Scan fine but still constant pop up about website blocked

[cynthian]

I just upgraded to premium -  ran a scan and nothing detected.  However am online now browsing and keep getting pop up about Website blocked, Domain

coin-hive.com or ws00X.coin-hive.com where X is any digit, keeps changing.  Similar to this issue

Please help me to resolve, thanks!

[Aura]

Hi cynthian

This website blocked notification is caused by the JavaScript code on one of the website you're visiting.

https://www.bleepingcomputer.com/news/security/coinhive-is-rapidly-becoming-a-favorite-tool-among-malware-devs/

At least one extension is known to use that CPU mining JavaScript library in its code, so we can just do a quick check to see if you have it installed or not.

Farbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

• Download the right version of FRST for your system:
  
  • FRST 32-bit
  • FRST 64-bit
    Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
    
• Move the executable (FRST.exe or FRST64.exe) on your Desktop
• Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
• Make sure the Addition.txt box is checked
• Click on the Scan button
  
• On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
• Copy and paste the content of both FRST.txt and Addition.txt in your next reply
  

[cynthian]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017 01
Ran by Cynthia (administrator) on SIMONSHAW (28-09-2017 10:30:03)
Running from C:\Users\Cynthia\Desktop
Loaded Profiles: Cynthia (Available Profiles: Cynthia)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe
() C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\lenovo\Lenovo Solution Center\LSCNotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Users\Cynthia\AppData\Local\Apps\2.0\H3J79T79.EMM\LPDO7GWG.Y4D\lsb...tion_91a10ba61c75c82d_0001.0006_f185aae74f563194\LSB.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-03-27] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-01-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-18] (Realtek semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-10-22] (Realtek Semiconductor Corporation)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2015-02-04] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2015-02-04] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2015-02-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2015-02-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119280 2014-01-07] (Lenovo)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [WiFi] => C:\wifi\wifi.exe [616448 2014-08-06] ()
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3481912 2017-09-20] (Dropbox, Inc.)
HKU\S-1-5-21-1279789251-3593527667-3178536324-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1279789251-3593527667-3178536324-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1279789251-3593527667-3178536324-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-1279789251-3593527667-3178536324-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Run: [] => [X]
Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
GroupPolicyScripts-x32: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 203.217.168.27 203.217.168.36
Tcpip\..\Interfaces\{92EFB324-79E3-4E3B-B894-A5CD923F0740}: [DhcpNameServer] 169.254.54.64
Tcpip\..\Interfaces\{C89D3CD1-A395-473B-882F-62CB235B7DCD}: [DhcpNameServer] 203.217.168.27 203.217.168.36

