Jump to content

Malwarebytes antimalware premium blocking sso.anbtr but not removing.


Recommended Posts

Hello all the experts here, Greetings!

I'm seeing some strange problem in my system happening since a week or more. I'm not a regular visitor to any file sharing site but 10 days ago I visited a torrent site to download a book for my study that's all. After that MBAMP started behaving strangely blocking many IPs and site then also blocking so many legitimate applications running in my system. Firefox browser started in every page I tried to open with an warning message '  Not Found' or ' This Site is untrusted' etc..

Security steps taken;

I ran MBAMP 3/4 times enabling ROOTKIT option checked but it found nothing ,scan results shows 'DISABLED option in ROOTKIT ' ( I thought system seems cleaned) but MBAMP crashed a lot with an warning message to update and fix though the net is always on and scan completed successfully.

I ran TDSkiller, it found 1 or 2 suspicious activity.

I ran Adware cleaner nothing suspicious found

I ran JRT too it fixed some registry and restore point.

I ran Eset online scanner it found out nothing.

I uninstalled MBAMP & reinstalled it again reset/uninstalled Firefox and reinstalled FF but no improvements. I can't browse my favorite bookmarked sites I usually visits very often in FF browser which constantly blocks those sites and MBAMP starts behaving paranoid ..blocking many IPs. 

Bellow is the scan & blocked reports from MBAMP

Spoiler

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/6/2016
Scan Time: 5:09 PM
Logfile: MBAM 1.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.06.03
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Fly

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313760
Time Elapsed: 17 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

----------

2ND;

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/6/2016
Scan Time: 7:51 PM
Logfile: MBAM2.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.06.04
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Fly

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 266011
Time Elapsed: 9 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

3RD. Paranoid behavior

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 7/6/2016 5:03 PM, SYSTEM, FLY-PC, Manual, Failed, No Internet connection detected, 
Protection, 7/6/2016 5:04 PM, SYSTEM, FLY-PC, Protection, Malware Protection, Starting, 
Protection, 7/6/2016 5:04 PM, SYSTEM, FLY-PC, Protection, Malware Protection, Started, 
Protection, 7/6/2016 5:04 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 7/6/2016 5:04 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Started, 
Update, 7/6/2016 5:09 PM, SYSTEM, FLY-PC, Manual, Remediation Database, 2016.2.12.1, 2016.7.5.1, 
Update, 7/6/2016 5:09 PM, SYSTEM, FLY-PC, Manual, Rootkit Database, 2016.2.8.1, 2016.5.27.1, 
Update, 7/6/2016 5:09 PM, SYSTEM, FLY-PC, Manual, IP Database, 2016.2.8.1, 2016.7.5.1, 
Update, 7/6/2016 5:09 PM, SYSTEM, FLY-PC, Manual, Domain Database, 2016.2.16.8, 2016.7.5.6, 
Update, 7/6/2016 5:09 PM, SYSTEM, FLY-PC, Manual, Malware Database, 2016.2.16.6, 2016.7.6.3, 
Protection, 7/6/2016 5:09 PM, SYSTEM, FLY-PC, Protection, Refresh, Starting, 
Protection, 7/6/2016 5:09 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 7/6/2016 5:09 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 7/6/2016 5:09 PM, SYSTEM, FLY-PC, Protection, Refresh, Success, 
Protection, 7/6/2016 5:09 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 7/6/2016 5:09 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Started, 
Update, 7/6/2016 5:14 PM, SYSTEM, FLY-PC, Scheduler, Failed, No Internet connection detected, 
Update, 7/6/2016 5:17 PM, SYSTEM, FLY-PC, Scheduler, Failed, Unable to access update server, 
Scan, 7/6/2016 5:27 PM, SYSTEM, FLY-PC, Manual, Start:7/6/2016 5:09 PM, Duration:17 min 37 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Update, 7/6/2016 5:32 PM, SYSTEM, FLY-PC, Scheduler, Failed, No Internet connection detected, 
Update, 7/6/2016 5:35 PM, SYSTEM, FLY-PC, Scheduler, Failed, Unable to access update server, 
Protection, 7/6/2016 6:09 PM, SYSTEM, FLY-PC, Protection, Malware Protection, Starting, 
Protection, 7/6/2016 6:09 PM, SYSTEM, FLY-PC, Protection, Malware Protection, Started, 
Protection, 7/6/2016 6:09 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 7/6/2016 6:10 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Started, 
Update, 7/6/2016 6:27 PM, SYSTEM, FLY-PC, Scheduler, Failed, No Internet connection detected, 
Detection, 7/6/2016 6:28 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Domain, 195.22.28.222, sso.anbtr.com, 49213, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 7/6/2016 6:28 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Domain, 195.22.28.222, sso.anbtr.com, 49213, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 7/6/2016 6:28 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Domain, 195.22.28.222, sso.anbtr.com, 49216, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 7/6/2016 6:28 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Domain, 195.22.28.222, sso.anbtr.com, 49218, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 7/6/2016 6:28 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Domain, 195.22.28.222, sso.anbtr.com, 49221, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 7/6/2016 6:28 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Domain, 195.22.28.222, sso.anbtr.com, 49225, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 7/6/2016 6:28 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Domain, 195.22.28.222, sso.anbtr.com, 49229, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 7/6/2016 6:28 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Domain, 195.22.28.222, sso.anbtr.com, 49231, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 7/6/2016 6:28 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Domain, 195.22.28.222, sso.anbtr.com, 49235, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 7/6/2016 6:28 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Domain, 195.22.28.222, sso.anbtr.com, 49238, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 7/6/2016 6:28 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Domain, 195.22.28.222, sso.anbtr.com, 49240, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 7/6/2016 6:28 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Domain, 195.22.28.222, sso.anbtr.com, 49242, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 7/6/2016 6:28 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Domain, 195.22.28.222, sso.anbtr.com, 49244, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 7/6/2016 6:29 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Domain, 195.22.28.222, sso.anbtr.com, 49263, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, 
Detection, 7/6/2016 6:29 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, IP, 195.22.28.222, 49300, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, 
Detection, 7/6/2016 6:29 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, IP, 195.22.28.222, 49300, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, 
Detection, 7/6/2016 6:29 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, IP, 195.22.28.222, 49301, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, 
Detection, 7/6/2016 6:29 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, IP, 195.22.28.222, 49303, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, 
Update, 7/6/2016 6:34 PM, SYSTEM, FLY-PC, Scheduler, Failed, Unable to access update server, 
Protection, 7/6/2016 7:43 PM, SYSTEM, FLY-PC, Protection, Malware Protection, Starting, 
Protection, 7/6/2016 7:43 PM, SYSTEM, FLY-PC, Protection, Malware Protection, Started, 
Protection, 7/6/2016 7:43 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 7/6/2016 7:44 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Started, 
Update, 7/6/2016 7:50 PM, SYSTEM, FLY-PC, Manual, IP Database, 2016.7.5.1, 2016.7.6.2, 
Update, 7/6/2016 7:50 PM, SYSTEM, FLY-PC, Manual, Domain Database, 2016.7.5.6, 2016.7.6.2, 
Update, 7/6/2016 7:50 PM, SYSTEM, FLY-PC, Manual, Malware Database, 2016.7.6.3, 2016.7.6.4, 
Protection, 7/6/2016 7:50 PM, SYSTEM, FLY-PC, Protection, Refresh, Starting, 
Protection, 7/6/2016 7:50 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 7/6/2016 7:50 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 7/6/2016 7:51 PM, SYSTEM, FLY-PC, Protection, Refresh, Success, 
Protection, 7/6/2016 7:51 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 7/6/2016 7:51 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Started, 
Scan, 7/6/2016 8:01 PM, SYSTEM, FLY-PC, Manual, Start:7/6/2016 7:51 PM, Duration:9 min 52 sec, Hyper Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Protection, 7/6/2016 8:27 PM, SYSTEM, FLY-PC, Protection, Malware Protection, Starting, 
Protection, 7/6/2016 8:27 PM, SYSTEM, FLY-PC, Protection, Malware Protection, Started, 
Protection, 7/6/2016 8:27 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 7/6/2016 8:27 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Started, 
Protection, 7/6/2016 8:34 PM, SYSTEM, FLY-PC, Protection, Malware Protection, Starting, 
Protection, 7/6/2016 8:34 PM, SYSTEM, FLY-PC, Protection, Malware Protection, Started, 
Protection, 7/6/2016 8:34 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 7/6/2016 8:35 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Started, 
Update, 7/6/2016 9:25 PM, SYSTEM, FLY-PC, Scheduler, Failed, No Internet connection detected, 
Protection, 7/6/2016 9:34 PM, SYSTEM, FLY-PC, Protection, Malware Protection, Starting, 
Protection, 7/6/2016 9:34 PM, SYSTEM, FLY-PC, Protection, Malware Protection, Started, 
Protection, 7/6/2016 9:34 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 7/6/2016 9:35 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Started, 
Error, 7/6/2016 10:23 PM, SYSTEM, FLY-PC, Scheduler, 0, 
Update, 7/6/2016 10:23 PM, SYSTEM, FLY-PC, Scheduler, Malware Database, Failed, Unable to access update server, 2016.7.6.4, 2016.7.6.6, 
Update, 7/6/2016 10:27 PM, SYSTEM, FLY-PC, Scheduler, Domain Database, 2016.7.6.2, 2016.7.6.5, 
Update, 7/6/2016 10:27 PM, SYSTEM, FLY-PC, Scheduler, Malware Database, 2016.7.6.4, 2016.7.6.6, 
Protection, 7/6/2016 10:27 PM, SYSTEM, FLY-PC, Protection, Refresh, Starting, 
Protection, 7/6/2016 10:27 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 7/6/2016 10:27 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 7/6/2016 10:27 PM, SYSTEM, FLY-PC, Protection, Refresh, Success, 
Protection, 7/6/2016 10:27 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 7/6/2016 10:27 PM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Started, 
Update, 7/6/2016 11:12 PM, SYSTEM, FLY-PC, Scheduler, Failed, Unable to access update server, 
Update, 7/6/2016 11:15 PM, SYSTEM, FLY-PC, Scheduler, Failed, Unable to access update server, 

(end)

 

4th;

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 7/7/2016 5:35 AM, SYSTEM, FLY-PC, Protection, Malware Protection, Starting, 
Protection, 7/7/2016 5:35 AM, SYSTEM, FLY-PC, Protection, Malware Protection, Started, 
Protection, 7/7/2016 5:35 AM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 7/7/2016 5:36 AM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Started, 
Update, 7/7/2016 6:26 AM, SYSTEM, FLY-PC, Scheduler, Domain Database, 2016.7.6.5, 2016.7.6.7, 
Update, 7/7/2016 6:26 AM, SYSTEM, FLY-PC, Scheduler, Malware Database, 2016.7.6.6, 2016.7.7.1, 
Protection, 7/7/2016 6:26 AM, SYSTEM, FLY-PC, Protection, Refresh, Starting, 
Protection, 7/7/2016 6:26 AM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 7/7/2016 6:26 AM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 7/7/2016 6:27 AM, SYSTEM, FLY-PC, Protection, Refresh, Success, 
Protection, 7/7/2016 6:27 AM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 7/7/2016 6:27 AM, SYSTEM, FLY-PC, Protection, Malicious Website Protection, Started, 

(end).

 

 

 

 

 

 

 

