28 20:46 - 01232408 _____ () C:\Users\kumad\AppData\Roaming\Mozilla\Firefox\Profiles\r8dmf4ze.default-1483473579248\extensions\support@lastpass.com\platform\WINNT_x86_64-msvc\components\lpxpcom_x86_64.dll
2017-04-04 23:37 - 2017-04-04 23:49 - 10650112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-04-04 23:37 - 2017-04-04 23:49 - 02653184 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-04-04 23:37 - 2017-04-04 23:49 - 00761344 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-04-14 22:03 - 2017-04-14 22:04 - 01710080 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8104.42387.0_x64__8wekyb3d8bbwe\HxMail.exe
2017-04-10 21:34 - 2017-04-10 21:36 - 13358272 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8104.42387.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-04-10 21:34 - 2017-04-10 21:36 - 01200832 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8104.42387.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2017-04-05 03:06 - 2017-04-18 06:27 - 08930496 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-03-27 20:41 - 2017-03-27 20:41 - 01415952 _____ () C:\Program Files (x86)\Adguard\AdguardNetApi.DLL
2017-03-27 20:41 - 2017-03-27 20:41 - 00142096 _____ () C:\Program Files (x86)\Adguard\AdguardNetLib.DLL
2016-11-06 15:57 - 2016-03-24 04:56 - 02817536 _____ () C:\WINDOWS\system32\DlgSearchEngine.dll
2017-04-06 03:03 - 2017-04-06 03:03 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-23 19:06 - 2016-09-23 19:06 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-06 03:03 - 2017-04-06 03:03 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-06 03:02 - 2017-04-06 03:02 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-04-06 03:03 - 2017-04-06 03:03 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-21 03:46 - 2017-04-21 03:46 - 00098816 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\win32api.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00110080 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\pywintypes27.dll
2017-04-21 03:46 - 2017-04-21 03:46 - 00364544 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\pythoncom27.dll
2017-04-21 03:46 - 2017-04-21 03:46 - 00320512 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\win32com.shell.shell.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00914432 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\_hashlib.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 01176576 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\wx._core_.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00806400 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\wx._gdi_.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00816128 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\wx._windows_.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 01067008 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\wx._controls_.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00733184 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\wx._misc_.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00682496 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\pysqlite2._sqlite.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00088064 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\_ctypes.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00686080 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\unicodedata.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00119808 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\win32file.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00108544 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\win32security.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00007168 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\hashobjs_ext.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00017920 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\thumbnails_ext.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00088064 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\usb_ext.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00012800 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\common.time34.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00018432 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\win32event.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00167936 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\win32gui.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00046080 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\_socket.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 01303552 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\_ssl.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00128512 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\_elementtree.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00127488 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\pyexpat.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00038912 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\win32inet.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00036864 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\_psutil_windows.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00524248 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\windows._lib_cacheinvalidation.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00011264 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\win32crypt.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00123392 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\wx._wizard.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00077312 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\wx._html2.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00027648 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\_multiprocessing.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00020480 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\_yappi.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00035840 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\win32process.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00078848 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\wx._animate.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00024064 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\win32pipe.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00010240 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\select.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00025600 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\win32pdh.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00017408 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\win32profile.pyd
2017-04-21 03:46 - 2017-04-21 03:46 - 00022528 ____R () C:\Users\kumad\AppData\Local\Temp\_MEI33922\win32ts.pyd
2016-11-28 17:05 - 2016-11-28 17:05 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2016-11-18 20:02 - 2016-10-13 18:03 - 01712128 _____ () C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\avformat-57.dll
2016-11-18 20:02 - 2016-10-13 18:03 - 00423936 _____ () C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\avutil-55.dll
2016-11-18 20:02 - 2016-10-13 18:03 - 10595328 _____ () C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\avcodec-57.dll
2016-11-18 20:02 - 2016-10-13 18:03 - 01674240 _____ () C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\avfilter-6.dll
2016-11-18 20:02 - 2016-10-13 18:03 - 00481792 _____ () C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\swscale-4.dll
2016-11-18 20:02 - 2016-10-13 18:03 - 00103936 _____ () C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\swresample-2.dll
2016-11-18 20:02 - 2016-10-13 18:03 - 00062464 _____ () C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\postproc-54.dll
2016-11-18 20:02 - 2016-10-21 19:45 - 00082944 _____ () C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\winunivappfeatures.dll