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1279789251-3593527667-3178536324-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1279789251-3593527667-3178536324-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1279789251-3593527667-3178536324-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 8bvuv8r9.default
FF ProfilePath: C:\Users\Cynthia\AppData\Roaming\Mozilla\Firefox\Profiles\8bvuv8r9.default [2017-09-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-29] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-29] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default [2017-09-07]
CHR Extension: (Google Slides) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-29]
CHR Extension: (Google Docs) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-29]
CHR Extension: (Google Drive) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-29]
CHR Extension: (YouTube) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-29]
CHR Extension: (Google Sheets) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-29]
CHR Extension: (Google Docs Offline) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-29]
CHR Extension: (Gmail) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-29]
CHR Extension: (Chrome Media Router) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [66560 2013-11-07] () [File not signed]
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-10] ()
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [448400 2014-03-25] (Nuance Communications, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-11] (Dropbox, Inc.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [49992 2017-09-20] (Dropbox, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-03-27] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [282072 2014-03-11] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-23] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-02-04] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2016-01-08] (Lenovo)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2015-02-04] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-25] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-25] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2015-02-04] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2015-02-04] (Lenovo)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2015-02-04] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2015-02-04] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2014-01-07] ()
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 cmnxusbser; C:\windows\system32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
S3 CT_QUALCOMM_U_drv; C:\windows\system32\DRIVERS\CT_QUALCOMM_U_drv.sys [118016 2009-04-27] (QUALCOMM Incorporated)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R2 MBAMChameleon; C:\windows\system32\drivers\MBAMChameleon.sys [188352 2017-09-26] (Malwarebytes)
R3 MBAMFarflt; C:\windows\system32\drivers\farflt.sys [101784 2017-09-26] (Malwarebytes)
R3 MBAMProtection; C:\windows\system32\drivers\mbam.sys [45472 2017-09-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-09-23] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\drivers\mwac.sys [93600 2017-09-28] (Malwarebytes)
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 NNSALPC; C:\windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\windows\System32\DRIVERS\NNSPihsw.sys [89472 2015-09-01] (Panda Security, S.L.)
R1 NNSPOP3; C:\windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
R3 PSKMAD; C:\windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
R3 RtkBtFilter; C:\windows\system32\DRIVERS\RtkBtfilter.sys [555224 2013-11-18] (Realtek Semiconductor Corporation)
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-18] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\windows\system32\DRIVERS\rtwlane.sys [2987224 2013-11-22] (Realtek Semiconductor Corporation )
R3 SensorsServiceDriver; C:\windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\Cynthia\Desktop\David Smyth - Colloquial Cambodian "
2017-09-28 10:04 - 2017-09-28 10:07 - 000056429 _____ C:\Users\Cynthia\Desktop\Addition.txt
2017-09-28 10:00 - 2017-09-28 10:31 - 000024608 _____ C:\Users\Cynthia\Desktop\FRST.txt
2017-09-28 10:00 - 2017-09-28 10:30 - 000000000 ____D C:\FRST
2017-09-28 08:52 - 2017-09-28 09:59 - 002399744 _____ (Farbar) C:\Users\Cynthia\Desktop\FRST64.exe
2017-09-28 08:05 - 2017-09-28 08:05 - 001795584 _____ (Farbar) C:\Users\Cynthia\Desktop\FRST.exe
2017-09-26 12:50 - 2017-09-26 12:50 - 000009723 _____ C:\Users\Cynthia\Downloads\Download(1).pdf
2017-09-26 12:50 - 2017-09-26 12:50 - 000008846 _____ C:\Users\Cynthia\Downloads\Download(2).pdf
2017-09-26 12:49 - 2017-09-26 12:49 - 000009503 _____ C:\Users\Cynthia\Downloads\Download.pdf
2017-09-25 16:03 - 2017-09-25 16:03 - 000008515 _____ C:\Users\Cynthia\Downloads\Statement2191219(2).xls
2017-09-25 16:01 - 2017-09-25 16:01 - 000010849 _____ C:\Users\Cynthia\Downloads\Statement2048917(4).xls
2017-09-22 12:00 - 2017-09-22 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-20 23:48 - 2017-09-20 23:48 - 000049992 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2017-09-20 23:48 - 2017-09-20 23:48 - 000045672 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2017-09-20 23:48 - 2017-09-20 23:48 - 000045640 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2017-09-20 23:48 - 2017-09-20 23:48 - 000045640 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2017-09-19 15:44 - 2017-09-19 15:44 - 000263783 _____ C:\Users\Cynthia\Downloads\nutrients-09-00088.pdf
2017-09-16 15:03 - 2017-09-17 14:19 - 000000000 ____D C:\Users\Cynthia\Desktop\New music
2017-09-13 19:36 - 2017-08-18 05:07 - 000537200 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2017-09-13 19:36 - 2017-08-15 21:06 - 015260160 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-09-13 19:36 - 2017-08-15 20:58 - 013673984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-09-13 19:36 - 2017-08-14 01:58 - 025730560 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-09-13 19:36 - 2017-08-14 00:04 - 002899968 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-09-13 19:36 - 2017-08-13 23:54 - 020269056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-09-13 19:36 - 2017-08-13 23:51 - 005981696 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-09-13 19:36 - 2017-08-13 23:24 - 002291200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-09-13 19:36 - 2017-08-13 23:15 - 007078912 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2017-09-13 19:36 - 2017-08-13 22:52 - 005274624 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2017-09-13 19:36 - 2017-08-13 22:52 - 000486912 _____ (Microsoft Corporation) C:\windows\system32\tpmvsc.dll