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-07-2016

Spoiler

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-07-2016
Ran by Fly (2016-07-07 08:11:43)
Running from C:\Users\Fly\Downloads\Programs
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-08-27 00:21:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2805089890-3842710859-1120829455-500 - Administrator - Disabled)
Fly (S-1-5-21-2805089890-3842710859-1120829455-1000 - Administrator - Enabled) => C:\Users\Fly
Guest (S-1-5-21-2805089890-3842710859-1120829455-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2805089890-3842710859-1120829455-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.318.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.381.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3TB+Unlock B11.0919.1 (HKLM\...\{17630FD1-B14A-4CA5-A627-B6B5F7DD41CF}) (Version: 1.00.0001 - GIGABYTE)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Acronis True Image 2015 (HKLM\...\{35CFA5F4-EE2D-4B13-AAED-BC643B6874B5}Visible) (Version: 18.0.6613 - Acronis)
Acronis True Image 2015 (Version: 18.0.6613 - Acronis) Hidden
Action! (HKLM\...\Mirillis Action!) (Version: 1.30.0 - Mirillis)
Adguard (Version: 6.0.226.1108 - Performix LLC) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
AIDA64 Extreme v5.50 (HKLM\...\AIDA64 Extreme_is1) (Version: 5.50 - FinalWire Ltd.)
Aiseesoft Total Video Converter Platinum 6.3.22 (HKLM\...\{3661F243-518C-4d05-8BDF-7B10CC22689F}_is1) (Version:  - )
ASUS PC Link (HKLM\...\{077B24F1-B87A-4C57-AE35-E463A389D7FE}_is1) (Version: 1.22.25.203 - ASUSTEK)
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version:  - )
Beauty Guide 2.2.2 (HKLM\...\Beauty Guide_is1) (Version: 2.2.2 - Tint Guide)
Blue Ridge Networks AppGuard (HKLM\...\{427D4861-7E67-4B6A-9A09-EA7C1B12D6B7}) (Version: 4.4.6.1 - Blue Ridge Networks)
BurnAware Premium 7.4 (TopSoftBargains Giveaway) (HKLM\...\BurnAware Premium_is1) (Version:  - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Cloud Mail.Ru (HKLM\...\{776AF05B-784A-416F-B14C-31A1FBAF8B19}_is1) (Version: 15.03.0017 - Mail.Ru Group)
CodeBlocks (HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
College Algebra Solved! (HKLM\...\{6C82BEFA-21A9-4CC0-9F73-93BD0F406E33}) (Version: 11.14.2007 - Bagatrix)
Connectify 2015 (HKLM\...\Connectify) (Version: 2015.1.0.35473 - Connectify)
Corel AfterShot Pro (HKLM\...\AfterShot Pro) (Version: 1.1.0.30 - Corel Corporation)
CyberLink PowerDVD 16 (HKLM\...\{7CD1ACC0-3DD0-4894-90C7-BF2A136C074D}) (Version: 16.0.1713.60 - CyberLink Corp.)
DCoder Image Source (remove only) (HKLM\...\DCoder Image Source) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
DFX (HKLM\...\DFX) (Version: 12.014.0.0 - Power Technology)
DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version:  - )
D-Link DWA-131 - V5.00 (HKLM\...\{B7C11488-750D-4E48-A9A4-7207A335984D}) (Version:  - D-Link)
Easy Tune 6 B13.0924.2 (Version: 1.00.0000 - GIGABYTE) Hidden
ESET Smart Security (HKLM\...\{7E42F3C8-713E-4BFD-998E-FC08F31C3C9F}) (Version: 9.0.318.0 - ESET, spol. s r.o.)
ffdshow v1.3.4533 [2014-09-29] (HKLM\...\ffdshow_is1) (Version: 1.3.4533.0 - )
FFMPEG Core Files (remove only) (HKLM\...\FFMPEG Core Files) (Version:  - )
Folder Lock (HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\FolderLock6) (Version:  - New Sofware.net Inc.)
Folder Lock v6.6.5 (HKLM\...\NewSoftwares.Folder Lock_is1) (Version:  - )
Folder Marker Home (Emsisoft Edition) (HKLM\...\Folder Marker Home (Emsisoft Edition)_is1) (Version: 4.2 - ArcticLine Software)
Geany CP Compiler By Chaitanya @ Techapple.net (HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Geany CP Compiler By Chaitanya @ Techapple.net) (Version: 01.00.01.00 - Techapple.net)
Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Drive (HKLM\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
Hide ALL IP 2016.01.01 (HKLM\...\{02FC1980-2123-451F-8CB7-C9B60BE40717}_is1) (Version:  - www.hideallip.com)
Image Composite Editor (HKLM\...\{B29E2C62-496A-4F4F-9ED0-239FA15E1CB8}) (Version: 2.0.3 - Microsoft Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4226 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
KeePass Password Safe 1.31 (HKLM\...\KeePass Password Safe_is1) (Version: 1.31 - Dominik Reichl)
LAV Filters 0.65 (HKLM\...\lavfilters_is1) (Version: 0.65 - Hendrik Leppkes)
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Home Edition (Version: 6.1.1225 - Paramount Software (UK) Ltd.) Hidden
MadVR (remove only) (HKLM\...\MadVR) (Version:  - )
MakeUp Guide 2.2.2 (HKLM\...\MakeUp Guide_is1) (Version: 2.2.2 - Tint Guide)
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK 35 (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (HKLM\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Mathematics Add-In for Word and OneNote (HKLM\...\{90150000-00D8-0409-0000-0000000FF1CE}) (Version: 15.0.4481.1002 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Professional Edition 9.0 (HKLM\...\{69237D97-3063-450F-AE49-2357B191EA5D}_is1) (Version:  - MiniTool Solution Ltd.)
MiniTool Power Data Recovery Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Edition_is1) (Version:  - MiniTool Solution Ltd.)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 23.015.02.01.910 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.7 - F.J. Wechselberger)
NetLimiter 4 (HKLM\...\NetLimiter 4 4.0.19.0) (Version: 4.0.19.0 - Locktime Software)
NetLimiter 4 (Version: 4.0.19.0 - Locktime Software) Hidden
NI LabVIEW Run-Time Engine 5.1.1 (HKLM\...\NI LabVIEW Run-Time Engine 5.1.1) (Version:  - )
Notepad++ (HKLM\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NoVirusThanks EXE Radar Pro (x86/x64) v3.0 (HKLM\...\NoVirusThanks EXE Radar Pro_is1) (Version: 3.0.0.0 - NoVirusThanks Company Srl)
ON_OFF Charge 2 B13.1028.1 (HKLM\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (Version: 1.00.0000 - GIGABYTE) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Password Protect USB 3.6.1 (HKLM\...\Password Protect USB 3.6.1_is1) (Version: 3.6.1 - Password Protect Software)
PC Link (HKLM\...\PC Link_is1) (Version: 1.22.0.421 - ASUSTEK)
PerfectDisk Professional Business (HKLM\...\{C4E01CDC-0063-493C-B383-9C4FCF7A89F7}) (Version: 14.0.890 - Raxco Software Inc.)
Photo to Sketch Converter 2.0 (HKLM\...\Photo to Sketch Converter_is1) (Version: 2.0 - SoftOrbits)
Process Lasso (HKLM\...\ProcessLasso) (Version: 8.9.1.6 - Bitsum)
Protected Folder (HKLM\...\Protected Folder_is1) (Version:  - IObit)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Sandboxie 5.10 (32-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
Shadow Defender (HKLM\...\{93A07A0D-454E-43d1-86A9-5DE9C5F4411A}) (Version: 1.4.0.588 - ShadowDefender.com)
SHAREit (HKLM\...\SHAREit_is1) (Version: 3.3.0.658 - Lenovo)
Sketch Drawer 3.0 (HKLM\...\Sketch Drawer_is1) (Version: 3.0 - SoftOrbits)
Sticky Password 8.0.5.70 (HKLM\...\Sticky Password_is1) (Version: 8.0 - Lamantine Software)
SuperEasy Audio Converter 3 v.3.0.5224 (HKLM\...\{039BC111-5B26-B3BC-6D9F-1D0D0C9EBFED}_is1) (Version: 3.0.5224 - SuperEasy Software GmbH & Co. KG)
Turbo C++ 4.0 Windows 7 Windows 8 64Bit Version (HKLM\...\Turbo C++ 4.0 Windows 7 Windows 8 64Bit Version) (Version: 00.04.00.01 - Techapple.Net)
Unchecky v0.4.3 (HKLM\...\Unchecky) (Version: 0.4.3 - RaMMicHaeL)
Universal Adb Driver (HKLM\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version:  - Microsoft)
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wise Folder Hider Pro (HKLM\...\Wise Folder Hider Pro_is1) (Version: 3.23 - WiseCleaner.com, Inc.)
WMP Playback Pack (HKLM\...\WMP Playback Pack_is1) (Version: 2.8 - )
XeroWeight FLASHBACK (remove only) (HKLM\...\XeroWeight FLASHBACK) (Version: 2.0.0.703 - Bluebird IT PTY LTD)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.15.721 - Zemana Ltd.)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version: 11.1.0 - Inmatrix LTD)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2805089890-3842710859-1120829455-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Fly\AppData\Local\Google\Chrome\Application\32.0.1700.6\delegate_execute.exe" => No File
CustomCLSID: HKU\S-1-5-21-2805089890-3842710859-1120829455-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06440792-C6D0-4233-8335-7CF7B25C551E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {12ECA59E-0503-499E-B8BB-D715D7193DA0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {21D023EF-C739-4B8D-A7B9-663D0C98EDAF} - System32\Tasks\GoogleUpdateTaskMachineCore1cfcf6f6279aa17 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {22384362-C686-44E5-BC82-D736EEB47F66} - System32\Tasks\{EB1D8BB5-6172-4722-8E4C-40F921AC314A} => pcalua.exe -a "D:\New folder\microsoft.office.2007.full.no.need.serial\Microsoft Office 2007\setup.exe" -d "D:\New folder\microsoft.office.2007.full.no.need.serial\Microsoft Office 2007"
Task: {24C8C66F-BFA0-4425-8543-9CDB57BEFB14} - System32\Tasks\{21C59E66-E6EB-48CC-9B98-9E9D75D1C1C9} => pcalua.exe -a C:\Windows\system32\alsndmgr.cpl
Task: {36FB194B-B354-4E62-B0BE-D26C2FADF8F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {4BE10DF6-CD78-407B-83DC-6FDF346E7913} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [2015-12-30] (Bitsum LLC)
Task: {6079CD41-7D84-43CB-98F6-D6C8FD184EF8} - System32\Tasks\Process Lasso Management Console (GUI) => C:\Program Files\Process Lasso\processlasso.exe [2015-12-30] (Bitsum LLC)
Task: {8725E72B-42C2-477E-A6BD-BEA819D44390} - System32\Tasks\{BC551EFF-4AFE-4B50-887A-BDA82070834F} => pcalua.exe -a C:\Users\Fly\Downloads\Programs\MSetup_x86.exe -d C:\Users\Fly\Downloads\Programs
Task: {8ECF1756-F9E3-47C5-8E47-D6A8467E7B73} - System32\Tasks\GoogleUpdateTaskMachineCore1cfff6898d85dcf => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {921D67C4-84E8-46CE-91E5-330ADCA10F4D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-17] (Piriform Ltd)
Task: {992332A5-7DAA-42B9-9484-EE475056DD59} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A34C5D44-63B7-44AD-B4F8-8490AFB023FE} - System32\Tasks\{AB16AC6F-2C52-4768-948F-F5CB5CAE444E} => pcalua.exe -a D:\GIGABYTE\Audio\Realtek\lSetup.exe -d D:\GIGABYTE\Audio\Realtek
Task: {AEA1F8F6-E7F0-4C65-8762-2D139F0C4D76} - System32\Tasks\{846C0B4F-EBD9-4F3C-9C52-E45F55488C4B} => pcalua.exe -a "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl" -c Adobe Gamma
Task: {B58751C8-F9E6-48A9-8D14-D80096D03080} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C07A99AF-6F2C-43F2-90B3-755D91BFBAF0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {C4EDDCD3-1A99-4638-A2B1-1297948E1BB4} - System32\Tasks\{C15EAE4C-B8F6-4248-9989-79917CBADCE1} => pcalua.exe -a C:\Users\Fly\Downloads\Programs\SD1.4.0.566_Setup.exe -d C:\Users\Fly\Downloads\Programs
Task: {D1644353-50E8-4E76-A63E-92D38847E01B} - System32\Tasks\{1273B079-0D92-431D-93F4-F5DFAEF1C569} => pcalua.exe -a C:\Users\Fly\Downloads\Programs\SD1.4.0.553_Setup.exe -d C:\Users\Fly\Downloads\Programs
Task: {DDA72E32-2E88-4C5F-A032-3455D5BE7E16} - System32\Tasks\GoogleUpdateTaskMachineUA1cfef7e2d914a4 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfcf6f6279aa17.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff6898d85dcf.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfef7e2d914a4.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Fly\AppData\Local\Microsoft\Windows\GameExplorer\{E8167C20-84DE-4B3A-ABE5-8CC543DB4EEB}\SupportTasks\1\Support.lnk -> hxxp://www.codemasters.com/ (No File)
Shortcut: C:\Users\Fly\AppData\Local\Microsoft\Windows\GameExplorer\{E8167C20-84DE-4B3A-ABE5-8CC543DB4EEB}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.codemasters.com/igi2/english/front.htm/ (No File)
Shortcut: C:\Users\Fly\AppData\Local\Microsoft\Windows\GameExplorer\{CEF1D3D6-F51E-40F8-B97D-FD8564504EAF}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.rockstargames.com/sanandreas/ (No File)

==================== Loaded Modules (Whitelisted) ==============

2016-02-27 21:20 - 2016-02-27 21:20 - 01426424 _____ () C:\Program Files\Adguard\AdguardNetApi.DLL
2016-02-27 21:20 - 2016-02-27 21:20 - 00140280 _____ () C:\Program Files\Adguard\AdguardNetLib.DLL
2016-06-14 13:38 - 2016-06-14 13:38 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-09 11:00 - 2014-09-09 11:00 - 00023576 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
2016-04-21 21:25 - 2015-07-21 21:43 - 00715000 _____ () C:\Program Files\Connectify\log4cplus.dll
2015-07-20 09:08 - 2015-07-20 09:08 - 00037696 _____ () C:\Program Files\Acronis\TrueImageHome\qt_icontray_ex.dll
2015-07-20 09:08 - 2015-07-20 09:08 - 00034624 _____ () C:\Program Files\Common Files\Acronis\Home\thread_pool.dll
2015-07-20 09:15 - 2015-07-20 09:15 - 00420160 _____ () C:\Program Files\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-07-20 09:10 - 2015-07-20 09:10 - 00129344 _____ () C:\Program Files\Common Files\Acronis\Home\EXPAT.dll
2015-08-26 13:14 - 2015-08-26 13:14 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2013-10-28 07:32 - 2013-10-28 07:32 - 00276048 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2014-01-28 17:44 - 2014-01-28 17:44 - 00650096 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-12-27 07:07 - 2014-01-28 17:40 - 02422128 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-12-27 07:07 - 2014-01-28 17:39 - 00016344 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-12-27 07:07 - 2014-01-28 17:38 - 00047984 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-12-27 07:07 - 2014-01-28 17:41 - 01153392 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2016-05-12 13:59 - 2016-05-12 13:59 - 00162816 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\CoreLibNet\efe1c14c13230d2f7bcd4ca5a9818839\CoreLibNet.ni.dll
2016-05-11 08:33 - 2016-05-11 08:33 - 00621568 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\NLClientApp.Core\17e3d3e935b473272f28814270e541fd\NLClientApp.Core.ni.dll
2016-05-12 13:59 - 2016-05-12 13:59 - 01536000 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\NLClientApp.Modules\5ce2126fd228c4459e8b21048be89e03\NLClientApp.Modules.ni.dll
2014-09-13 20:58 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-07-06 16:16 - 2016-06-15 14:45 - 01745560 _____ () C:\Program Files\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-07-06 16:16 - 2016-06-15 14:45 - 00091288 _____ () C:\Program Files\Google\Chrome\Application\51.0.2704.103\libegl.dll
2015-04-16 01:43 - 2015-04-16 01:43 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2015-03-08 07:02 - 2015-06-10 22:35 - 00101744 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\52466529.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\71345125.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\52466529.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\71345125.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\hola.org -> hxxp://hola.org

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:34 - 2016-07-07 05:35 - 00004376 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 vortex.data.microsoft.com 
0.0.0.0 vortex-win.data.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net 
0.0.0.0 oca.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net 
0.0.0.0 watson.telemetry.microsoft.com 
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net 
0.0.0.0 redir.metaservices.microsoft.com 
0.0.0.0 choice.microsoft.com 
0.0.0.0 choice.microsoft.com.nsatc.net 
0.0.0.0 wes.df.telemetry.microsoft.com 
0.0.0.0 services.wes.df.telemetry.microsoft.com 
0.0.0.0 sqm.df.telemetry.microsoft.com 
0.0.0.0 telemetry.microsoft.com 
0.0.0.0 watson.ppe.telemetry.microsoft.com 
0.0.0.0 telemetry.appex.bing.net 
0.0.0.0 telemetry.urs.microsoft.com 
0.0.0.0 telemetry.appex.bing.net:443 
0.0.0.0 settings-sandbox.data.microsoft.com 
0.0.0.0 survey.watson.microsoft.com 
0.0.0.0 watson.live.com 
0.0.0.0 watson.microsoft.com 
0.0.0.0 statsfe2.ws.microsoft.com 
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com 
0.0.0.0 compatexchange.cloudapp.net 
0.0.0.0 a-0001.a-msedge.net 
0.0.0.0 statsfe2.update.microsoft.com.akadns.net 
0.0.0.0 sls.update.microsoft.com.akadns.net 