2016-11-18 20:02 - 2016-10-13 16:36 - 48935936 _____ () C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\libcef.dll
2016-09-22 20:43 - 2016-10-13 16:36 - 01665024 _____ () C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\libglesv2.dll
2016-09-22 20:43 - 2016-10-13 16:36 - 00075264 _____ () C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\libegl.dll
2017-04-05 03:07 - 2017-04-18 08:14 - 08929984 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2017-03-20 05:49 - 00000881 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 keystone.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-219130860-3722789173-52809494-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kumad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "RtsCM"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "Connectify Hotspot"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKU\S-1-5-21-219130860-3722789173-52809494-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-219130860-3722789173-52809494-1001\...\StartupApproved\Run: => "Free Download Manager"
HKU\S-1-5-21-219130860-3722789173-52809494-1001\...\StartupApproved\Run: => "B6FB95571921934E331CD775874641EC9FB7FB2D._service_run"
HKU\S-1-5-21-219130860-3722789173-52809494-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-219130860-3722789173-52809494-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_1D561F9312BC72D2A5A5C182583CAD03"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{869BD3A1-738B-4FA9-AAB9-8DA8BF0B9258}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe
FirewallRules: [{821A60EB-A68A-4201-853C-1DF6E95B439A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F3E99AFF-8CD9-4365-8E01-E224D4251A76}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{EBB0EC15-EE4F-4783-866A-F8F0E065EC8D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{138EA74F-A19E-4E2E-B0BA-19C5A8C90A28}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{D5A1CD97-EC9E-493A-AF94-FD7C9FF628C6}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{9A4A348D-81F5-48A3-BE7B-2708F123610A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{360D08B6-20F0-498B-B1CE-F9CB7CFF612E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7DC8EC2A-B8F1-4AE7-833F-1B640AA99750}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0758D576-CD21-49B3-9934-B54154842D25}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Diagnostics\SEInstall\SPD\ESM.exe
FirewallRules: [{BE8BF770-3F59-4A1A-AAD6-E3F48AA7B4BE}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{8B9F37B7-FE85-40AB-8E1A-E23B84EFD8A9}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{0A9C61F7-0D84-4267-955A-74563A41E66E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{764D3E87-010A-4BD7-B0D6-DFCA32A081F6}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{000F5D5A-E8A3-48B1-9ADA-EC32795C404D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{32E6B875-AA1A-493B-998B-920631B9D195}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{08A22DEA-7614-4E24-91D2-4796CDF7D097}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [UDP Query User{B585E762-299C-46C6-999C-B1C9179FE71E}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [TCP Query User{63C79BFA-D304-4E95-AB18-208C770783D6}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [{A6D8AEE9-22FA-47D0-A324-76AB1C8C6A6D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{8C2EA058-4830-42CF-B772-F99891CB7C08}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{FC907644-1705-46A9-A678-B14EDEDD9807}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{0286562C-948B-438E-BDB8-0803DD4A3E82}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C7F786B3-A07F-45D0-BA1C-9BB6F47FE722}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{0326C2CB-F83A-4362-BBFA-5A9D55213C96}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{28C08E65-3C26-46A2-AA6D-56BF96683189}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{61CEEF74-D7E1-4339-8D84-D2A310176369}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{67347788-5FDC-440B-8EF7-8C9B0542F524}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{45DEA039-3BDB-456D-99A6-2C624B5E83C3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{F57F9BFF-56B4-40C8-82DB-ABDDABADD2EC}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{A9591246-7F08-4D7E-9F77-FBF5F9488422}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{6EC1181B-B8CE-48F5-A080-A533D80895AD}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{7F0AE2A7-0300-4765-A202-4904A5A91DCE}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{E7E902AE-B046-4A4F-9FC0-2EEB6CDCB740}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{24DDFB31-FAEC-4AE5-8676-F85B40E4CA93}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B874ABB9-2C1D-478F-BFCA-68C0A4DEFFDF}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D9C965BA-CCB9-4A44-ABAD-E9B9891AB98C}] => (Allow) C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{B1E74BC4-5EC9-4722-96EF-6A308AAB7980}] => (Allow) C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{E0B3E51C-74F3-48A8-BC3D-9559C246303B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe
FirewallRules: [UDP Query User{10DE7EB4-F778-4799-BE72-ECC5B4746EE7}C:\program files\ibm\spss\statistics\24\stats.exe] => (Allow) C:\program files\ibm\spss\statistics\24\stats.exe
FirewallRules: [TCP Query User{8853B82D-8A30-4F60-A2D4-034603C15ACE}C:\program files\ibm\spss\statistics\24\stats.exe] => (Allow) C:\program files\ibm\spss\statistics\24\stats.exe
FirewallRules: [UDP Query User{969654CC-6369-4222-A1C3-8BA68EF864FB}C:\program files\freedownloadmanager.org\free download manager\fdm.exe] => (Allow) C:\program files\freedownloadmanager.org\free download manager\fdm.exe
FirewallRules: [TCP Query User{2A97786D-5104-42EF-9BC8-9738C6E1FB53}C:\program files\freedownloadmanager.org\free download manager\fdm.exe] => (Allow) C:\program files\freedownloadmanager.org\free download manager\fdm.exe
FirewallRules: [{03D26746-48E8-4429-8B89-5867B0538EE3}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{417FD366-1384-4409-B8D3-7A6ABFEC111A}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{F5D27C0F-4CEA-43D9-9B15-7073C1F8E51C}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{7BE240A1-4481-4F92-A0C4-93A93BBC3669}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{6EB2F358-DCC4-48D2-9D87-F07AC3BE8D06}] => (Allow) C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{F2938FBD-6927-41F8-8BF6-52B889ABC9E0}] => (Allow) C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{86E86F4D-4753-41DE-82F1-0779058C7769}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7586771D-B61C-46E5-9729-4C396EF5D43F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{29763A92-AC95-440E-BF67-CD714C6AA0A9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1938B4A4-8078-4422-9204-C767D4ED3610}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B90B04E2-5A35-44E7-AD44-CCFC0AE50F84}] => (Allow) F:\Malwarebytes Anti-Malware Premium 2.2.1.1043 Final.Portable[by Robert]\App\Malwarebytes\mbam.exe
FirewallRules: [{2FE83A8B-18A2-4E60-A48A-CDF52616AADC}] => (Allow) F:\Malwarebytes Anti-Malware Premium 2.2.1.1043 Final.Portable[by Robert]\App\Malwarebytes\mbam.exe
FirewallRules: [{43AA61E2-D888-4FB2-9648-99BD53FA03D8}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\WinWrapIDE.exe
FirewallRules: [{F3772061-10B2-4599-885E-5491F85F203E}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\stats.exe
FirewallRules: [{AED8898B-E698-4B42-886C-9BE6FC4980D2}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\stats.exe
FirewallRules: [{A3F5A73F-D8E8-4AEB-9A44-A1073B119AB7}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\stats.com
FirewallRules: [{3A63E327-BE58-4E38-92F8-ED474DF41EEA}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\WinWrapIDE.exe
FirewallRules: [{32CCD7B7-ECDC-455F-977B-19E5C5063977}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\stats.com
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================