2017-09-13 19:36 - 2017-08-13 22:48 - 004547072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-09-13 19:36 - 2017-08-13 22:40 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-09-13 19:36 - 2017-08-13 22:27 - 001544704 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-09-13 19:36 - 2017-08-13 22:25 - 007797248 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2017-09-13 19:36 - 2017-08-13 22:18 - 005270016 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 19:36 - 2017-08-13 22:17 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-09-13 19:36 - 2017-08-12 16:30 - 022361344 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2017-09-13 19:36 - 2017-08-12 16:26 - 019789736 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2017-09-13 19:36 - 2017-08-12 07:39 - 001364552 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2017-09-13 19:36 - 2017-08-11 10:30 - 004170240 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-09-13 19:36 - 2017-08-11 09:38 - 000477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2017-09-13 19:36 - 2017-08-11 09:08 - 001753600 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2017-09-13 19:36 - 2017-08-11 08:52 - 001491456 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2017-09-13 19:36 - 2017-08-11 08:43 - 000865792 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2017-09-13 19:36 - 2017-07-18 02:53 - 004298240 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_47.dll
2017-09-13 19:36 - 2017-07-17 06:55 - 003551744 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_47.dll
2017-09-13 19:36 - 2017-07-14 06:03 - 002013528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2017-09-13 19:36 - 2017-07-13 03:29 - 000420440 _____ (Microsoft Corporation) C:\windows\system32\wevtapi.dll
2017-09-13 19:35 - 2017-08-20 00:27 - 000237568 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2017-09-13 19:35 - 2017-08-19 23:48 - 000215040 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2017-09-13 19:35 - 2017-08-18 05:07 - 000140016 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2017-09-13 19:35 - 2017-08-18 05:03 - 000450392 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2017-09-13 19:35 - 2017-08-18 05:03 - 000136832 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2017-09-13 19:35 - 2017-08-15 21:01 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-09-13 19:35 - 2017-08-15 21:01 - 000128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2017-09-13 19:35 - 2017-08-15 21:01 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-09-13 19:35 - 2017-08-14 00:19 - 000040960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nsiproxy.sys
2017-09-13 19:35 - 2017-08-14 00:05 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-09-13 19:35 - 2017-08-13 23:50 - 000817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-09-13 19:35 - 2017-08-13 23:29 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-09-13 19:35 - 2017-08-13 23:28 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-09-13 19:35 - 2017-08-13 23:23 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-09-13 19:35 - 2017-08-13 23:21 - 000145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2017-09-13 19:35 - 2017-08-13 23:20 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-09-13 19:35 - 2017-08-13 23:17 - 000663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-09-13 19:35 - 2017-08-13 23:14 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2017-09-13 19:35 - 2017-08-13 23:07 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-09-13 19:35 - 2017-08-13 23:05 - 000380416 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-09-13 19:35 - 2017-08-13 23:04 - 000807936 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-09-13 19:35 - 2017-08-13 23:04 - 000726528 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-09-13 19:35 - 2017-08-13 23:01 - 002134528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-09-13 19:35 - 2017-08-13 22:51 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2017-09-13 19:35 - 2017-08-13 22:46 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-09-13 19:35 - 2017-08-13 22:44 - 000694784 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-09-13 19:35 - 2017-08-13 22:44 - 000331776 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-09-13 19:35 - 2017-08-13 22:43 - 002058752 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-09-13 19:35 - 2017-08-13 22:18 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-09-13 19:35 - 2017-08-13 22:14 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-09-13 19:35 - 2017-08-13 22:13 - 001314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-09-13 19:35 - 2017-08-12 06:59 - 007440728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-09-13 19:35 - 2017-08-12 06:58 - 001737600 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-09-13 19:35 - 2017-08-12 06:58 - 001502000 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2017-09-13 19:35 - 2017-08-12 03:46 - 000367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\PCPTpm12.dll
2017-09-13 19:35 - 2017-08-12 03:29 - 000425984 _____ (Microsoft Corporation) C:\windows\system32\PCPTpm12.dll
2017-09-13 19:35 - 2017-08-12 03:13 - 000175616 _____ (Microsoft Corporation) C:\windows\system32\TpmTasks.dll
2017-09-13 19:35 - 2017-08-11 10:27 - 000281600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2017-09-13 19:35 - 2017-08-11 10:27 - 000243200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2017-09-13 19:35 - 2017-08-11 09:08 - 000329216 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2017-09-13 19:35 - 2017-08-11 09:02 - 001084928 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2017-09-13 19:35 - 2017-08-11 08:49 - 000346624 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2017-09-13 19:35 - 2017-08-11 08:44 - 001095680 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2017-09-13 19:35 - 2017-08-11 08:41 - 000307200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.dll
2017-09-13 19:35 - 2017-08-07 04:20 - 000607232 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2017-09-13 19:35 - 2017-08-06 14:13 - 000530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2017-09-13 19:35 - 2017-07-23 01:34 - 000033792 _____ (Microsoft Corporation) C:\windows\system32\iscsium.dll
2017-09-13 19:35 - 2017-07-23 00:32 - 000027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\iscsium.dll
2017-09-13 19:35 - 2017-07-13 03:29 - 000075440 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-09-13 19:35 - 2017-07-13 03:25 - 000308872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wevtapi.dll
2017-09-13 19:35 - 2017-07-13 03:25 - 000066112 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2017-09-13 19:35 - 2017-07-09 02:03 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-09-13 19:35 - 2017-07-09 01:43 - 000197632 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-09-13 19:35 - 2017-07-09 01:30 - 000039936 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-09-13 19:35 - 2017-07-09 01:20 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-09-13 19:35 - 2017-07-09 00:25 - 001436160 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-09-13 19:35 - 2017-07-09 00:00 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-09-13 19:35 - 2017-07-08 10:14 - 000100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2017-09-13 09:01 - 2017-09-13 09:02 - 000013678 ____H C:\Users\Cynthia\Desktop\~WRL2904.tmp
2017-09-11 10:48 - 2017-09-26 18:50 - 000012988 _____ C:\Users\Cynthia\Desktop\FBAR 2014 2015 2016.xlsx
2017-09-11 10:18 - 2017-09-11 10:18 - 001074295 _____ C:\Users\Cynthia\Downloads\FBAR_EFILING.pdf