There are 66 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Fly\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 202.62.224.2 - 202.62.224.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Fly^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wandoujia_helper.lnk => C:\Windows\pss\wandoujia_helper.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Connectify Hotspot => C:\Program Files\Connectify\Connectify.exe autorun
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: StickyPassword => "C:\Program Files\Sticky Password\stpass.exe" /autorunned
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: ZAM => "C:\Program Files\Zemana AntiMalware\ZAM.exe" /minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BC4D5AEB-2FB3-49F2-9523-8AAD49AAD6C4}] => (Allow) C:\Program Files\D-Link\DWA-131 revE\IHV\PortableWiFi.exe
FirewallRules: [{E1D5548A-1FD8-4613-BFF6-577C1630E0FE}] => (Allow) C:\Program Files\D-Link\DWA-131 revE\IHV\RTLDHCP.exe
FirewallRules: [{CDDB4B06-97FC-4C48-BFE5-E9043BA30D42}] => (Allow) C:\Program Files\Connectify\Connectify.exe
FirewallRules: [{F0D002F9-9FFC-4A18-8EED-1C5ABDCD9EEA}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{8A4BA214-03EB-4907-A287-2A87CFA2852B}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{33BF848A-CFF8-4A25-B15C-32258AD9F384}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{93630ACD-07CE-4931-ADD7-C0CA16888383}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{97F1C380-37E4-4507-8FB9-F7D038AECBF9}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{22AF7FE7-D51C-4586-81AA-3FE2124F51DC}] => (Allow) C:\Program Files\Adguard\AdguardSvc.exe
FirewallRules: [{DAF497D6-0C19-4DE9-94F8-92F097840053}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7751480A-6C11-4F5B-A472-043DC334BE45}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{930E1F1D-0C7B-4F9F-BB2B-ED8790597508}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A80F9166-4FA3-4C08-AE41-1BBA5C71139C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{429FF98A-5ACB-478C-9E91-3313B1F88523}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{4B8D2844-738F-4963-A5AF-3AF13B51E6AF}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{1B6B6C26-7BAA-418E-9B4D-935E86CF486E}] => (Allow) C:\Program Files\Hide ALL IP\HideAllIP.exe
FirewallRules: [{5FE9D576-68F8-4858-955B-F62A27A1425A}] => (Allow) C:\Program Files\Hide ALL IP\HideAllIP.exe
FirewallRules: [{00EB01C2-35B5-475C-905F-93DE0595719B}] => (Allow) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{0AEA72AB-C958-4EA8-A457-ED1FA74ABCE0}] => (Allow) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{B9F187A5-380C-4675-A050-B2006B1746B4}] => (Allow) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{F2D2DCCA-FC9C-4770-9D84-792C029770CA}] => (Allow) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{A0AC9051-6A2A-4B5E-8225-8AD14C408ECE}] => (Allow) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{FFA77B28-E52A-44EE-ACDF-1F2C01661D7F}] => (Allow) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{26DF2A32-5F2C-4189-AEC2-8CAA7357709F}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{368C0BAA-9C30-4697-ABE1-5FEE13DDEAAE}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{4AF6239E-90CF-4EAC-91B5-B7C42BBF05A4}] => (Allow) C:\Program Files\CyberLink\PowerDVD16\PowerDVD.exe
FirewallRules: [{8B96F52F-2AE7-4712-8E9A-669F77162AEA}] => (Allow) C:\Program Files\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe
FirewallRules: [{16C0032C-FF35-4587-9108-88BCB32C373D}] => (Allow) C:\Program Files\CyberLink\PowerDVD16\PowerDVD16Agent.exe
FirewallRules: [{D9DCD814-172C-4428-B013-587DD97AA0B3}] => (Allow) C:\Program Files\CyberLink\PowerDVD16\Movie\PowerDVDMovie.exe
FirewallRules: [{87DE7B04-4618-4F69-9FAD-7949368B7536}] => (Allow) C:\Program Files\CyberLink\PowerDVD16\CastingStation.exe
FirewallRules: [{1039B621-A878-46A7-A868-EF05651162A1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

06-07-2016 20:53:26 End of disinfection

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2016 05:35:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2016 11:02:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: Qt5Widgets.dll, version: 5.4.1.0, time stamp: 0x555bbfbd
Exception code: 0xc0000005
Fault offset: 0x001b8248
Faulting process id: 0xd80
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/06/2016 09:34:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2016 08:53:25 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {271fe9a2-38bb-48f7-b64c-2b63087c3008}

Error: (07/06/2016 08:35:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2016 08:27:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2016 07:43:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2016 06:08:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2016 04:59:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: Qt5Widgets.dll, version: 5.4.1.0, time stamp: 0x555bbfbd
Exception code: 0xc0000005
Fault offset: 0x001138e7
Faulting process id: 0x1e6c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/06/2016 04:56:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/07/2016 05:52:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IPsec Policy Agent service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (07/07/2016 05:52:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

Error: (07/07/2016 05:50:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (07/07/2016 05:50:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (07/07/2016 05:48:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (07/07/2016 05:48:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Windows Search service to connect.

Error: (07/07/2016 05:48:51 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/07/2016 05:46:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WMI Performance Adapter service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (07/07/2016 05:46:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the WMI Performance Adapter service to connect.

Error: (07/07/2016 05:44:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IPsec Policy Agent service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.

==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU G2030 @ 3.00GHz
Percentage of memory in use: 67%
Total physical RAM: 3487.54 MB
Available physical RAM: 1118.12 MB
Total Virtual: 6973.39 MB
Available Virtual: 3994.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100.45 GB) (Free:47.53 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Backup) (Fixed) (Total:195.31 GB) (Free:156.71 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:120.61 GB) (Free:73.41 GB) NTFS
Drive g: (Flashback Recovery Partition) (Fixed) (Total:49 GB) (Free:11.67 GB) NTFS
Drive h: () (Fixed) (Total:0.38 GB) (Free:0.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E9E3E9E3)
Partition 1: (Active) - (Size=100.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=120.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=49.4 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Spoiler

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2016
Ran by Fly (administrator) on FLY-PC (07-07-2016 08:10:20)
Running from C:\Users\Fly\Downloads\Programs
Loaded Profiles: Fly (Available Profiles: Fly)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Performix LLC) C:\Program Files\Adguard\AdguardSvc.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\DefenderDaemon.exe
(Password Protect Software) C:\Windows\System32\ncfpsys.exe
(Connectify) C:\Program Files\Connectify\Connectify.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NoVirusThanks Company Srl) C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Blue Ridge Networks) C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardGUI.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Performix LLC) C:\Program Files\Adguard\Adguard.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Blue Ridge Networks) C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardAgent.exe
(NoVirusThanks Company Srl) C:\Program Files\NoVirusThanks\EXE Radar Pro\ERPx86Svc.exe
(www.hideallip.com) C:\Program Files\Hide ALL IP\LauncherService.exe
() C:\ProgramData\DataCardService\HWDeviceService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Connectify) C:\Program Files\Connectify\ConnectifyService.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Connectify) C:\Program Files\Connectify\Connectifyd.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Lamantine Software a.s.) C:\Program Files\Sticky Password\stpass.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Lamantine Software a.s.) C:\Program Files\Sticky Password\spNMHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Shadow Defender Daemon] => C:\Program Files\Shadow Defender\DefenderDaemon.exe [413888 2015-07-14] (SHADOWDEFENDER.COM)
HKLM\...\Run: [Password Protect USB 3.6.1] => C:\Windows\system32\ncfpsys.exe [174592 2005-08-24] (Password Protect Software)
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files\Connectify\Connectify.exe [4188408 2015-07-21] (Connectify)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12336856 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [NoVirusThanks EXE Radar Pro Startup] => C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe [3333456 2014-03-17] (NoVirusThanks Company Srl)
HKLM\...\Run: [DFX] => C:\Program Files\DFX\DFX.exe [1328632 2015-12-05] ()
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5343664 2015-07-20] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [691056 2015-07-20] (Acronis International GmbH)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [408872 2014-08-14] (Acronis)
HKLM\...\Run: [PowerDVD16Agent] => C:\Program Files\CyberLink\PowerDVD16\PowerDVD16Agent.exe [525352 2016-05-25] (CyberLink Corp.)
HKLM\...\Run: [AppGuardGUI] => C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardGUI.exe [13940080 2016-06-21] (Blue Ridge Networks)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [644240 2016-02-26] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Run: [Adguard] => C:\Program Files\Adguard\Adguard.exe [5578232 2016-04-18] (Performix LLC)
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6495144 2015-09-17] (Piriform Ltd)
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3961968 2016-07-05] (Tonec Inc.)
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Run: [StickyPassword] => C:\Program Files\Sticky Password\stpass.exe [58632 2015-10-14] (Lamantine Software a.s.)
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [57584 2016-03-16] (Locktime Software)
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {00f9cb8c-3835-11e4-bc75-02e00c772c52} - H:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {1ec1bb9e-8d92-11e4-ba67-74d435d9b899} - I:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {2ae8c5ae-2ed0-11e6-94da-74d435d9b899} - K:\Lenovo_Suite.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {3f90f5d9-36f3-11e4-bd09-02e00c772c52} - H:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {596a6b35-6867-11e4-9724-74d435d9b899} - F:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {596a6b40-6867-11e4-9724-74d435d9b899} - F:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {596a6b59-6867-11e4-9724-74d435d9b899} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {596a6b64-6867-11e4-9724-74d435d9b899} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {5db89ce0-3b5b-11e4-9def-74d435d9b899} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {5ee21d1d-6b09-11e4-a01a-74d435d9b899} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {93d11c4f-6ad3-11e4-bd01-74d435d9b899} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {b1ce9aba-5ea4-11e4-9eac-74d435d9b899} - F:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {b3666a5e-2bf8-11e6-bdb5-74d435d9b899} - J:\Lenovo_Suite.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {bca1b70a-d108-11df-b12f-02e00c772c52} - H:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {d22681b3-5ef9-11e4-aea8-74d435d9b899} - F:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {d90d165d-6938-11e4-84d3-74d435d9b899} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {d90d1668-6938-11e4-84d3-74d435d9b899} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {dcdf9ddc-3f41-11e4-96f6-74d435d9b899} - I:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {de85666e-3b56-11e4-a00a-c2c4db1c71c4} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {e480523a-3f03-11e4-bae2-74d435d9b899} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {ebb204c8-8d5e-11e4-9a88-74d435d9b899} - I:\AutoRun.exe
HKU\S-1-5-18\...\Run: [Adguard] => C:\Program Files\Adguard\Adguard.exe [5578232 2016-04-18] (Performix LLC)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-09-14]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: PDBoot.exeautocheck autochk * 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 202.62.224.2 202.62.224.5 8.8.8.8
Tcpip\..\Interfaces\{77EE8AA3-0474-4F72-BB74-774546E1D7A8}: [NameServer] 101.210.255.141 8.8.8.8
Tcpip\..\Interfaces\{8B1D2226-6E62-42F4-A3B8-58D4F9E35DD8}: [DhcpNameServer] 4.2.2.2 8.8.8.8 202.62.224.5 203.98.96.5 202.62.224.2 202.56.250.6 202.138.103.100 202.56.250.5 202.138.96.2 203.98.96.5
Tcpip\..\Interfaces\{9C52B8F8-34F3-41A2-A51A-E9441F50BE75}: [DhcpNameServer] 202.62.224.2 202.62.224.5 8.8.8.8
Tcpip\..\Interfaces\{C1B5F570-B3D3-42E9-832E-54AFB2D5172D}: [NameServer] 101.210.255.141 8.8.8.8
Tcpip\..\Interfaces\{CC9E0B35-2503-4FE5-9BEE-4EDE1A17FB77}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/en-in/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-05] (Internet Download Manager, Tonec Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-2805089890-3842710859-1120829455-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Fly\AppData\Roaming\Mozilla\Firefox\Profiles\zmxbsmv4.default-1451229795544
FF Homepage: hxxps://www.google.co.in
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2805089890-3842710859-1120829455-1000: @stickypassword.com/Sticky Password -> C:\Program Files\Sticky Password\npspAutofill.dll [2015-10-14] (Lamantine Software a.s.)
FF Extension: NoScript - C:\Users\Fly\AppData\Roaming\Mozilla\Firefox\Profiles\zmxbsmv4.default-1451229795544\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-08]
FF Extension: Sticky Password Autofill Engine - C:\Users\Fly\AppData\Roaming\Lamantine\Sticky Password\spAutofill [2015-12-19]
FF Extension: IDM integration - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
FF Extension: Nimbus Screen Capture - editable screenshots. - C:\Users\Fly\AppData\Roaming\Mozilla\Firefox\Profiles\zmxbsmv4.default-1451229795544\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2016-05-13]
FF Extension: Lightshot (screenshot tool) - C:\Users\Fly\AppData\Roaming\Mozilla\Firefox\Profiles\zmxbsmv4.default-1451229795544\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2016-05-20]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Firefox\Extensions: [{54affe52-8223-453b-be1e-2fe2e250045c}] - C:\Users\Fly\AppData\Roaming\Lamantine\Sticky Password\spAutofill
FF HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Fly\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Fly\AppData\Roaming\IDM\idmmzcc5 [2016-07-07] [not signed]
FF HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi

Chrome: 
=======
CHR Profile: C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adguard AdBlocker) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-03-17]
CHR Extension: (uBlock Origin) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-03-17]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-03-17]
CHR Extension: (Full Page Screen Capture) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-07-06]
CHR Extension: (Sticky Password Autofill Engine) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggepjhbdgijjkbelnggboeoehacbphed [2015-12-27]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2016-03-17]
CHR Extension: (IDM Integration Module) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Blue Space Sunset Chrome Theme) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndfdjfoclbidmgpmbelcieibgjjfdog [2016-03-17]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [859456 2014-08-14] (Acronis)
R2 Adguard Service; C:\Program Files\Adguard\AdguardSvc.exe [149496 2016-04-18] (Performix LLC)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3996664 2016-03-06] (Acronis)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 BRN_APPGUARD_SERVICE; C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardAgent.exe [682352 2016-06-21] (Blue Ridge Networks)
R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [217088 2015-07-21] (Connectify) [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2015-06-04] (Intel Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1982752 2016-07-06] (ESET)
R2 ERPx86Svc; C:\Program Files\NoVirusThanks\EXE Radar Pro\ERPx86Svc.exe [1323344 2014-03-14] (NoVirusThanks Company Srl)
R2 HideIPLaucherService; C:\Program Files\Hide ALL IP\LauncherService.exe [489328 2014-01-24] (www.hideallip.com)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [276048 2013-10-28] ()
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [274024 2015-06-04] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [509424 2015-06-08] (Lenovo)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [650096 2014-01-28] () [File not signed]
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [244976 2016-03-16] (Locktime Software)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2327488 2016-01-13] (Raxco Software, Inc.)
R2 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2311104 2016-01-13] (Raxco Software, Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2613200 2015-10-12] (Paramount Software UK Ltd)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [146576 2016-02-26] (Sandboxie Holdings, LLC)
S3 ShareItSvc; C:\Program Files\Lenovo\SHAREit\Shareit.Service.exe [31192 2016-02-02] (SHAREit Technologies Co.Ltd)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [6847712 2014-09-13] (Acronis)
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [254904 2016-07-06] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [11992944 2015-06-08] (Zemana Ltd.)
S2 {0CBD4F48-3751-475D-BE88-4F271385B672}; C:\Program Files\Shadow Defender\Service.exe [72888 2015-07-14] (SHADOWDEFENDER.COM)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [58312 2016-02-27] ()
S3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4114400 2007-08-30] (Realtek Semiconductor Corp.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19168 2013-10-28] ()
R1 BrnFileLock; C:\Windows\system32\DRIVERS\BrnFilelock.sys [73504 2016-01-08] (Blue Ridge Networks)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [36520 2015-03-05] (Connectify)
R2 DefragFS; C:\Windows\system32\Drivers\DefragFS.sys [104088 2012-09-11] (Raxco Software, Inc.)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2015-08-31] (Windows (R) Win 7 DDK provider)
R3 DFX12; C:\Windows\System32\drivers\dfx12.sys [26104 2015-11-12] (Windows (R) Win 7 DDK provider)
R0 diskpt; C:\Windows\System32\drivers\diskpt.sys [309560 2015-07-14] (SHADOWDEFENDER.COM)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [206312 2016-03-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146024 2016-02-02] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [111040 2016-02-02] (ESET)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [152728 2016-03-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44608 2016-03-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [71488 2016-03-17] (ESET)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-06-02] ()
S3 etdrv; C:\Windows\etdrv.sys [17488 2016-02-24] (Windows (R) 2000 DDK provider)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [214304 2016-03-03] (Acronis International GmbH)
S3 gdrv; C:\Windows\gdrv.sys [17488 2016-02-24] (Windows (R) 2000 DDK provider)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2016-02-24] ()
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [108032 2014-01-28] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [316544 2014-01-28] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-07-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [85464 2013-09-16] (Intel Corporation)
R1 nettcp; C:\Windows\system32\drivers\nettcp.sys [40488 2015-06-20] (Promosoft Software Limited)
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [94536 2016-03-16] (Locktime Software)
R2 PDFSFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [69016 2012-08-23] (Raxco Software, Inc.)
R2 PfFilter; C:\Program Files\IObit\Protected Folder\pffilter.sys [33224 2012-11-23] (IObit Information Technology)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [156048 2015-10-12] (Windows (R) Win 7 DDK provider)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16016 2015-10-12] (Windows (R) Win 7 DDK provider)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16744 2014-06-19] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12656 2014-06-19] ()
S3 RtlWlanu; C:\Windows\System32\DRIVERS\DRTWlanU.sys [2911960 2014-07-30] (Realtek Semiconductor Corporation                           )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [176784 2016-02-26] (Sandboxie Holdings, LLC)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31776 2015-06-03] (The OpenVPN Project)
R2 tib; C:\Windows\System32\DRIVERS\tib.sys [685160 2016-03-03] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [184136 2016-03-03] (Acronis International GmbH)
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [95368 2015-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2015-05-19] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [540808 2015-05-19] ()
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [20192 2013-10-24] ()
R1 VirtDiskBus; C:\Windows\System32\DRIVERS\VirtDiskBus.sys [57456 2011-02-08] (Giga-Byte Technology CO., LTD.)
R2 WiseFS; C:\Windows\WiseFs32.sys [10792 2015-02-26] (WiseCleaner.com) [File not signed]
R0 WofAdk; C:\Windows\System32\drivers\wofadk.sys [191184 2016-03-19] (Microsoft Corporation)
R3 XWMount; C:\Windows\System32\DRIVERS\XWMount.sys [84064 2016-01-02] (Bluebird IT PTY LTD)
R0 XWTrack; C:\Windows\System32\DRIVERS\XWTrack.sys [64600 2016-01-02] (Bluebird IT PTY LTD)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [96512 2015-05-29] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [96512 2015-05-29] (Zemana Ltd.)
R2 {41E8078B-96D9-42DC-8789-A1CF102CD880}; C:\Program Files\CyberLink\PowerDVD16\Common\NavFilter\000.fcl [33048 2016-05-25] (CyberLink Corp.)
U5 nvterp; C:\Windows\system32\drivers\nvterp.sys [15424 2013-09-23] (NoVirusThanks Company Srl)
U0 SR; no ImagePath
U2 srservice; no ImagePath
U0 TosIde; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-07 08:09 - 2016-07-07 08:10 - 00000000 ____D C:\FRST
2016-07-07 08:08 - 2016-07-07 08:09 - 01740288 _____ (Farbar) C:\Users\Fly\Downloads\FRST.exe
2016-07-07 07:38 - 2016-07-07 07:38 - 00001186 _____ C:\MBAM4.txt
2016-07-07 07:37 - 2016-07-07 07:37 - 00009605 _____ C:\MBAM3.txt
2016-07-07 07:37 - 2016-07-07 07:37 - 00001053 _____ C:\MBAM 1.txt
2016-07-07 07:37 - 2016-07-07 07:37 - 00001051 _____ C:\MBAM2.txt
2016-07-06 20:56 - 2016-07-06 20:56 - 00000953 _____ C:\Users\Public\Desktop\Unchecky.lnk
2016-07-06 20:56 - 2016-07-06 20:56 - 00000000 ____D C:\ProgramData\Unchecky
2016-07-06 20:56 - 2016-07-06 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2016-07-06 20:56 - 2016-07-06 20:56 - 00000000 ____D C:\Program Files\Unchecky
2016-07-06 20:53 - 2016-07-06 20:54 - 00001000 _____ C:\DelFix.txt
2016-07-06 17:03 - 2016-07-07 06:26 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-06 17:03 - 2016-07-06 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-06 17:03 - 2016-07-06 17:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-06 17:03 - 2016-07-06 17:03 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-06 17:03 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-06 17:03 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-06 17:03 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-06 16:14 - 2016-07-06 16:14 - 00000023 _____ C:\Users\Fly\Documents\MBAMP KEY USED IN MY PC.txt
2016-07-06 13:44 - 2016-07-06 20:48 - 00023040 ___SH C:\Users\Fly\Thumbs.db
2016-07-06 10:33 - 2016-07-06 10:33 - 00000010 _____ C:\Users\Fly\Documents\W FOR HOME NETWORK.txt
2016-07-06 10:33 - 2016-07-06 10:33 - 00000010 _____ C:\Users\Fly\Documents\PASWORD FOR HOME NETWORK.txt
2016-07-06 09:36 - 2016-07-06 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ridge Networks
2016-07-05 20:24 - 2016-05-24 19:59 - 00134144 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2016-06-15 22:01 - 2016-06-15 22:03 - 06606442 _____ C:\Users\Fly\Downloads\poweramp-full-version-unlocker_2.0.10-build-588-play_HiAppHere_com.apk
2016-06-15 07:17 - 2016-05-14 03:24 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 07:17 - 2016-05-14 03:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 07:17 - 2016-05-14 03:19 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 07:17 - 2016-05-14 03:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 07:17 - 2016-05-14 02:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 07:16 - 2016-05-24 04:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 07:16 - 2016-05-21 22:27 - 20341248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 07:16 - 2016-05-21 03:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 07:16 - 2016-05-21 03:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 07:16 - 2016-05-21 03:27 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 07:16 - 2016-05-21 03:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 07:16 - 2016-05-21 03:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 07:16 - 2016-05-21 03:26 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 07:16 - 2016-05-21 03:25 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 07:16 - 2016-05-21 03:20 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 07:16 - 2016-05-21 03:19 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 07:16 - 2016-05-21 03:18 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 07:16 - 2016-05-21 03:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 07:16 - 2016-05-21 03:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 07:16 - 2016-05-21 03:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 07:16 - 2016-05-21 03:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 07:16 - 2016-05-21 03:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 07:16 - 2016-05-21 03:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 07:16 - 2016-05-21 03:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 07:16 - 2016-05-21 02:59 - 13815808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 07:16 - 2016-05-21 02:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 07:16 - 2016-05-21 02:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 07:16 - 2016-05-21 02:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 07:16 - 2016-05-21 02:53 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 07:16 - 2016-05-21 02:51 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 07:16 - 2016-05-21 02:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 07:16 - 2016-05-21 02:44 - 04610048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 07:16 - 2016-05-21 02:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 07:16 - 2016-05-21 02:39 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 07:16 - 2016-05-21 02:39 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 07:16 - 2016-05-21 02:38 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 07:16 - 2016-05-21 02:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 07:16 - 2016-05-21 02:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 07:16 - 2016-05-21 02:08 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 07:16 - 2016-05-21 02:08 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 07:15 - 2016-05-18 21:40 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 07:15 - 2016-05-12 20:52 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 07:15 - 2016-05-12 20:52 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 07:15 - 2016-05-12 20:48 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 07:15 - 2016-05-12 20:48 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 07:15 - 2016-05-12 20:27 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 07:15 - 2016-05-12 20:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-15 07:15 - 2016-05-12 20:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 07:15 - 2016-05-12 20:24 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 07:15 - 2016-05-12 20:22 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 07:15 - 2016-05-12 20:22 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 07:15 - 2016-05-12 20:22 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 07:15 - 2016-05-12 20:22 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 07:15 - 2016-05-12 20:22 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 07:15 - 2016-05-12 20:22 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 07:15 - 2016-05-12 20:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 07:15 - 2016-05-12 20:21 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 07:15 - 2016-05-12 20:21 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 07:15 - 2016-05-12 18:34 - 00370784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 07:15 - 2016-05-12 18:34 - 00249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 07:15 - 2016-05-11 20:49 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 07:15 - 2016-05-11 20:49 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 07:15 - 2016-05-11 20:49 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 07:15 - 2016-05-11 20:49 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 07:15 - 2016-05-11 20:31 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 07:15 - 2016-05-11 20:22 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-13 07:01 - 2016-06-13 07:01 - 00000000 ____D C:\Program Files\DIFX
2016-06-13 06:58 - 2016-06-13 06:58 - 00000000 ____D C:\adb
2016-06-12 06:44 - 2016-06-14 22:19 - 00000224 _____ C:\Users\Fly\Documents\Lenovo  VIBE P1m OTA Update.txt
2016-06-11 21:55 - 2016-06-11 21:58 - 54979326 _____ C:\Users\Fly\Downloads\3.6.7.0159.140707.31809-permissions-removed.apk
2016-06-10 08:20 - 2016-06-10 08:20 - 04639552 _____ C:\Users\Fly\Downloads\CCleaner Professional v1.15.57 - android-zone.ws.apk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-07 08:10 - 2015-03-06 21:50 - 00000000 ____D C:\ProgramData\Adguard
2016-07-07 08:06 - 2014-09-13 20:50 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-07 07:24 - 2014-12-14 21:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-07 07:12 - 2014-11-13 23:08 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff6898d85dcf.job
2016-07-07 07:12 - 2014-10-24 17:01 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfef7e2d914a4.job
2016-07-07 06:29 - 2014-08-28 17:58 - 00000000 ___SD C:\Users\Fly\Documents\Sticky Passwords
2016-07-07 06:06 - 2016-04-22 08:37 - 00000000 ____D C:\Users\Fly\AppData\Roaming\Steganos Updates
2016-07-07 05:59 - 2009-07-14 10:04 - 00035808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-07 05:59 - 2009-07-14 10:04 - 00035808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-07 05:53 - 2015-12-17 07:47 - 00000000 __SHD C:\Users\Fly\IntelGraphicsProfiles
2016-07-07 05:53 - 2015-11-17 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-07-07 05:53 - 2015-11-17 20:56 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2016-07-07 05:35 - 2015-11-17 20:56 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-07-07 05:35 - 2015-03-06 21:50 - 00000000 ____D C:\Program Files\Adguard
2016-07-07 05:34 - 2014-09-13 21:55 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfcf6f6279aa17.job
2016-07-07 05:34 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-06 23:33 - 2015-06-29 22:44 - 00000000 ____D C:\Users\Fly\AppData\Roaming\DMCache
2016-07-06 23:03 - 2014-10-13 00:07 - 00000000 ____D C:\Users\Fly\AppData\Local\CrashDumps
2016-07-06 22:10 - 2014-08-28 14:39 - 00000000 ____D C:\Users\Fly\AppData\Local\ESET
2016-07-06 19:55 - 2015-06-29 22:44 - 00000000 ____D C:\Users\Fly\AppData\Roaming\IDM
2016-07-06 19:45 - 2015-03-09 23:16 - 00000435 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-07-06 19:44 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\inf
2016-07-06 16:41 - 2016-03-15 16:18 - 00000000 ____D C:\ProgramData\Update2343200959509
2016-07-06 16:16 - 2014-10-30 06:48 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-06 16:02 - 2009-07-14 10:03 - 00919200 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-06 15:45 - 2015-06-12 13:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-07-06 15:11 - 2015-03-06 11:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-06 14:37 - 2016-04-14 19:04 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2016-07-06 13:44 - 2014-08-27 05:51 - 00000000 ____D C:\Users\Fly
2016-07-06 13:12 - 2016-04-14 19:04 - 00000000 ____D C:\ProgramData\CyberLink
2016-07-06 11:47 - 2015-03-06 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-06 10:32 - 2009-07-14 08:07 - 00000000 __RHD C:\Users\Public\Libraries
2016-07-06 09:39 - 2015-06-29 22:44 - 00000000 ____D C:\Program Files\Internet Download Manager
2016-07-06 09:29 - 2016-01-27 22:17 - 00001052 _____ C:\ProgramData\EXERadar.LIC
2016-07-06 09:24 - 2014-10-03 21:10 - 00002536 _____ C:\Windows\Sandboxie.ini
2016-06-15 21:52 - 2015-04-17 08:39 - 00000000 ___RD C:\Users\Fly\Downloads\Compressed
2016-06-15 12:34 - 2016-05-25 12:00 - 00000000 ____D C:\Users\Fly\Downloads\Video
2016-06-15 07:21 - 2014-08-28 08:59 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-15 07:21 - 2014-08-28 08:59 - 00000000 ____D C:\Windows\system32\MRT
2016-06-14 08:04 - 2016-06-01 04:44 - 00000000 ____D C:\Users\Fly\AppData\Roaming\MyPhoneExplorer
2016-06-13 12:47 - 2016-06-04 14:05 - 00000000 ____D C:\Users\Fly\Downloads\SD
2016-06-10 20:22 - 2015-04-26 06:31 - 00000000 ____D C:\ProgramData\Zoom Player
2016-06-09 11:43 - 2014-08-31 08:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-09 11:42 - 2015-03-06 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2016-06-08 23:08 - 2009-07-14 07:34 - 00000478 _____ C:\Windows\win.ini
2016-06-08 12:30 - 2016-05-02 11:45 - 00000000 ____D C:\Users\Fly\Downloads\Alcohol pics
2016-06-07 08:44 - 2014-09-09 21:49 - 00000000 ____D C:\Users\Fly\Documents\Lightshot