20-04-2017 23:27:19 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2017 04:20:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\oneplus usb drivers\tool_ia64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/21/2017 04:17:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\oneplus usb drivers\tool_ia64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/21/2017 03:46:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KUMA-TAB-PC)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/20/2017 08:15:51 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (04/20/2017 08:12:48 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (04/20/2017 08:12:48 PM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (04/20/2017 08:12:48 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A


System errors:
=============
Error: (04/21/2017 12:15:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (04/21/2017 12:15:21 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The aswbIDSAgent service did not shut down properly after receiving a pre-shutdown control.

Error: (04/21/2017 12:14:27 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Update Orchestrator Service service did not shut down properly after receiving a pre-shutdown control.

Error: (04/21/2017 12:13:09 AM) (Source: DCOM) (EventID: 10010) (User: KUMA-TAB-PC)
Description: The server {C3D84F57-9904-4F7D-8D79-1D72DAD51ADC} did not register with DCOM within the required timeout.

Error: (04/20/2017 08:54:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/20/2017 08:54:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/20/2017 08:54:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/20/2017 08:54:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/20/2017 08:41:32 PM) (Source: DCOM) (EventID: 10010) (User: KUMA-TAB-PC)
Description: The server {14286318-B6CF-49A1-81FC-D74AD94902F9} did not register with DCOM within the required timeout.

Error: (04/20/2017 08:40:59 PM) (Source: DCOM) (EventID: 10010) (User: KUMA-TAB-PC)
Description: The server {14286318-B6CF-49A1-81FC-D74AD94902F9} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
Date: 2017-04-21 07:05:58.292
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-04-21 07:05:34.119
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-04-21 07:05:27.424
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-04-21 07:05:09.245
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-04-21 07:05:08.654
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-04-21 07:05:08.264
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-04-20 20:48:25.849
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-04-20 20:48:20.246
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-04-20 20:47:54.397
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-04-20 20:47:53.170
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4302Y CPU @ 1.60GHz
Percentage of memory in use: 63%
Total physical RAM: 8073.09 MB
Available physical RAM: 2941.59 MB
Total Virtual: 9993.09 MB
Available Virtual: 3387.25 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:223.15 GB) (Free:5.69 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:11.84 GB) (Free:0.12 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:0.77 GB) FAT32
Drive f: () (Removable) (Total:119.28 GB) (Free:8.46 GB) exFAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 1E1F4777)

Partition: GPT.

========================================================
Disk: 1 (Size: 119.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
esiso
 
Posts: 3
Joined: Thu Apr 20, 2017 5:18 am


Return to Spyware Removal

Who is online

Users browsing this forum: No registered users and 7 guests

cron