2017-09-11 09:32 - 2017-09-11 09:32 - 000149627 _____ C:\Users\Cynthia\Downloads\NFFBAR(1).pdf
2017-09-09 07:29 - 2017-09-09 07:29 - 015673757 _____ C:\Users\Cynthia\Downloads\AnnualReport2016_ENGLISH.pdf
2017-09-08 09:31 - 2017-09-08 09:31 - 012761409 _____ C:\Users\Cynthia\Downloads\humanization-of-pet-food-report-mar-2016.pdf
2017-09-07 16:07 - 2017-09-07 16:07 - 000017171 _____ C:\Users\Cynthia\Desktop\DebtorsList Aug.xls.xlsx
2017-09-07 14:32 - 2017-09-07 14:32 - 000004979 _____ C:\Users\Cynthia\Downloads\hotel_booking.xlsx
2017-09-07 14:01 - 2017-09-07 18:28 - 000000000 ____D C:\Users\Cynthia\Desktop\1 stop bills
2017-09-07 10:34 - 2015-05-22 15:45 - 000061712 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSKMAD.sys
2017-09-06 08:07 - 2017-09-06 08:07 - 000065581 _____ C:\Users\Cynthia\Downloads\Pharmaceutical Companies.xlsx
2017-09-02 14:42 - 2017-09-02 14:42 - 000033280 _____ C:\Users\Cynthia\Desktop\Bookingcom Aug invoice.xls
2017-09-02 14:07 - 2017-09-02 14:07 - 000013824 _____ C:\Users\Cynthia\Downloads\rstatement.xls
2017-09-02 13:38 - 2017-09-02 16:39 - 000011361 _____ C:\Users\Cynthia\Desktop\Bar stock list.xlsx
2017-09-01 10:24 - 2017-09-07 13:32 - 000007544 _____ C:\Users\Cynthia\Desktop\DebtorsList Aug.xls
2017-09-01 09:35 - 2017-09-01 09:35 - 000009408 _____ C:\Users\Cynthia\Desktop\DPS 2 Aug payment for no shows.xlsx
2017-08-30 17:30 - 2011-04-16 12:31 - 1212330100 _____ C:\Users\Cynthia\Desktop\Hobo with a Shotgun.avi
2017-08-30 09:46 - 2017-09-02 13:38 - 000010542 _____ C:\Users\Cynthia\Desktop\SOB daily weekly list.xlsx
2017-08-29 08:44 - 2017-08-29 08:44 - 000006308 _____ C:\Users\Cynthia\Downloads\29-08-2017.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-28 10:28 - 2017-05-12 10:17 - 000000000 ____D C:\Users\Cynthia\Desktop\Cynthia US
2017-09-28 10:26 - 2015-09-27 16:29 - 000000000 ____D C:\Users\Cynthia\AppData\Roaming\BitTorrent
2017-09-28 10:11 - 2017-01-11 12:06 - 000000930 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-09-28 06:44 - 2017-04-11 20:51 - 000093600 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-09-28 06:44 - 2015-10-22 17:16 - 000003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{11D387F0-0420-4B3C-9B98-A47C95115E9E}
2017-09-28 06:40 - 2016-11-18 09:03 - 000000000 ____D C:\Users\Cynthia\AppData\LocalLow\Mozilla
2017-09-28 06:37 - 2017-01-11 12:06 - 000000926 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-09-28 06:36 - 2014-03-18 16:53 - 000005818 _____ C:\windows\system32\PerfStringBackup.INI
2017-09-27 22:23 - 2016-02-15 15:16 - 000000000 ____D C:\Users\Cynthia\AppData\Roaming\vlc
2017-09-27 20:21 - 2015-10-01 15:00 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1279789251-3593527667-3178536324-1001
2017-09-27 12:56 - 2017-01-09 12:35 - 001170432 ___SH C:\Users\Cynthia\Desktop\Thumbs.db
2017-09-27 11:57 - 2015-08-11 06:34 - 000000000 ____D C:\Users\Cynthia\AppData\Local\Packages
2017-09-27 09:52 - 2017-06-29 12:16 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-27 09:52 - 2017-06-29 12:16 - 000002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-27 09:20 - 2016-04-22 10:44 - 000000000 ____D C:\Users\Cynthia\Documents\Outlook Files
2017-09-26 12:52 - 2017-04-11 20:51 - 000188352 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMChameleon.sys
2017-09-26 12:52 - 2017-04-11 20:51 - 000101784 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2017-09-26 12:52 - 2017-04-11 20:50 - 000045472 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-09-25 19:54 - 2015-10-18 09:14 - 000000000 ____D C:\Users\Cynthia\AppData\Roaming\Skype
2017-09-25 14:42 - 2016-09-19 10:57 - 000000000 ____D C:\Users\Cynthia\Desktop\SoB Payroll
2017-09-25 14:42 - 2016-09-19 10:56 - 000000000 ____D C:\Users\Cynthia\Desktop\SoB Cash Sheets
2017-09-25 11:14 - 2017-08-28 12:41 - 000000000 ____D C:\Users\Cynthia\Desktop\CV
2017-09-25 10:02 - 2015-08-14 20:31 - 000000000 ____D C:\Users\Cynthia\AppData\Roaming\Nitro PDF
2017-09-25 09:59 - 2017-01-07 15:40 - 000000000 ____D C:\Users\Cynthia\Desktop\Red Roo orders
2017-09-24 10:00 - 2017-08-04 21:36 - 000000422 ____H C:\windows\Tasks\{AB148896-79E8-4704-9F2A-E114D9424FBB}.job
2017-09-24 08:21 - 2013-08-22 20:36 - 000000000 ____D C:\windows\Inf
2017-09-23 17:35 - 2017-04-11 20:50 - 000253856 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-23 17:34 - 2013-08-22 21:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-09-23 17:31 - 2015-02-04 13:50 - 000012800 _____ C:\windows\system32\VfService.trf
2017-09-23 17:31 - 2013-08-22 20:25 - 000524288 ___SH C:\windows\system32\config\BBI
2017-09-23 07:16 - 2013-08-22 22:36 - 000000000 ____D C:\windows\system32\NDF
2017-09-22 12:00 - 2017-01-11 12:06 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-21 12:55 - 2013-08-22 22:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-21 12:55 - 2013-08-22 22:36 - 000000000 ____D C:\windows\AppReadiness
2017-09-21 12:15 - 2013-08-22 22:36 - 000000000 ____D C:\windows\rescache
2017-09-21 07:56 - 2015-02-04 13:16 - 000000000 ____D C:\ProgramData\Realtek
2017-09-18 13:26 - 2017-01-07 15:38 - 000000000 ____D C:\Users\Cynthia\Desktop\Wonder research
2017-09-15 06:17 - 2013-08-22 21:44 - 000541200 _____ C:\windows\system32\FNTCACHE.DAT
2017-09-14 21:35 - 2013-08-22 22:36 - 000000000 ___RD C:\windows\ToastData
2017-09-14 15:30 - 2015-08-15 04:34 - 000000000 ____D C:\windows\system32\MRT
2017-09-14 15:25 - 2015-08-15 04:34 - 138202976 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-09-14 15:25 - 2013-08-22 22:20 - 000000000 ____D C:\windows\CbsTemp
2017-09-13 16:14 - 2015-08-11 06:33 - 000000000 ____D C:\Users\Cynthia
2017-09-13 10:58 - 2016-06-06 18:00 - 000000000 ____D C:\Users\Cynthia\AppData\Roaming\WhatsApp
2017-09-11 10:48 - 2016-03-31 13:13 - 000000000 ____D C:\Users\Cynthia\Documents\HRBlock
2017-09-11 09:35 - 2015-10-29 12:46 - 000000000 ____D C:\Users\Cynthia\Documents\502
2017-09-07 13:40 - 2017-08-15 08:04 - 000000000 ____D C:\Users\Cynthia\Desktop\SOB DPS channelmanager reports
2017-09-07 13:35 - 2016-02-15 15:15 - 000001097 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-09-07 10:13 - 2017-04-11 20:50 - 000001894 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-07 10:13 - 2017-04-11 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-03 23:25 - 2015-10-17 21:10 - 000000000 ____D C:\Users\Cynthia\AppData\Local\ElevatedDiagnostics
2017-09-02 16:39 - 2017-08-15 08:05 - 000000000 ____D C:\Users\Cynthia\Desktop\SOB processes and schedules
2017-09-02 14:42 - 2017-08-15 08:07 - 000000000 ____D C:\Users\Cynthia\Desktop\One Stop
2017-09-02 06:54 - 2017-04-13 08:13 - 000835576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-09-02 06:54 - 2017-04-13 08:13 - 000177656 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-01 10:52 - 2017-05-09 15:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-01 10:52 - 2015-08-31 18:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-29 21:40 - 2016-03-07 07:19 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 13:08 - 2017-08-15 08:04 - 000000000 ____D C:\Users\Cynthia\Desktop\SOB bank
2017-08-29 11:06 - 2015-08-19 19:19 - 003260416 ___SH C:\Users\Cynthia\Downloads\Thumbs.db