==================== Files in the root of some directories =======

2013-11-05 14:09 - 2013-11-05 14:09 - 0000000 _____ () C:\Program Files\install.flg
2013-11-05 14:09 - 2013-11-05 14:09 - 0011264 _____ () C:\Program Files\nsisXML.dll
2013-11-05 14:09 - 2013-11-05 14:09 - 0308576 _____ () C:\Program Files\RIconTool.exe
2013-11-05 14:09 - 2013-11-05 14:09 - 0290304 _____ (Microsoft Corporation) C:\Program Files\subinacl.exe
2015-12-19 17:27 - 2015-12-19 17:27 - 16229400 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2014-09-29 17:37 - 2016-02-28 19:11 - 0000413 _____ () C:\Users\Fly\AppData\Roaming\burnaware.ini
2015-09-12 21:54 - 2015-09-03 19:01 - 0000990 _____ () C:\Users\Fly\AppData\Roaming\systemfl.$dk
2015-07-23 21:56 - 2015-07-23 21:56 - 0004608 _____ () C:\Users\Fly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-19 09:22 - 2016-04-28 18:59 - 0000173 _____ () C:\Users\Fly\AppData\Local\msmathematics.qat.Fly
2014-11-19 06:51 - 2014-12-23 17:32 - 0007597 _____ () C:\Users\Fly\AppData\Local\Resmon.ResmonCfg
2014-09-09 21:43 - 2014-09-09 21:43 - 0000003 _____ () C:\Users\Fly\AppData\Local\updater.log
2014-09-09 21:43 - 2014-11-30 07:08 - 0000433 _____ () C:\Users\Fly\AppData\Local\UserProducts.xml
2015-01-17 16:21 - 2015-01-17 16:21 - 0000000 _____ () C:\Users\Fly\AppData\Local\{125EBAC1-BFDB-4CB7-87BC-1FD744EF7A14}
2015-01-17 16:21 - 2015-01-17 16:21 - 0000000 _____ () C:\Users\Fly\AppData\Local\{F78BAFB9-EADC-47F9-8E01-46CFC5914703}
2016-01-27 22:17 - 2016-07-06 09:29 - 0001052 _____ () C:\ProgramData\EXERadar.LIC
2014-10-01 09:31 - 2015-04-30 05:21 - 0000259 _____ () C:\ProgramData\fontcacheev1.dat
2004-09-06 20:59 - 2004-09-06 20:59 - 0000000 ____H () C:\ProgramData\sdpsenv.dat
2015-06-20 08:28 - 2015-06-20 19:18 - 0020665 _____ () C:\ProgramData\{CF93D06A-43BB-4aa4-A4FB-99880124E1AB}.log
2015-06-20 08:28 - 2015-06-20 19:18 - 0020603 _____ () C:\ProgramData\{CF93D06A-43BB-4aa4-A4FB-99880124E1AC}.log

Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
C:\ProgramData\sdpsenv.dat


Some files in TEMP:
====================
C:\Users\Fly\AppData\Local\Temp\ERUNT.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-06 19:33

==================== End of FRST.txt ============================

 

Link to post
Share on other sites

Hello sir, thanks for the quick reply!

Below is the text file from my 2nd scan of  FRST after 2 reboot.

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-07-2016
Ran by Fly (2016-07-07 12:23:24)
Running from C:\Users\Fly\Downloads\Programs
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-08-27 00:21:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2805089890-3842710859-1120829455-500 - Administrator - Disabled)
Fly (S-1-5-21-2805089890-3842710859-1120829455-1000 - Administrator - Enabled) => C:\Users\Fly
Guest (S-1-5-21-2805089890-3842710859-1120829455-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2805089890-3842710859-1120829455-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.318.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.381.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3TB+Unlock B11.0919.1 (HKLM\...\{17630FD1-B14A-4CA5-A627-B6B5F7DD41CF}) (Version: 1.00.0001 - GIGABYTE)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Acronis True Image 2015 (HKLM\...\{35CFA5F4-EE2D-4B13-AAED-BC643B6874B5}Visible) (Version: 18.0.6613 - Acronis)
Acronis True Image 2015 (Version: 18.0.6613 - Acronis) Hidden
Action! (HKLM\...\Mirillis Action!) (Version: 1.30.0 - Mirillis)
Adguard (Version: 6.0.226.1108 - Performix LLC) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
AIDA64 Extreme v5.50 (HKLM\...\AIDA64 Extreme_is1) (Version: 5.50 - FinalWire Ltd.)
Aiseesoft Total Video Converter Platinum 6.3.22 (HKLM\...\{3661F243-518C-4d05-8BDF-7B10CC22689F}_is1) (Version:  - )
ASUS PC Link (HKLM\...\{077B24F1-B87A-4C57-AE35-E463A389D7FE}_is1) (Version: 1.22.25.203 - ASUSTEK)
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version:  - )
Beauty Guide 2.2.2 (HKLM\...\Beauty Guide_is1) (Version: 2.2.2 - Tint Guide)
Blue Ridge Networks AppGuard (HKLM\...\{427D4861-7E67-4B6A-9A09-EA7C1B12D6B7}) (Version: 4.4.6.1 - Blue Ridge Networks)
BurnAware Premium 7.4 (TopSoftBargains Giveaway) (HKLM\...\BurnAware Premium_is1) (Version:  - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Cloud Mail.Ru (HKLM\...\{776AF05B-784A-416F-B14C-31A1FBAF8B19}_is1) (Version: 15.03.0017 - Mail.Ru Group)
CodeBlocks (HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
College Algebra Solved! (HKLM\...\{6C82BEFA-21A9-4CC0-9F73-93BD0F406E33}) (Version: 11.14.2007 - Bagatrix)
Connectify 2015 (HKLM\...\Connectify) (Version: 2015.1.0.35473 - Connectify)
Corel AfterShot Pro (HKLM\...\AfterShot Pro) (Version: 1.1.0.30 - Corel Corporation)
CyberLink PowerDVD 16 (HKLM\...\{7CD1ACC0-3DD0-4894-90C7-BF2A136C074D}) (Version: 16.0.1713.60 - CyberLink Corp.)
DCoder Image Source (remove only) (HKLM\...\DCoder Image Source) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
DFX (HKLM\...\DFX) (Version: 12.014.0.0 - Power Technology)
DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version:  - )
D-Link DWA-131 - V5.00 (HKLM\...\{B7C11488-750D-4E48-A9A4-7207A335984D}) (Version:  - D-Link)
Easy Tune 6 B13.0924.2 (Version: 1.00.0000 - GIGABYTE) Hidden
ESET Smart Security (HKLM\...\{7E42F3C8-713E-4BFD-998E-FC08F31C3C9F}) (Version: 9.0.318.0 - ESET, spol. s r.o.)
ffdshow v1.3.4533 [2014-09-29] (HKLM\...\ffdshow_is1) (Version: 1.3.4533.0 - )
FFMPEG Core Files (remove only) (HKLM\...\FFMPEG Core Files) (Version:  - )
Folder Lock (HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\FolderLock6) (Version:  - New Sofware.net Inc.)
Folder Lock v6.6.5 (HKLM\...\NewSoftwares.Folder Lock_is1) (Version:  - )
Folder Marker Home (Emsisoft Edition) (HKLM\...\Folder Marker Home (Emsisoft Edition)_is1) (Version: 4.2 - ArcticLine Software)
Geany CP Compiler By Chaitanya @ Techapple.net (HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Geany CP Compiler By Chaitanya @ Techapple.net) (Version: 01.00.01.00 - Techapple.net)
Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Drive (HKLM\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
Hide ALL IP 2016.01.01 (HKLM\...\{02FC1980-2123-451F-8CB7-C9B60BE40717}_is1) (Version:  - www.hideallip.com)
Image Composite Editor (HKLM\...\{B29E2C62-496A-4F4F-9ED0-239FA15E1CB8}) (Version: 2.0.3 - Microsoft Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4226 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
KeePass Password Safe 1.31 (HKLM\...\KeePass Password Safe_is1) (Version: 1.31 - Dominik Reichl)
LAV Filters 0.65 (HKLM\...\lavfilters_is1) (Version: 0.65 - Hendrik Leppkes)
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Home Edition (Version: 6.1.1225 - Paramount Software (UK) Ltd.) Hidden
MadVR (remove only) (HKLM\...\MadVR) (Version:  - )
MakeUp Guide 2.2.2 (HKLM\...\MakeUp Guide_is1) (Version: 2.2.2 - Tint Guide)
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK 35 (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (HKLM\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Mathematics Add-In for Word and OneNote (HKLM\...\{90150000-00D8-0409-0000-0000000FF1CE}) (Version: 15.0.4481.1002 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Professional Edition 9.0 (HKLM\...\{69237D97-3063-450F-AE49-2357B191EA5D}_is1) (Version:  - MiniTool Solution Ltd.)
MiniTool Power Data Recovery Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Edition_is1) (Version:  - MiniTool Solution Ltd.)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 23.015.02.01.910 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.7 - F.J. Wechselberger)
NetLimiter 4 (HKLM\...\NetLimiter 4 4.0.19.0) (Version: 4.0.19.0 - Locktime Software)
NetLimiter 4 (Version: 4.0.19.0 - Locktime Software) Hidden
NI LabVIEW Run-Time Engine 5.1.1 (HKLM\...\NI LabVIEW Run-Time Engine 5.1.1) (Version:  - )
Notepad++ (HKLM\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NoVirusThanks EXE Radar Pro (x86/x64) v3.0 (HKLM\...\NoVirusThanks EXE Radar Pro_is1) (Version: 3.0.0.0 - NoVirusThanks Company Srl)
ON_OFF Charge 2 B13.1028.1 (HKLM\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (Version: 1.00.0000 - GIGABYTE) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Password Protect USB 3.6.1 (HKLM\...\Password Protect USB 3.6.1_is1) (Version: 3.6.1 - Password Protect Software)
PC Link (HKLM\...\PC Link_is1) (Version: 1.22.0.421 - ASUSTEK)
PerfectDisk Professional Business (HKLM\...\{C4E01CDC-0063-493C-B383-9C4FCF7A89F7}) (Version: 14.0.890 - Raxco Software Inc.)
Photo to Sketch Converter 2.0 (HKLM\...\Photo to Sketch Converter_is1) (Version: 2.0 - SoftOrbits)
Process Lasso (HKLM\...\ProcessLasso) (Version: 8.9.1.6 - Bitsum)
Protected Folder (HKLM\...\Protected Folder_is1) (Version:  - IObit)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Sandboxie 5.10 (32-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
Shadow Defender (HKLM\...\{93A07A0D-454E-43d1-86A9-5DE9C5F4411A}) (Version: 1.4.0.588 - ShadowDefender.com)
SHAREit (HKLM\...\SHAREit_is1) (Version: 3.3.0.658 - Lenovo)
Sketch Drawer 3.0 (HKLM\...\Sketch Drawer_is1) (Version: 3.0 - SoftOrbits)
Sticky Password 8.0.5.70 (HKLM\...\Sticky Password_is1) (Version: 8.0 - Lamantine Software)
SuperEasy Audio Converter 3 v.3.0.5224 (HKLM\...\{039BC111-5B26-B3BC-6D9F-1D0D0C9EBFED}_is1) (Version: 3.0.5224 - SuperEasy Software GmbH & Co. KG)
Turbo C++ 4.0 Windows 7 Windows 8 64Bit Version (HKLM\...\Turbo C++ 4.0 Windows 7 Windows 8 64Bit Version) (Version: 00.04.00.01 - Techapple.Net)
Unchecky v0.4.3 (HKLM\...\Unchecky) (Version: 0.4.3 - RaMMicHaeL)
Universal Adb Driver (HKLM\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version:  - Microsoft)
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wise Folder Hider Pro (HKLM\...\Wise Folder Hider Pro_is1) (Version: 3.23 - WiseCleaner.com, Inc.)
WMP Playback Pack (HKLM\...\WMP Playback Pack_is1) (Version: 2.8 - )
XeroWeight FLASHBACK (remove only) (HKLM\...\XeroWeight FLASHBACK) (Version: 2.0.0.703 - Bluebird IT PTY LTD)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.15.721 - Zemana Ltd.)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version: 11.1.0 - Inmatrix LTD)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2805089890-3842710859-1120829455-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Fly\AppData\Local\Google\Chrome\Application\32.0.1700.6\delegate_execute.exe" => No File
CustomCLSID: HKU\S-1-5-21-2805089890-3842710859-1120829455-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06440792-C6D0-4233-8335-7CF7B25C551E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {12ECA59E-0503-499E-B8BB-D715D7193DA0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {21D023EF-C739-4B8D-A7B9-663D0C98EDAF} - System32\Tasks\GoogleUpdateTaskMachineCore1cfcf6f6279aa17 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {22384362-C686-44E5-BC82-D736EEB47F66} - System32\Tasks\{EB1D8BB5-6172-4722-8E4C-40F921AC314A} => pcalua.exe -a "D:\New folder\microsoft.office.2007.full.no.need.serial\Microsoft Office 2007\setup.exe" -d "D:\New folder\microsoft.office.2007.full.no.need.serial\Microsoft Office 2007"
Task: {24C8C66F-BFA0-4425-8543-9CDB57BEFB14} - System32\Tasks\{21C59E66-E6EB-48CC-9B98-9E9D75D1C1C9} => pcalua.exe -a C:\Windows\system32\alsndmgr.cpl
Task: {36FB194B-B354-4E62-B0BE-D26C2FADF8F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {4BE10DF6-CD78-407B-83DC-6FDF346E7913} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [2015-12-30] (Bitsum LLC)
Task: {6079CD41-7D84-43CB-98F6-D6C8FD184EF8} - System32\Tasks\Process Lasso Management Console (GUI) => C:\Program Files\Process Lasso\processlasso.exe [2015-12-30] (Bitsum LLC)
Task: {8725E72B-42C2-477E-A6BD-BEA819D44390} - System32\Tasks\{BC551EFF-4AFE-4B50-887A-BDA82070834F} => pcalua.exe -a C:\Users\Fly\Downloads\Programs\MSetup_x86.exe -d C:\Users\Fly\Downloads\Programs
Task: {8ECF1756-F9E3-47C5-8E47-D6A8467E7B73} - System32\Tasks\GoogleUpdateTaskMachineCore1cfff6898d85dcf => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {921D67C4-84E8-46CE-91E5-330ADCA10F4D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-17] (Piriform Ltd)
Task: {992332A5-7DAA-42B9-9484-EE475056DD59} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A34C5D44-63B7-44AD-B4F8-8490AFB023FE} - System32\Tasks\{AB16AC6F-2C52-4768-948F-F5CB5CAE444E} => pcalua.exe -a D:\GIGABYTE\Audio\Realtek\lSetup.exe -d D:\GIGABYTE\Audio\Realtek
Task: {AEA1F8F6-E7F0-4C65-8762-2D139F0C4D76} - System32\Tasks\{846C0B4F-EBD9-4F3C-9C52-E45F55488C4B} => pcalua.exe -a "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl" -c Adobe Gamma
Task: {B58751C8-F9E6-48A9-8D14-D80096D03080} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C07A99AF-6F2C-43F2-90B3-755D91BFBAF0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {C4EDDCD3-1A99-4638-A2B1-1297948E1BB4} - System32\Tasks\{C15EAE4C-B8F6-4248-9989-79917CBADCE1} => pcalua.exe -a C:\Users\Fly\Downloads\Programs\SD1.4.0.566_Setup.exe -d C:\Users\Fly\Downloads\Programs
Task: {D1644353-50E8-4E76-A63E-92D38847E01B} - System32\Tasks\{1273B079-0D92-431D-93F4-F5DFAEF1C569} => pcalua.exe -a C:\Users\Fly\Downloads\Programs\SD1.4.0.553_Setup.exe -d C:\Users\Fly\Downloads\Programs
Task: {DDA72E32-2E88-4C5F-A032-3455D5BE7E16} - System32\Tasks\GoogleUpdateTaskMachineUA1cfef7e2d914a4 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfcf6f6279aa17.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff6898d85dcf.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfef7e2d914a4.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Fly\AppData\Local\Microsoft\Windows\GameExplorer\{E8167C20-84DE-4B3A-ABE5-8CC543DB4EEB}\SupportTasks\1\Support.lnk -> hxxp://www.codemasters.com/ (No File)
Shortcut: C:\Users\Fly\AppData\Local\Microsoft\Windows\GameExplorer\{E8167C20-84DE-4B3A-ABE5-8CC543DB4EEB}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.codemasters.com/igi2/english/front.htm/ (No File)
Shortcut: C:\Users\Fly\AppData\Local\Microsoft\Windows\GameExplorer\{CEF1D3D6-F51E-40F8-B97D-FD8564504EAF}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.rockstargames.com/sanandreas/ (No File)

==================== Loaded Modules (Whitelisted) ==============

2016-06-14 13:38 - 2016-06-14 13:38 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-02-27 21:20 - 2016-02-27 21:20 - 01426424 _____ () C:\Program Files\Adguard\AdguardNetApi.DLL
2016-02-27 21:20 - 2016-02-27 21:20 - 00140280 _____ () C:\Program Files\Adguard\AdguardNetLib.DLL
2016-04-21 21:25 - 2015-07-21 21:43 - 00715000 _____ () C:\Program Files\Connectify\log4cplus.dll
2013-10-28 07:32 - 2013-10-28 07:32 - 00276048 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2015-07-20 09:08 - 2015-07-20 09:08 - 00037696 _____ () C:\Program Files\Acronis\TrueImageHome\qt_icontray_ex.dll
2015-07-20 09:08 - 2015-07-20 09:08 - 00034624 _____ () C:\Program Files\Common Files\Acronis\Home\thread_pool.dll
2015-07-20 09:15 - 2015-07-20 09:15 - 00420160 _____ () C:\Program Files\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-07-20 09:10 - 2015-07-20 09:10 - 00129344 _____ () C:\Program Files\Common Files\Acronis\Home\EXPAT.dll
2015-08-26 13:14 - 2015-08-26 13:14 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2014-01-28 17:44 - 2014-01-28 17:44 - 00650096 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-12-27 07:07 - 2014-01-28 17:40 - 02422128 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-12-27 07:07 - 2014-01-28 17:39 - 00016344 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-12-27 07:07 - 2014-01-28 17:38 - 00047984 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-12-27 07:07 - 2014-01-28 17:41 - 01153392 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2016-05-12 13:59 - 2016-05-12 13:59 - 00162816 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\CoreLibNet\efe1c14c13230d2f7bcd4ca5a9818839\CoreLibNet.ni.dll
2016-05-11 08:33 - 2016-05-11 08:33 - 00621568 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\NLClientApp.Core\17e3d3e935b473272f28814270e541fd\NLClientApp.Core.ni.dll
2016-05-12 13:59 - 2016-05-12 13:59 - 01536000 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\NLClientApp.Modules\5ce2126fd228c4459e8b21048be89e03\NLClientApp.Modules.ni.dll
2014-09-13 20:58 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\52466529.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\71345125.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\52466529.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\71345125.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\hola.org -> hxxp://hola.org

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:34 - 2016-07-07 11:34 - 00004376 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 vortex.data.microsoft.com 
0.0.0.0 vortex-win.data.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net 
0.0.0.0 oca.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net 
0.0.0.0 watson.telemetry.microsoft.com 
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net 
0.0.0.0 redir.metaservices.microsoft.com 
0.0.0.0 choice.microsoft.com 
0.0.0.0 choice.microsoft.com.nsatc.net 
0.0.0.0 wes.df.telemetry.microsoft.com 
0.0.0.0 services.wes.df.telemetry.microsoft.com 
0.0.0.0 sqm.df.telemetry.microsoft.com 
0.0.0.0 telemetry.microsoft.com 
0.0.0.0 watson.ppe.telemetry.microsoft.com 
0.0.0.0 telemetry.appex.bing.net 
0.0.0.0 telemetry.urs.microsoft.com 
0.0.0.0 telemetry.appex.bing.net:443 
0.0.0.0 settings-sandbox.data.microsoft.com 
0.0.0.0 survey.watson.microsoft.com 
0.0.0.0 watson.live.com 
0.0.0.0 watson.microsoft.com 
0.0.0.0 statsfe2.ws.microsoft.com 
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com 
0.0.0.0 compatexchange.cloudapp.net 
0.0.0.0 a-0001.a-msedge.net 
0.0.0.0 statsfe2.update.microsoft.com.akadns.net 
0.0.0.0 sls.update.microsoft.com.akadns.net 

There are 66 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Fly\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 202.62.224.2 - 202.62.224.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Fly^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wandoujia_helper.lnk => C:\Windows\pss\wandoujia_helper.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Connectify Hotspot => C:\Program Files\Connectify\Connectify.exe autorun
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: StickyPassword => "C:\Program Files\Sticky Password\stpass.exe" /autorunned
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: ZAM => "C:\Program Files\Zemana AntiMalware\ZAM.exe" /minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BC4D5AEB-2FB3-49F2-9523-8AAD49AAD6C4}] => (Allow) C:\Program Files\D-Link\DWA-131 revE\IHV\PortableWiFi.exe
FirewallRules: [{E1D5548A-1FD8-4613-BFF6-577C1630E0FE}] => (Allow) C:\Program Files\D-Link\DWA-131 revE\IHV\RTLDHCP.exe
FirewallRules: [{CDDB4B06-97FC-4C48-BFE5-E9043BA30D42}] => (Allow) C:\Program Files\Connectify\Connectify.exe
FirewallRules: [{F0D002F9-9FFC-4A18-8EED-1C5ABDCD9EEA}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{8A4BA214-03EB-4907-A287-2A87CFA2852B}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{33BF848A-CFF8-4A25-B15C-32258AD9F384}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{93630ACD-07CE-4931-ADD7-C0CA16888383}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{97F1C380-37E4-4507-8FB9-F7D038AECBF9}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{22AF7FE7-D51C-4586-81AA-3FE2124F51DC}] => (Allow) C:\Program Files\Adguard\AdguardSvc.exe
FirewallRules: [{DAF497D6-0C19-4DE9-94F8-92F097840053}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7751480A-6C11-4F5B-A472-043DC334BE45}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{930E1F1D-0C7B-4F9F-BB2B-ED8790597508}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A80F9166-4FA3-4C08-AE41-1BBA5C71139C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{429FF98A-5ACB-478C-9E91-3313B1F88523}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{4B8D2844-738F-4963-A5AF-3AF13B51E6AF}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{1B6B6C26-7BAA-418E-9B4D-935E86CF486E}] => (Allow) C:\Program Files\Hide ALL IP\HideAllIP.exe
FirewallRules: [{5FE9D576-68F8-4858-955B-F62A27A1425A}] => (Allow) C:\Program Files\Hide ALL IP\HideAllIP.exe
FirewallRules: [{00EB01C2-35B5-475C-905F-93DE0595719B}] => (Allow) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{0AEA72AB-C958-4EA8-A457-ED1FA74ABCE0}] => (Allow) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{B9F187A5-380C-4675-A050-B2006B1746B4}] => (Allow) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{F2D2DCCA-FC9C-4770-9D84-792C029770CA}] => (Allow) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{A0AC9051-6A2A-4B5E-8225-8AD14C408ECE}] => (Allow) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{FFA77B28-E52A-44EE-ACDF-1F2C01661D7F}] => (Allow) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{26DF2A32-5F2C-4189-AEC2-8CAA7357709F}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{368C0BAA-9C30-4697-ABE1-5FEE13DDEAAE}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{4AF6239E-90CF-4EAC-91B5-B7C42BBF05A4}] => (Allow) C:\Program Files\CyberLink\PowerDVD16\PowerDVD.exe
FirewallRules: [{8B96F52F-2AE7-4712-8E9A-669F77162AEA}] => (Allow) C:\Program Files\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe
FirewallRules: [{16C0032C-FF35-4587-9108-88BCB32C373D}] => (Allow) C:\Program Files\CyberLink\PowerDVD16\PowerDVD16Agent.exe
FirewallRules: [{D9DCD814-172C-4428-B013-587DD97AA0B3}] => (Allow) C:\Program Files\CyberLink\PowerDVD16\Movie\PowerDVDMovie.exe
FirewallRules: [{87DE7B04-4618-4F69-9FAD-7949368B7536}] => (Allow) C:\Program Files\CyberLink\PowerDVD16\CastingStation.exe
FirewallRules: [{1039B621-A878-46A7-A868-EF05651162A1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

06-07-2016 20:53:26 End of disinfection

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2016 11:34:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2016 05:35:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2016 11:02:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: Qt5Widgets.dll, version: 5.4.1.0, time stamp: 0x555bbfbd
Exception code: 0xc0000005
Fault offset: 0x001b8248
Faulting process id: 0xd80
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/06/2016 09:34:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2016 08:53:25 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {271fe9a2-38bb-48f7-b64c-2b63087c3008}

Error: (07/06/2016 08:35:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2016 08:27:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2016 07:43:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2016 06:08:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2016 04:59:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: Qt5Widgets.dll, version: 5.4.1.0, time stamp: 0x555bbfbd
Exception code: 0xc0000005
Fault offset: 0x001138e7
Faulting process id: 0x1e6c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3


System errors:
=============
Error: (07/07/2016 11:35:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UimBus
Uim_DEVIM
Uim_IM
UsbCharger

Error: (07/07/2016 11:34:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (07/07/2016 11:34:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.