==================== Files in the root of some directories =======

2015-08-11 06:34 - 2017-09-28 06:37 - 005102789 _____ () C:\Users\Cynthia\AppData\Local\BTServer.log
2017-07-30 16:35 - 2017-07-30 16:35 - 000047686 _____ () C:\ProgramData\agent.1501407322.bdinstall.bin
2017-08-15 07:45 - 2017-08-15 07:45 - 000029160 _____ () C:\ProgramData\agent.1502757905.bdinstall.bin
2015-02-04 13:13 - 2015-02-04 13:13 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Windows\Tasks\{AB148896-79E8-4704-9F2A-E114D9424FBB}.job

Some files in TEMP:
====================
2016-02-04 14:49 - 2013-03-29 14:52 - 000348672 _____ () C:\Users\Cynthia\AppData\Local\Temp\asmtusb.dll
2015-08-11 06:56 - 2015-08-11 06:56 - 000291072 _____ (Lenovo) C:\Users\Cynthia\AppData\Local\Temp\LenovoExperienceImprovement.exe
2017-08-01 22:57 - 2017-06-05 10:36 - 000186280 _____ (RealNetworks, Inc.) C:\Users\Cynthia\AppData\Local\Temp\lowproc.exe
2015-07-23 20:53 - 2015-07-23 20:53 - 000120336 _____ (McAfee, Inc.) C:\Users\Cynthia\AppData\Local\Temp\McCSPInstall.dll
2015-10-21 10:02 - 2015-07-23 20:53 - 000162120 _____ (McAfee Inc.) C:\Users\Cynthia\AppData\Local\Temp\mccspuninstall.exe
2015-08-20 05:20 - 2017-06-09 22:11 - 000000000 ____D () C:\Users\Cynthia\AppData\Local\Temp\obexpf.dll
2015-08-11 04:25 - 2015-08-11 04:28 - 067114248 _____ (SweetLabs,Inc.) C:\Users\Cynthia\AppData\Local\Temp\oct6C05.tmp.exe
2015-08-20 04:27 - 2015-08-20 04:28 - 067202952 _____ (SweetLabs,Inc.) C:\Users\Cynthia\AppData\Local\Temp\octC2AE.tmp.exe
2015-09-11 14:22 - 2012-10-02 07:44 - 000178824 ____R (Microsoft Corporation) C:\Users\Cynthia\AppData\Local\Temp\ose00000.exe
2016-03-11 14:13 - 2016-03-11 14:17 - 009323520 _____ () C:\Users\Cynthia\AppData\Local\Temp\SkypeSetup.exe
2017-08-01 22:57 - 2017-06-05 10:36 - 000096496 _____ (RealNetworks, Inc.) C:\Users\Cynthia\AppData\Local\Temp\stubhelper.dll
2016-02-04 14:49 - 2013-04-03 18:05 - 005560832 _____ (TODO: <Company name>) C:\Users\Cynthia\AppData\Local\Temp\UpgradeFirmware.exe
2017-09-07 13:24 - 2017-09-07 13:25 - 030950664 _____ () C:\Users\Cynthia\AppData\Local\Temp\vlc-2.2.6-win32.exe
2015-10-01 13:28 - 2015-10-01 13:58 - 062500000 _____ () C:\Users\Cynthia\AppData\Local\Temp\{9C517162-8E68-4000-8A4F-82B01BB122D3}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-21 08:08