Error: (07/07/2016 09:14:45 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (07/07/2016 05:52:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IPsec Policy Agent service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (07/07/2016 05:52:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

Error: (07/07/2016 05:50:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (07/07/2016 05:50:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (07/07/2016 05:48:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (07/07/2016 05:48:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Windows Search service to connect.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU G2030 @ 3.00GHz
Percentage of memory in use: 38%
Total physical RAM: 3487.54 MB
Available physical RAM: 2132.16 MB
Total Virtual: 6973.39 MB
Available Virtual: 4981.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100.45 GB) (Free:44.51 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Backup) (Fixed) (Total:195.31 GB) (Free:156.54 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:120.61 GB) (Free:73.41 GB) NTFS
Drive g: (Flashback Recovery Partition) (Fixed) (Total:49 GB) (Free:11.67 GB) NTFS
Drive h: () (Fixed) (Total:0.38 GB) (Free:0.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E9E3E9E3)
Partition 1: (Active) - (Size=100.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=120.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=49.4 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2016
Ran by Fly (administrator) on FLY-PC (07-07-2016 12:22:47)
Running from C:\Users\Fly\Downloads\Programs
Loaded Profiles: Fly (Available Profiles: Fly)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Performix LLC) C:\Program Files\Adguard\AdguardSvc.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Blue Ridge Networks) C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardAgent.exe
(SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\DefenderDaemon.exe
(Password Protect Software) C:\Windows\System32\ncfpsys.exe
(Connectify) C:\Program Files\Connectify\Connectify.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(NoVirusThanks Company Srl) C:\Program Files\NoVirusThanks\EXE Radar Pro\ERPx86Svc.exe
(www.hideallip.com) C:\Program Files\Hide ALL IP\LauncherService.exe
() C:\ProgramData\DataCardService\HWDeviceService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NoVirusThanks Company Srl) C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Blue Ridge Networks) C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardGUI.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Performix LLC) C:\Program Files\Adguard\Adguard.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Connectify) C:\Program Files\Connectify\ConnectifyService.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Connectify) C:\Program Files\Connectify\Connectifyd.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Lamantine Software a.s.) C:\Program Files\Sticky Password\stpass.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Shadow Defender Daemon] => C:\Program Files\Shadow Defender\DefenderDaemon.exe [413888 2015-07-14] (SHADOWDEFENDER.COM)
HKLM\...\Run: [Password Protect USB 3.6.1] => C:\Windows\system32\ncfpsys.exe [174592 2005-08-24] (Password Protect Software)
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files\Connectify\Connectify.exe [4188408 2015-07-21] (Connectify)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12336856 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [NoVirusThanks EXE Radar Pro Startup] => C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe [3333456 2014-03-17] (NoVirusThanks Company Srl)
HKLM\...\Run: [DFX] => C:\Program Files\DFX\DFX.exe [1328632 2015-12-05] ()
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5343664 2015-07-20] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [691056 2015-07-20] (Acronis International GmbH)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [408872 2014-08-14] (Acronis)
HKLM\...\Run: [PowerDVD16Agent] => C:\Program Files\CyberLink\PowerDVD16\PowerDVD16Agent.exe [525352 2016-05-25] (CyberLink Corp.)
HKLM\...\Run: [AppGuardGUI] => C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardGUI.exe [13940080 2016-06-21] (Blue Ridge Networks)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [644240 2016-02-26] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Run: [Adguard] => C:\Program Files\Adguard\Adguard.exe [5578232 2016-04-18] (Performix LLC)
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6495144 2015-09-17] (Piriform Ltd)
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3961968 2016-07-05] (Tonec Inc.)
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Run: [StickyPassword] => C:\Program Files\Sticky Password\stpass.exe [58632 2015-10-14] (Lamantine Software a.s.)
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [57584 2016-03-16] (Locktime Software)
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {00f9cb8c-3835-11e4-bc75-02e00c772c52} - H:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {1ec1bb9e-8d92-11e4-ba67-74d435d9b899} - I:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {2ae8c5ae-2ed0-11e6-94da-74d435d9b899} - K:\Lenovo_Suite.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {3f90f5d9-36f3-11e4-bd09-02e00c772c52} - H:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {596a6b35-6867-11e4-9724-74d435d9b899} - F:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {596a6b40-6867-11e4-9724-74d435d9b899} - F:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {596a6b59-6867-11e4-9724-74d435d9b899} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {596a6b64-6867-11e4-9724-74d435d9b899} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {5db89ce0-3b5b-11e4-9def-74d435d9b899} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {5ee21d1d-6b09-11e4-a01a-74d435d9b899} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {93d11c4f-6ad3-11e4-bd01-74d435d9b899} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {b1ce9aba-5ea4-11e4-9eac-74d435d9b899} - F:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {b3666a5e-2bf8-11e6-bdb5-74d435d9b899} - J:\Lenovo_Suite.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {bca1b70a-d108-11df-b12f-02e00c772c52} - H:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {d22681b3-5ef9-11e4-aea8-74d435d9b899} - F:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {d90d165d-6938-11e4-84d3-74d435d9b899} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {d90d1668-6938-11e4-84d3-74d435d9b899} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {dcdf9ddc-3f41-11e4-96f6-74d435d9b899} - I:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {de85666e-3b56-11e4-a00a-c2c4db1c71c4} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {e480523a-3f03-11e4-bae2-74d435d9b899} - G:\AutoRun.exe
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\MountPoints2: {ebb204c8-8d5e-11e4-9a88-74d435d9b899} - I:\AutoRun.exe
HKU\S-1-5-18\...\Run: [Adguard] => C:\Program Files\Adguard\Adguard.exe [5578232 2016-04-18] (Performix LLC)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-09-14]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: PDBoot.exeautocheck autochk * 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 202.62.224.2 202.62.224.5 8.8.8.8
Tcpip\..\Interfaces\{77EE8AA3-0474-4F72-BB74-774546E1D7A8}: [NameServer] 101.210.255.141 8.8.8.8
Tcpip\..\Interfaces\{8B1D2226-6E62-42F4-A3B8-58D4F9E35DD8}: [DhcpNameServer] 4.2.2.2 8.8.8.8 202.62.224.5 203.98.96.5 202.62.224.2 202.56.250.6 202.138.103.100 202.56.250.5 202.138.96.2 203.98.96.5
Tcpip\..\Interfaces\{9C52B8F8-34F3-41A2-A51A-E9441F50BE75}: [DhcpNameServer] 202.62.224.2 202.62.224.5 8.8.8.8
Tcpip\..\Interfaces\{C1B5F570-B3D3-42E9-832E-54AFB2D5172D}: [NameServer] 101.210.255.141 8.8.8.8
Tcpip\..\Interfaces\{CC9E0B35-2503-4FE5-9BEE-4EDE1A17FB77}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/en-in/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-05] (Internet Download Manager, Tonec Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-2805089890-3842710859-1120829455-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Fly\AppData\Roaming\Mozilla\Firefox\Profiles\zmxbsmv4.default-1451229795544
FF Homepage: hxxps://www.google.co.in
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2805089890-3842710859-1120829455-1000: @stickypassword.com/Sticky Password -> C:\Program Files\Sticky Password\npspAutofill.dll [2015-10-14] (Lamantine Software a.s.)
FF Extension: NoScript - C:\Users\Fly\AppData\Roaming\Mozilla\Firefox\Profiles\zmxbsmv4.default-1451229795544\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-08]
FF Extension: Sticky Password Autofill Engine - C:\Users\Fly\AppData\Roaming\Lamantine\Sticky Password\spAutofill [2015-12-19]
FF Extension: IDM integration - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
FF Extension: Nimbus Screen Capture - editable screenshots. - C:\Users\Fly\AppData\Roaming\Mozilla\Firefox\Profiles\zmxbsmv4.default-1451229795544\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2016-05-13]
FF Extension: Lightshot (screenshot tool) - C:\Users\Fly\AppData\Roaming\Mozilla\Firefox\Profiles\zmxbsmv4.default-1451229795544\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2016-05-20]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\Firefox\Extensions: [{54affe52-8223-453b-be1e-2fe2e250045c}] - C:\Users\Fly\AppData\Roaming\Lamantine\Sticky Password\spAutofill
FF HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Fly\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Fly\AppData\Roaming\IDM\idmmzcc5 [2016-07-07] [not signed]
FF HKU\S-1-5-21-2805089890-3842710859-1120829455-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi

Chrome: 
=======
CHR Profile: C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adguard AdBlocker) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-07-07]
CHR Extension: (uBlock Origin) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-07-07]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-07-07]
CHR Extension: (Full Page Screen Capture) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-07-06]
CHR Extension: (Sticky Password Autofill Engine) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggepjhbdgijjkbelnggboeoehacbphed [2015-12-27]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2016-07-07]
CHR Extension: (IDM Integration Module) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-07]
CHR Extension: (Blue Space Sunset Chrome Theme) - C:\Users\Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndfdjfoclbidmgpmbelcieibgjjfdog [2016-03-17]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [859456 2014-08-14] (Acronis)
R2 Adguard Service; C:\Program Files\Adguard\AdguardSvc.exe [149496 2016-04-18] (Performix LLC)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3996664 2016-03-06] (Acronis)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 BRN_APPGUARD_SERVICE; C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardAgent.exe [682352 2016-06-21] (Blue Ridge Networks)
R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [217088 2015-07-21] (Connectify) [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2015-06-04] (Intel Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1982752 2016-07-06] (ESET)
R2 ERPx86Svc; C:\Program Files\NoVirusThanks\EXE Radar Pro\ERPx86Svc.exe [1323344 2014-03-14] (NoVirusThanks Company Srl)
R2 HideIPLaucherService; C:\Program Files\Hide ALL IP\LauncherService.exe [489328 2014-01-24] (www.hideallip.com)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [276048 2013-10-28] ()
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [274024 2015-06-04] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [509424 2015-06-08] (Lenovo)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [650096 2014-01-28] () [File not signed]
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [244976 2016-03-16] (Locktime Software)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2327488 2016-01-13] (Raxco Software, Inc.)
R2 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2311104 2016-01-13] (Raxco Software, Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2613200 2015-10-12] (Paramount Software UK Ltd)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [146576 2016-02-26] (Sandboxie Holdings, LLC)
S3 ShareItSvc; C:\Program Files\Lenovo\SHAREit\Shareit.Service.exe [31192 2016-02-02] (SHAREit Technologies Co.Ltd)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [6847712 2014-09-13] (Acronis)
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [254904 2016-07-06] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [11992944 2015-06-08] (Zemana Ltd.)
S2 {0CBD4F48-3751-475D-BE88-4F271385B672}; C:\Program Files\Shadow Defender\Service.exe [72888 2015-07-14] (SHADOWDEFENDER.COM)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [58312 2016-02-27] ()
S3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4114400 2007-08-30] (Realtek Semiconductor Corp.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19168 2013-10-28] ()
R1 BrnFileLock; C:\Windows\system32\DRIVERS\BrnFilelock.sys [73504 2016-01-08] (Blue Ridge Networks)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [36520 2015-03-05] (Connectify)
R2 DefragFS; C:\Windows\system32\Drivers\DefragFS.sys [104088 2012-09-11] (Raxco Software, Inc.)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2015-08-31] (Windows (R) Win 7 DDK provider)
R3 DFX12; C:\Windows\System32\drivers\dfx12.sys [26104 2015-11-12] (Windows (R) Win 7 DDK provider)
R0 diskpt; C:\Windows\System32\drivers\diskpt.sys [309560 2015-07-14] (SHADOWDEFENDER.COM)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [206312 2016-03-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146024 2016-02-02] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [111040 2016-02-02] (ESET)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [152728 2016-03-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44608 2016-03-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [71488 2016-03-17] (ESET)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-06-02] ()
S3 etdrv; C:\Windows\etdrv.sys [17488 2016-02-24] (Windows (R) 2000 DDK provider)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [214304 2016-03-03] (Acronis International GmbH)
S3 gdrv; C:\Windows\gdrv.sys [17488 2016-02-24] (Windows (R) 2000 DDK provider)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2016-02-24] ()
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [108032 2014-01-28] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [316544 2014-01-28] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-07-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [85464 2013-09-16] (Intel Corporation)
R1 nettcp; C:\Windows\system32\drivers\nettcp.sys [40488 2015-06-20] (Promosoft Software Limited)
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [94536 2016-03-16] (Locktime Software)
R2 PDFSFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [69016 2012-08-23] (Raxco Software, Inc.)
R2 PfFilter; C:\Program Files\IObit\Protected Folder\pffilter.sys [33224 2012-11-23] (IObit Information Technology)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [156048 2015-10-12] (Windows (R) Win 7 DDK provider)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16016 2015-10-12] (Windows (R) Win 7 DDK provider)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16744 2014-06-19] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12656 2014-06-19] ()
S3 RtlWlanu; C:\Windows\System32\DRIVERS\DRTWlanU.sys [2911960 2014-07-30] (Realtek Semiconductor Corporation                           )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [176784 2016-02-26] (Sandboxie Holdings, LLC)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31776 2015-06-03] (The OpenVPN Project)
R2 tib; C:\Windows\System32\DRIVERS\tib.sys [685160 2016-03-03] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [184136 2016-03-03] (Acronis International GmbH)
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [95368 2015-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2015-05-19] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [540808 2015-05-19] ()
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [20192 2013-10-24] ()
R1 VirtDiskBus; C:\Windows\System32\DRIVERS\VirtDiskBus.sys [57456 2011-02-08] (Giga-Byte Technology CO., LTD.)
R2 WiseFS; C:\Windows\WiseFs32.sys [10792 2015-02-26] (WiseCleaner.com) [File not signed]
R0 WofAdk; C:\Windows\System32\drivers\wofadk.sys [191184 2016-03-19] (Microsoft Corporation)
R3 XWMount; C:\Windows\System32\DRIVERS\XWMount.sys [84064 2016-01-02] (Bluebird IT PTY LTD)
R0 XWTrack; C:\Windows\System32\DRIVERS\XWTrack.sys [64600 2016-01-02] (Bluebird IT PTY LTD)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [96512 2015-05-29] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [96512 2015-05-29] (Zemana Ltd.)
R2 {41E8078B-96D9-42DC-8789-A1CF102CD880}; C:\Program Files\CyberLink\PowerDVD16\Common\NavFilter\000.fcl [33048 2016-05-25] (CyberLink Corp.)
U5 nvterp; C:\Windows\system32\drivers\nvterp.sys [15424 2013-09-23] (NoVirusThanks Company Srl)
U0 SR; no ImagePath
U2 srservice; no ImagePath
U0 TosIde; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-07 08:09 - 2016-07-07 12:22 - 00000000 ____D C:\FRST
2016-07-07 08:08 - 2016-07-07 08:09 - 01740288 _____ (Farbar) C:\Users\Fly\Downloads\FRST.exe
2016-07-07 07:38 - 2016-07-07 07:38 - 00001186 _____ C:\MBAM4.txt
2016-07-07 07:37 - 2016-07-07 07:37 - 00009605 _____ C:\MBAM3.txt
2016-07-07 07:37 - 2016-07-07 07:37 - 00001053 _____ C:\MBAM 1.txt
2016-07-07 07:37 - 2016-07-07 07:37 - 00001051 _____ C:\MBAM2.txt
2016-07-06 20:56 - 2016-07-06 20:56 - 00000953 _____ C:\Users\Public\Desktop\Unchecky.lnk
2016-07-06 20:56 - 2016-07-06 20:56 - 00000000 ____D C:\ProgramData\Unchecky
2016-07-06 20:56 - 2016-07-06 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2016-07-06 20:56 - 2016-07-06 20:56 - 00000000 ____D C:\Program Files\Unchecky
2016-07-06 20:53 - 2016-07-06 20:54 - 00001000 _____ C:\DelFix.txt
2016-07-06 17:03 - 2016-07-07 11:36 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-06 17:03 - 2016-07-06 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-06 17:03 - 2016-07-06 17:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-06 17:03 - 2016-07-06 17:03 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-06 17:03 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-06 17:03 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-06 17:03 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-06 16:14 - 2016-07-06 16:14 - 00000023 _____ C:\Users\Fly\Documents\MBAMP KEY USED IN MY PC.txt
2016-07-06 13:44 - 2016-07-06 20:48 - 00023040 ___SH C:\Users\Fly\Thumbs.db
2016-07-06 10:33 - 2016-07-06 10:33 - 00000010 _____ C:\Users\Fly\Documents\W FOR HOME NETWORK.txt
2016-07-06 10:33 - 2016-07-06 10:33 - 00000010 _____ C:\Users\Fly\Documents\PASWORD FOR HOME NETWORK.txt
2016-07-06 09:36 - 2016-07-06 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ridge Networks
2016-07-05 20:24 - 2016-05-24 19:59 - 00134144 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2016-06-15 22:01 - 2016-06-15 22:03 - 06606442 _____ C:\Users\Fly\Downloads\poweramp-full-version-unlocker_2.0.10-build-588-play_HiAppHere_com.apk
2016-06-15 07:17 - 2016-05-14 03:24 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 07:17 - 2016-05-14 03:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 07:17 - 2016-05-14 03:19 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 07:17 - 2016-05-14 03:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 07:17 - 2016-05-14 02:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 07:16 - 2016-05-24 04:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 07:16 - 2016-05-21 22:27 - 20341248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 07:16 - 2016-05-21 03:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 07:16 - 2016-05-21 03:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 07:16 - 2016-05-21 03:27 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 07:16 - 2016-05-21 03:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 07:16 - 2016-05-21 03:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 07:16 - 2016-05-21 03:26 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 07:16 - 2016-05-21 03:25 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 07:16 - 2016-05-21 03:20 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 07:16 - 2016-05-21 03:19 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 07:16 - 2016-05-21 03:18 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 07:16 - 2016-05-21 03:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 07:16 - 2016-05-21 03:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 07:16 - 2016-05-21 03:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 07:16 - 2016-05-21 03:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 07:16 - 2016-05-21 03:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 07:16 - 2016-05-21 03:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 07:16 - 2016-05-21 03:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 07:16 - 2016-05-21 02:59 - 13815808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 07:16 - 2016-05-21 02:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 07:16 - 2016-05-21 02:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 07:16 - 2016-05-21 02:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 07:16 - 2016-05-21 02:53 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 07:16 - 2016-05-21 02:51 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 07:16 - 2016-05-21 02:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 07:16 - 2016-05-21 02:44 - 04610048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 07:16 - 2016-05-21 02:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 07:16 - 2016-05-21 02:39 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 07:16 - 2016-05-21 02:39 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 07:16 - 2016-05-21 02:38 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 07:16 - 2016-05-21 02:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 07:16 - 2016-05-21 02:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 07:16 - 2016-05-21 02:08 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 07:16 - 2016-05-21 02:08 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 07:15 - 2016-05-18 21:40 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 07:15 - 2016-05-12 20:52 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 07:15 - 2016-05-12 20:52 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 07:15 - 2016-05-12 20:48 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 07:15 - 2016-05-12 20:48 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 07:15 - 2016-05-12 20:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 07:15 - 2016-05-12 20:27 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 07:15 - 2016-05-12 20:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-15 07:15 - 2016-05-12 20:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 07:15 - 2016-05-12 20:24 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 07:15 - 2016-05-12 20:22 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 07:15 - 2016-05-12 20:22 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 07:15 - 2016-05-12 20:22 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 07:15 - 2016-05-12 20:22 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 07:15 - 2016-05-12 20:22 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 07:15 - 2016-05-12 20:22 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 07:15 - 2016-05-12 20:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 07:15 - 2016-05-12 20:21 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 07:15 - 2016-05-12 20:21 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 07:15 - 2016-05-12 18:34 - 00370784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 07:15 - 2016-05-12 18:34 - 00249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 07:15 - 2016-05-11 20:49 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 07:15 - 2016-05-11 20:49 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 07:15 - 2016-05-11 20:49 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 07:15 - 2016-05-11 20:49 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 07:15 - 2016-05-11 20:31 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 07:15 - 2016-05-11 20:22 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-13 07:01 - 2016-06-13 07:01 - 00000000 ____D C:\Program Files\DIFX
2016-06-13 06:58 - 2016-06-13 06:58 - 00000000 ____D C:\adb
2016-06-12 06:44 - 2016-06-14 22:19 - 00000224 _____ C:\Users\Fly\Documents\Lenovo  VIBE P1m OTA Update.txt
2016-06-11 21:55 - 2016-06-11 21:58 - 54979326 _____ C:\Users\Fly\Downloads\3.6.7.0159.140707.31809-permissions-removed.apk
2016-06-10 08:20 - 2016-06-10 08:20 - 04639552 _____ C:\Users\Fly\Downloads\CCleaner Professional v1.15.57 - android-zone.ws.apk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-07 12:22 - 2015-03-06 21:50 - 00000000 ____D C:\ProgramData\Adguard
2016-07-07 12:20 - 2015-06-29 22:44 - 00000000 ____D C:\Users\Fly\AppData\Roaming\DMCache
2016-07-07 12:12 - 2014-10-24 17:01 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfef7e2d914a4.job
2016-07-07 12:06 - 2014-09-13 20:50 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-07 11:42 - 2009-07-14 10:04 - 00035808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-07 11:42 - 2009-07-14 10:04 - 00035808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-07 11:36 - 2015-12-17 07:47 - 00000000 __SHD C:\Users\Fly\IntelGraphicsProfiles
2016-07-07 11:34 - 2015-03-06 21:50 - 00000000 ____D C:\Program Files\Adguard
2016-07-07 11:33 - 2014-11-13 23:08 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff6898d85dcf.job
2016-07-07 11:33 - 2014-09-13 21:55 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfcf6f6279aa17.job
2016-07-07 11:33 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-07 10:24 - 2014-12-14 21:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-07 09:45 - 2016-05-25 12:00 - 00000000 ____D C:\Users\Fly\Downloads\Video
2016-07-07 09:14 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\inf
2016-07-07 08:43 - 2015-06-29 22:44 - 00000000 ____D C:\Users\Fly\AppData\Roaming\IDM
2016-07-07 08:43 - 2014-10-13 00:07 - 00000000 ____D C:\Users\Fly\AppData\Local\CrashDumps
2016-07-07 06:29 - 2014-08-28 17:58 - 00000000 ___SD C:\Users\Fly\Documents\Sticky Passwords
2016-07-07 06:06 - 2016-04-22 08:37 - 00000000 ____D C:\Users\Fly\AppData\Roaming\Steganos Updates
2016-07-07 05:53 - 2015-11-17 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-07-07 05:53 - 2015-11-17 20:56 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2016-07-07 05:35 - 2015-11-17 20:56 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-07-06 22:10 - 2014-08-28 14:39 - 00000000 ____D C:\Users\Fly\AppData\Local\ESET
2016-07-06 19:45 - 2015-03-09 23:16 - 00000435 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-07-06 16:41 - 2016-03-15 16:18 - 00000000 ____D C:\ProgramData\Update2343200959509
2016-07-06 16:16 - 2014-10-30 06:48 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-06 16:02 - 2009-07-14 10:03 - 00919200 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-06 15:45 - 2015-06-12 13:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-07-06 15:11 - 2015-03-06 11:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-06 14:37 - 2016-04-14 19:04 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2016-07-06 13:44 - 2014-08-27 05:51 - 00000000 ____D C:\Users\Fly
2016-07-06 13:12 - 2016-04-14 19:04 - 00000000 ____D C:\ProgramData\CyberLink
2016-07-06 11:47 - 2015-03-06 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-06 10:32 - 2009-07-14 08:07 - 00000000 __RHD C:\Users\Public\Libraries
2016-07-06 09:39 - 2015-06-29 22:44 - 00000000 ____D C:\Program Files\Internet Download Manager
2016-07-06 09:29 - 2016-01-27 22:17 - 00001052 _____ C:\ProgramData\EXERadar.LIC
2016-07-06 09:24 - 2014-10-03 21:10 - 00002536 _____ C:\Windows\Sandboxie.ini
2016-06-15 21:52 - 2015-04-17 08:39 - 00000000 ___RD C:\Users\Fly\Downloads\Compressed
2016-06-15 07:21 - 2014-08-28 08:59 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-15 07:21 - 2014-08-28 08:59 - 00000000 ____D C:\Windows\system32\MRT
2016-06-14 08:04 - 2016-06-01 04:44 - 00000000 ____D C:\Users\Fly\AppData\Roaming\MyPhoneExplorer
2016-06-13 12:47 - 2016-06-04 14:05 - 00000000 ____D C:\Users\Fly\Downloads\SD
2016-06-10 20:22 - 2015-04-26 06:31 - 00000000 ____D C:\ProgramData\Zoom Player
2016-06-09 11:43 - 2014-08-31 08:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-09 11:42 - 2015-03-06 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2016-06-08 23:08 - 2009-07-14 07:34 - 00000478 _____ C:\Windows\win.ini
2016-06-08 12:30 - 2016-05-02 11:45 - 00000000 ____D C:\Users\Fly\Downloads\Alcohol pics
2016-06-07 08:44 - 2014-09-09 21:49 - 00000000 ____D C:\Users\Fly\Documents\Lightshot

==================== Files in the root of some directories =======

2013-11-05 14:09 - 2013-11-05 14:09 - 0000000 _____ () C:\Program Files\install.flg
2013-11-05 14:09 - 2013-11-05 14:09 - 0011264 _____ () C:\Program Files\nsisXML.dll
2013-11-05 14:09 - 2013-11-05 14:09 - 0308576 _____ () C:\Program Files\RIconTool.exe
2013-11-05 14:09 - 2013-11-05 14:09 - 0290304 _____ (Microsoft Corporation) C:\Program Files\subinacl.exe
2015-12-19 17:27 - 2015-12-19 17:27 - 16229400 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2014-09-29 17:37 - 2016-02-28 19:11 - 0000413 _____ () C:\Users\Fly\AppData\Roaming\burnaware.ini
2015-09-12 21:54 - 2015-09-03 19:01 - 0000990 _____ () C:\Users\Fly\AppData\Roaming\systemfl.$dk
2015-07-23 21:56 - 2015-07-23 21:56 - 0004608 _____ () C:\Users\Fly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-19 09:22 - 2016-04-28 18:59 - 0000173 _____ () C:\Users\Fly\AppData\Local\msmathematics.qat.Fly
2014-11-19 06:51 - 2014-12-23 17:32 - 0007597 _____ () C:\Users\Fly\AppData\Local\Resmon.ResmonCfg
2014-09-09 21:43 - 2014-09-09 21:43 - 0000003 _____ () C:\Users\Fly\AppData\Local\updater.log
2014-09-09 21:43 - 2014-11-30 07:08 - 0000433 _____ () C:\Users\Fly\AppData\Local\UserProducts.xml
2015-01-17 16:21 - 2015-01-17 16:21 - 0000000 _____ () C:\Users\Fly\AppData\Local\{125EBAC1-BFDB-4CB7-87BC-1FD744EF7A14}
2015-01-17 16:21 - 2015-01-17 16:21 - 0000000 _____ () C:\Users\Fly\AppData\Local\{F78BAFB9-EADC-47F9-8E01-46CFC5914703}
2016-01-27 22:17 - 2016-07-06 09:29 - 0001052 _____ () C:\ProgramData\EXERadar.LIC
2014-10-01 09:31 - 2015-04-30 05:21 - 0000259 _____ () C:\ProgramData\fontcacheev1.dat
2004-09-06 20:59 - 2004-09-06 20:59 - 0000000 ____H () C:\ProgramData\sdpsenv.dat
2015-06-20 08:28 - 2015-06-20 19:18 - 0020665 _____ () C:\ProgramData\{CF93D06A-43BB-4aa4-A4FB-99880124E1AB}.log
2015-06-20 08:28 - 2015-06-20 19:18 - 0020603 _____ () C:\ProgramData\{CF93D06A-43BB-4aa4-A4FB-99880124E1AC}.log

Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
C:\ProgramData\sdpsenv.dat


Some files in TEMP:
====================
C:\Users\Fly\AppData\Local\Temp\ERUNT.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-06 19:33

==================== End of FRST.txt ============================

Link to post
Share on other sites

  • Root Admin

Thanks, let me have you run the following please. I'll check back on you again sometime tomorrow.

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

 

Link to post
Share on other sites

  • Root Admin

Thank you for the log.

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista / Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06

Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....

 

 



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

 

Link to post
Share on other sites

  • Root Admin

Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome.

You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed.

Then I need you to go to >> Google Sync << and sign into your account.
Scroll down until you see the reset sync button and click on the button
At the prompt click on Ok.

.
Reset Your Browser Settings
.

  1. In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines)
  2. Select Settings.
  3. At the bottom, click Show advanced settings…
  4. Scroll down until you see “Reset settings”, Then click on the button Reset Settings.
  5. In the dialog that appears, click Reset.

.
Close Chrome and restart it and check it out for me please

 

 

 

 

Link to post
Share on other sites

Hello sir, Greetings!

Today morning Firefox crashed once but it let me visit this site normally without any waning message. MBAMP seems to be normal now no popup during the removal operation.

Am I clean I mean is my PC clean without any trace of virus or do I need anything to follow? Any instruction to '' uninstall'' the security tools we use for virus removal if my system found to be clean?

Thank you very much for the help sir!

sid_16.

Link to post
Share on other sites

  • Root Admin

I would recommend you backup your bookmarks from Firefox. Then uninstall Firefox and have it remove all personal data as well.

Then restart the computer and reinstall the latest version of Firefox and re-import your bookmarks.

Unless there are some other signs of an infection you should be good to go.

 

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot


Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.


 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

Link to post
Share on other sites

Hello sir, Greetings!

Hope my system is clean as you've told above and I remember to practice a 'safe surfing' the net. I'll remember to disable java and use the tool Dellfix to remove the various tools used for cleaning. I'll uninstall Firefox and reinstall it again. Btw, I'm a premium user of MBAMP with a lifetime license since 2010.

 

My sincere thanks to you and all other malware removal experts helping lots of people around the world removing virus from their PCs. Please keep up your benevolent work.

Thanks again,

sid_16.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.