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
Ran by Cynthia (28-09-2017 10:32:59)
Running from C:\Users\Cynthia\Desktop
Windows 8.1 (Update) (X64) (2015-08-10 23:33:55)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1279789251-3593527667-3178536324-500 - Administrator - Disabled)
Cynthia (S-1-5-21-1279789251-3593527667-3178536324-1001 - Administrator - Enabled) => C:\Users\Cynthia
Guest (S-1-5-21-1279789251-3593527667-3178536324-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1279789251-3593527667-3178536324-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BitTorrent (HKU\S-1-5-21-1279789251-3593527667-3178536324-1001\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cole2k Media - Codec Pack (Advanced) 8.0.2 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version: 8.0.2 - Cole2k Media)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM-x32\...\{1D2682EA-75DD-44B6-BF2D-CD3C49EAD012}) (Version: 1.6.38.01 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dragon Assistant version 1.5.20 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.20 - Nuance Communications, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 35.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
EPSON SX440 Series Printer Uninstall (HKLM\...\EPSON SX440 Series) (Version:  - SEIKO EPSON Corporation)
Extegrity Exam4 (HKLM-x32\...\Exam4) (Version:  - )
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
Free MKV Player (HKLM-x32\...\{4DABCF47-69BE-42B4-9AAB-486DF64AEF0C}) (Version: 1.00.0000 - Media Freeware)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
H&R Block Deluxe + Efile 2013 (HKLM-x32\...\{AD9F55C5-93F8-4CAB-A311-77C195912CA4}) (Version: 13.04.7601 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2014 (HKLM-x32\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2015 (HKLM-x32\...\{D64EF8D5-1C1C-4B30-AB97-73F2C6024AD3}) (Version: 15.04.8101 - HRB Technology, LLC.)
HFSExplorer 0.23.1 (HKLM-x32\...\HFSExplorer) (Version: 0.23.1 - Catacombae Software)
Host App Service (HKU\S-1-5-21-1279789251-3593527667-3178536324-1001\...\Pokki) (Version: 0.269.7.768 - Pokki)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.2.1000 - Intel Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Motion Control (HKLM-x32\...\{E9325F15-6339-45E8-9DC4-C2D44B623039}) (Version: 2.5.1.0224 - PointGrab) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{E9325F15-6339-45E8-9DC4-C2D44B623039}) (Version: 2.5.1.0224 - PointGrab)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-1279789251-3593527667-3178536324-1001\...\cbe8636f7dd0cf1d) (Version: 1.6.2.0 - Lenovo)
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.4 - Lenovo)
Lenovo Solution Center (HKLM\...\{49277B39-D2E8-4342-9CE8-FC080C3FA344}) (Version: 2.8.007.00 - Lenovo Group Limited)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.10181 - Lenovo)
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.0.14.1061 - Lenovo)
Lenovo Yoga 2 Demo (HKLM-x32\...\{03C682A4-05CD-4D22-B50A-B9C3C5F2B137}) (Version: 1.0.7 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.5 - Lenovo) Hidden
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.5 - Lenovo)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-GB)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
Nuance Speech Component DA-A en-GB version 1.5.20 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.20 - Nuance Communications, Inc.)
Nuance Speech Component DA-C version 1.1.22 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.22 - Nuance Communications, Inc.)
Nuance Speech Component DA-L en-GB version 1.1.5 (HKLM-x32\...\{CA54E6DD-70F8-4AE5-8427-522A52FC4408}_is1) (Version: 1.1.5 - Nuance Communications, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\{DDE3DECA-9139-4A39-9276-143ECA1DB75E}) (Version: 1.06.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.07 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\{293AA48A-DFC2-4F7D-9ED7-1A0F25CB5368}) (Version: 8.04.00.0000 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.787.787.111213 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0235 - REALTEK Semiconductor Corp.)
Serato DJ  (HKLM-x32\...\{249A3FEA-9720-4CBF-A159-08C563714748}) (Version: 1.9.1.4046 - Serato) Hidden
Serato DJ  (HKLM-x32\...\{752e27a0-7ce7-48a1-8579-a9e1bfd7b4f0}) (Version: 1.9.1.4046 - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.8.0 - Lenovo Group Limited)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
Start Menu (HKU\S-1-5-21-1279789251-3593527667-3178536324-1001\...\Pokki_Start_Menu) (Version: 0.269.7.768 - Pokki)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
WhatsApp (HKU\S-1-5-21-1279789251-3593527667-3178536324-1001\...\WhatsApp) (Version: 0.2.5863 - WhatsApp)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.5.014.0106 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1279789251-3593527667-3178536324-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\DevMenuExt.dll [2013-09-13] (Realtek Semiconductor Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\9.0\NPShellExtension64.dll [2013-12-13] (Nitro PDF)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-08-13] (Lenovo)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2015-10-22] (Panda Security, S.L.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-08-13] (Lenovo)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2014-03-11] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\windows\system32\igfxOSP.dll [2014-03-11] (Intel Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2015-10-22] (Panda Security, S.L.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2015-10-22] (Panda Security, S.L.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0265E164-07DE-4A58-B06A-943D22D6E8FA} - \DolbySelectorTask -> No File <==== ATTENTION
Task: {096B4C5D-2A5F-4E46-B57C-A8B666D099BA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1279789251-3593527667-3178536324-1001 => "C:\windows\system32\rundll32.exe" dfshim.dll,ShOpenVerbShortcut C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {0D5D1AFC-FE8A-4CF8-9288-660E45693523} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-01-08] (Lenovo)
Task: {1191DAAF-6541-4C47-BD5B-ED5308767E45} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-11] (Dropbox, Inc.)
Task: {1B5673A5-C6FF-4DC6-A9F2-CD8CBB69CF67} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {24BF1B3D-A92E-4396-B02F-9E7C64BB3C0A} - \Lenovo Smart Voice -> No File <==== ATTENTION
Task: {2D797AD8-75E8-4FCB-964E-1BB943E87634} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {36FBF9F7-0174-4757-BF5C-29DD8E248DF9} - \Optimize Start Menu Cache Files-S-1-5-21-1279789251-3593527667-3178536324-500 -> No File <==== ATTENTION
Task: {3A53B68A-C40E-4B3E-80CB-4C0DFDDD9F87} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-12-10] (Lenovo)
Task: {3CB78D96-8E71-4B8E-BBD4-7CCE633797E8} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] ()
Task: {3FF8F5F4-B33B-4E97-AD17-E7BAA3670385} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-29] (Google Inc.)
Task: {45E611EE-DBA1-465C-9CDA-4849974F3D0E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {4EEC27CE-BE32-44D1-834A-16D832CB89F1} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-01-08] ()
Task: {9BEA6A4D-E5B2-478C-BB3D-80C109B6E82D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {ACFF3C16-CE42-44C3-A791-A65D5CF7593B} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {B2E016AD-3296-40F7-B1A5-C72F5950A3A9} - System32\Tasks\{AB148896-79E8-4704-9F2A-E114D9424FBB} => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe [2015-10-20] (Panda Security, S.L.)
Task: {B8ECBBAD-E12B-49AC-9787-62EB4DF55F32} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-01-08] ()
Task: {BC5F8B35-C622-40E2-925A-1C85AD1DD3EF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-11] (Dropbox, Inc.)
Task: {BFC6EC17-DF51-431D-AA41-9513B91091DA} - \Pokki -> No File <==== ATTENTION
Task: {D86F5837-5F25-43D9-81B5-B9B64DEA3E07} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.)
Task: {E25ECD34-AF19-47BA-81FD-C214F929A6D1} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2016-01-08] (Lenovo)
Task: {E4629B44-76AF-4731-85A9-9DE2CD5B447F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-29] (Google Inc.)
Task: {EA4A3F22-64F3-4CD4-B53A-AA13A5D03FC3} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe
Task: {F9DCE5D0-9927-46F1-835E-C70F355F4351} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\{AB148896-79E8-4704-9F2A-E114D9424FBB}.job => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-02-04 13:16 - 2013-11-07 12:24 - 000066560 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2015-02-04 13:48 - 2012-04-24 17:43 - 000390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-02-04 13:50 - 2015-02-04 13:50 - 000067856 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2015-02-04 13:50 - 2015-02-04 13:50 - 000672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2015-02-04 13:50 - 2015-02-04 13:50 - 000061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2015-02-04 13:44 - 2014-01-07 06:14 - 000019440 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
2017-04-11 20:50 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-02-04 13:42 - 2014-07-10 08:19 - 000592880 _____ () C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
2015-02-04 13:50 - 2015-02-04 13:50 - 000815104 _____ () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
2015-02-04 13:42 - 2014-07-10 08:19 - 000397296 _____ () C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
2015-02-04 13:50 - 2015-02-04 13:50 - 000294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2015-02-04 13:50 - 2015-02-04 13:50 - 000108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2017-09-21 12:12 - 2017-09-21 12:12 - 000164352 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.System\4afb7a2a9cc125168b17364f1d29e831\Windows.System.ni.dll
2017-09-21 12:12 - 2017-09-21 12:12 - 001027072 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Networking\0b31780536d441dad7ee9e933bf49f37\Windows.Networking.ni.dll
2017-09-21 12:12 - 2017-09-21 12:12 - 000284160 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\a236e94695f51cb8bbc53918d9efe0a6\Windows.Foundation.ni.dll
2015-07-21 15:27 - 2015-07-21 15:27 - 000238248 _____ () C:\Program Files\Microsoft Office\Office15\IEAWSDC.DLL
2015-02-04 13:49 - 2014-03-25 05:44 - 000387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2015-02-04 13:49 - 2014-03-25 05:44 - 001165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2015-02-04 13:49 - 2014-03-25 05:44 - 000199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2015-02-04 13:49 - 2014-03-25 05:44 - 001132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2015-02-04 13:49 - 2014-03-25 05:44 - 000035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2015-02-04 13:49 - 2014-03-25 05:44 - 000229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2013-04-13 00:23 - 2013-04-13 00:23 - 000612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-02-25 07:39 - 2014-02-25 07:39 - 000013576 _____ () C:\Program Files (x86)\Lenovo\Motion Control\PointGrabDeviceAPI.dll
2015-02-04 13:09 - 2013-09-17 03:17 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-02-04 13:50 - 2015-02-04 13:50 - 000102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
2015-02-04 13:50 - 2015-02-04 13:50 - 000101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2017-09-22 11:59 - 2017-09-20 23:48 - 000771904 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-09-22 11:59 - 2017-09-20 23:48 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-09-22 11:59 - 2017-09-20 23:49 - 000023872 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_bootstrap.dll
2017-09-22 11:59 - 2017-09-20 23:48 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-22 11:59 - 2017-09-20 23:49 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-09-22 11:59 - 2017-09-20 23:49 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-09-22 11:59 - 2017-09-20 23:49 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-09-22 11:59 - 2017-09-20 23:48 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-09-22 11:59 - 2017-09-20 23:49 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-09-22 11:59 - 2017-09-20 23:49 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-09-22 11:59 - 2017-09-20 23:50 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-09-22 11:59 - 2017-09-20 23:49 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-09-22 11:59 - 2017-09-20 23:49 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-22 11:59 - 2017-09-20 23:49 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-09-22 11:59 - 2017-09-20 23:49 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-09-22 11:59 - 2017-09-20 23:49 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000045888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-09-22 11:59 - 2017-09-20 23:49 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-09-22 11:59 - 2017-09-20 23:49 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-09-22 11:59 - 2017-09-20 23:49 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-09-22 11:59 - 2017-09-20 23:48 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-09-22 11:59 - 2017-09-20 23:49 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-09-22 11:59 - 2017-09-20 23:50 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-09-22 11:59 - 2017-09-20 23:49 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-09-22 11:59 - 2017-09-20 23:49 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-09-22 11:59 - 2017-09-20 23:50 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-09-22 11:59 - 2017-09-20 23:50 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 20:25 - 2015-10-21 10:02 - 000000826 _____ C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1279789251-3593527667-3178536324-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cynthia\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 203.217.168.27 - 203.217.168.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EE5BF2CB-520E-4E16-BD41-1BB949419784}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{8E36DE20-8082-4FFA-A8F8-20537779A34C}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{5BA1F8BF-EB17-458E-8B43-8B3CAC23BD50}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{D8189BF9-8BED-4AAE-B742-A4EF618FC146}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{24BA526D-0878-459D-8875-06D240DAC793}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{C274A4E4-2779-4816-AE41-ECDE0F89B04F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{1CD056FE-55FC-4E3C-A53C-0E9516DFA6FB}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5D26824F-1319-4EA5-914A-61FAAC7A074C}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
FirewallRules: [{53891BFE-4A8B-4328-B1DE-76A4F05703C2}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{818EA219-EF8D-462C-B33E-53C805BC03DA}] => (Allow) LPort=55100
FirewallRules: [{4CAEAAE9-A9EA-4779-A7B4-7A929903761A}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{EC2E1D9B-8037-4C51-AF8A-76A69A525CE3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{71EFE7D1-2C70-465B-B0A9-475808F606BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{579628AC-21FA-4B61-B21F-F8BFE711A16C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{49BF64AB-469D-40D3-955E-42F7573573CC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A0B9A5F9-067A-4122-8DE4-FE09219DCE70}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{00A2A3C1-1039-497A-A505-1257474D7384}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7CFDD8E2-3869-4C65-A5C5-501260D925F3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{BD476D0A-5C2C-414C-BB43-E66AD869E182}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1E9F13D3-EFBD-488A-B433-6C14E2F65ECF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5CD4B53D-AC3E-44B4-8F20-9F15717F11B0}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A9D83512-2E05-4D1F-9734-8EEEA78C6710}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{8A44CB0E-D81A-4ECF-9D27-26232A09CE9B}] => (Allow) C:\Users\Cynthia\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1EE861CF-3970-4FD2-A0B4-B0D4483EDEDE}] => (Allow) C:\Users\Cynthia\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FB07CEBF-3E9C-4B97-94C0-D697600FE054}] => (Allow) C:\Users\Cynthia\AppData\Local\Temp\nsxE1F1.tmp\Installer-75978742.exe
FirewallRules: [{14E4F217-6ED6-4EC6-ADBF-724BED67E823}] => (Allow) C:\Users\Cynthia\AppData\Local\Temp\nsxE1F1.tmp\Installer-75978742.exe
FirewallRules: [{D0251114-CBC3-4C34-A0E7-8E49CE328C79}] => (Allow) C:\Users\Cynthia\AppData\Local\Temp\nsqDCA2.tmp\Installer-75978742.exe
FirewallRules: [{F3346E36-D538-447A-AD37-E4CFED0FCBF8}] => (Allow) C:\Users\Cynthia\AppData\Local\Temp\nsqDCA2.tmp\Installer-75978742.exe
FirewallRules: [{3E7F48C8-F524-4402-BC1F-EE606F0A1F47}] => (Allow) C:\Users\Cynthia\AppData\Local\Temp\nso9E06.tmp\Installer-75978742.exe
FirewallRules: [{153365EF-6B7B-452F-A161-51D286D27548}] => (Allow) C:\Users\Cynthia\AppData\Local\Temp\nso9E06.tmp\Installer-75978742.exe
FirewallRules: [TCP Query User{9D726B11-CCF9-49EA-9C45-4BD32AD59EB4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{EA3847DF-CC5F-441B-8F48-6C6B080D1721}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{2463D633-0832-4ADB-8990-5F568C1E8F17}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{297F88A7-F008-4041-A058-88E1360E8151}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{10EB6A0B-75ED-46F4-9DCE-535E0543D83C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{601E2C35-A45C-4BFC-9EE3-91059854CE76}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D79799EF-323F-429F-B140-E78D8FA2A855}] => (Allow) C:\wifi\WiFi.exe
FirewallRules: [{32B38D78-8361-4A84-9D91-81ABA2FA65E8}] => (Allow) C:\wifi\WifiService.exe
FirewallRules: [TCP Query User{26D9A9FF-CC9B-4B1C-8428-B834DBF1974B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C9D3E5F7-5872-4FBC-AB2A-BCD2D5E67863}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{17FB32A0-81EF-446E-AB5D-C5D0FBBBA89D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{04C439E6-D0CA-4FC9-AC5C-2281EC824705}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-09-2017 13:26:57 Windows Update
17-09-2017 06:48:54 Windows Update
21-09-2017 07:36:05 Windows Update
25-09-2017 09:06:27 Windows Update
28-09-2017 10:24:32 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/28/2017 06:45:51 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/28/2017 06:44:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1068, time stamp: 0x59125d35
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x58ed4d4f
Exception code: 0xc0000005
Fault offset: 0x0018da93
Faulting process id: 0xae4
Faulting application start time: 0x01d337e9990fe462
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: bf99c390-a3dd-11e7-83fc-acd1b8123506
Faulting package full name:
Faulting package-relative application ID:

Error: (09/28/2017 06:36:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/28/2017 06:36:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (09/27/2017 07:30:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/27/2017 07:30:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (09/27/2017 02:20:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSUAMain.exe, version: 4.0.0.646, time stamp: 0x56291049
Faulting module name: NdkApi.dll, version: 4.0.0.570, time stamp: 0x5625f2e9
Exception code: 0xc0000005
Fault offset: 0x000711a1
Faulting process id: 0xa14
Faulting application start time: 0x01d33736281f2e32
Faulting application path: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
Faulting module path: C:\Program Files (x86)\Panda Security\Panda Security Protection\NdkApi.dll
Report Id: 5784bb49-a354-11e7-83fc-acd1b8123506
Faulting package full name:
Faulting package-relative application ID:

Error: (09/27/2017 09:19:55 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/27/2017 09:11:40 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/27/2017 09:11:40 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

System errors:
=============
Error: (09/28/2017 10:27:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070664: Update for Microsoft OneNote 2013 (KB3172477) 64-Bit Edition.

Error: (09/28/2017 10:27:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070664: Update for Microsoft Word 2013 (KB4011105) 64-Bit Edition.

Error: (09/28/2017 10:27:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070664: Update for Microsoft Office 2013 (KB3191872) 64-Bit Edition.

Error: (09/28/2017 10:27:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070664: Security Update for Skype for Business 2015 (KB4011107) 64-Bit Edition.

Error: (09/28/2017 10:27:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070664: Security Update for Microsoft Word 2013 (KB3203393) 64-Bit Edition.

Error: (09/28/2017 10:27:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070664: Security Update for Microsoft Office 2013 (KB3162051) 64-Bit Edition.

Error: (09/28/2017 10:27:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070664: Update for Microsoft Publisher 2013 (KB3114329) 64-Bit Edition.

Error: (09/28/2017 10:27:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070664: Update for Microsoft OneDrive for Business (KB3178645) 64-Bit Edition.

Error: (09/28/2017 10:27:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070664: Update for Microsoft Access 2013 (KB3118349) 64-Bit Edition.

Error: (09/28/2017 10:26:54 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070664: Security Update for Microsoft Excel 2013 (KB4011108) 64-Bit Edition.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 82%
Total physical RAM: 4016.96 MB
Available physical RAM: 683.12 MB
Total Virtual: 9878.96 MB
Available Virtual: 4149.32 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:424.55 GB) (Free:199.78 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D2EE102B)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Aura]

You don't have any malicious extensions installed. Therefore, this block is triggered by one of the website you are visiting. You just need to determine which one it is, and stop visiting it. Also, using an Adblocker (like uBlock Origin) will prevent scripts like these from running.

Was there anything else?

[cynthian]

Nope that's all, thanks for your help!

[Aura]

No problem cynthian, you're welcome!

Stay safe  

[Aura]

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!