windows defender turned off

**jmarket** · 12-08-2017, 05:37 AM

Hi maxim123, please go HERE and download and run Security check. Post a copy of the log it produces.

**maxim123** · 12-08-2017, 05:59 AM

[ICODE] Results of screen317's Security Check version 1.014 --- 12/23/15 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 144 Java version 32-bit out of Date! Adobe Flash Player 26.0.0.137 Google Chrome (62.0.3202.94) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Windows Defender MSASCuiL.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` [/ICODE]

**jmarket** · 12-08-2017, 09:48 PM

Have you ever installed another AV or security program?

**maxim123** · 12-09-2017, 01:08 PM

Originally posted by gus

Have you ever installed another AV or security program?

No, I haven’t installed any other AV. There is antimalwarebytes though.

**jmarket** · 12-10-2017, 12:59 AM

I take it you mean “Malwarebytes” and because it’s not listed in security check I would again assume you installed the free version. If my assumptions are correct Malwarebytes may have turned off Defender. The free version of Malwarebytes runs as the full paid for version for a period until it reverts to a second opinion scanner.

I would not suspect anything sinister at this time from what you have asked, just turn on Defender and it will run fine because if my above assumption is correct about your copy of Malwarebytes it will only operate when run manually. It is always good practice to have a realtime malware scanner and a second opinion one, but do remember NEVER run two realtime protection apps together.

**maxim123** · 12-10-2017, 04:03 AM

Originally posted by gus

I take it you mean “Malwarebytes” and because it’s not listed in security check I would again assume you installed the free version. If my assumptions are correct Malwarebytes may have turned off Defender. The free version of Malwarebytes runs as the full paid for version for a period until it reverts to a second opinion scanner.

I would not suspect anything sinister at this time from what you have asked, just turn on Defender and it will run fine because if my above assumption is correct about your copy of Malwarebytes it will only operate when run manually. It is always good practice to have a realtime malware scanner and a second opinion one, but do remember NEVER run two realtime protection apps together.

Hi, I am not actually sure of this. But windows defender detected threats when I was browsing some site and there were forced ad pops. The windows defender said it detected the threats but when I open it, it doesn’t list any threats. Also, that was when i ran the browser in sandboxed mode.

**phillpower2** · 12-13-2017, 09:26 PM

If I may chime in while gus is offline

Can you post an Autoruns log for us, download from here

1: Extract the Autoruns Zip file contents to a folder.

2: Double-click the “Autoruns.exe”.

3: Click on the Options tab and then put a tick against the top three options.

4: Go to File then to Export As or Save in some versions.

5: Save AutoRuns.txt file to known location like your Desktop > when you click on File > Save you will then get the option to Save as type, click the drop down tab, change it to Text and then click the Save button.

6: Attach to your next reply.

Tutorial here

**maxim123** · 12-15-2017, 03:44 PM

Here is the file.

**phillpower2** · 12-15-2017, 11:57 PM

Hello maxim123,

Just so that you are aware our colleague gus is the malware expert here and I am in no way offering any sort of malware removal guidance only looking to see why Defender is not working for you (y)

Download then run the Malwarebytes Clean Uninstall Tool
Restart your computer, go into the Action Centre, All Settings, click on Windows Defender which is to the left and then the Open Windows Defender tab that should be in the middle of the screen, if it it is green and saying your PC is being monitored and protected that is good but I would still suggest that you select the Full scan option to the right and let gus know the results of the scan.

**maxim123** · 12-16-2017, 10:39 AM

Hi, I uninstalled malwarebytes with the above software. Some websites had been crashing since day before yesterday, and uninstalling the malwarebytes seems to have solved it.
Regarding windows defender full scan, it found one trojan and the previous detection seems to have been the same. a screenshot, it seems to be from sandbox. But shouldn’t sandbox prevent any harmful stuff from affecting the real files?

**phillpower2** · 12-16-2017, 01:23 PM

Hello maxim123,

Originally posted by maxim123

Hi, I uninstalled malwarebytes with the above software. Some websites had been crashing since day before yesterday, and uninstalling the malwarebytes seems to have solved it.
Regarding windows defender full scan, it found one trojan and the previous detection seems to have been the same.

Sounding good up to now but would suggest that you see how things go which will also give gus a chance to get back to you.

**jmarket** · 12-16-2017, 11:56 PM

Hello @maxim123 , and thank you @phillpower2

Sorry been super busy here, yes this computer is infected, shall now move the thread to malware.

**jmarket** · 12-17-2017, 12:04 AM

Hello maxim123 and welcome to PCHF

My Name is Gus and I’ll be helping you. Before we start can I ask you to read these instructions carefully and if possible print them out for use as we go through the cleaning process. Depending on what tools are in use you may not have access to these instructions.
[ul]
[li]If you are unsure of any request as we progress PLEASE ASK, and remember as we proceed that there is no such thing as a silly question.[/li][li]Please let me know if you are receiving help at another forum on this issue so I can close this thread?[/li][li]At the right hand top of your first post please click on the"Watch thread" marker so you will receive an immediate alert when I reply.[/li][li]Please do not run any tools other than the ones we ask you to, some can be very dangerous and actually make things worse.[/li][li]Should any tools we ask you to use give you a security warning you can safely allow them to run, they have all been proven safe.[/li][li]Download any requested tools and make sure to run them from the desktop, unless specifically instructed otherwise.[/li][li]Please do not install any other software whilst we cleanup, this can complicate the process, making cleaning impossible.[/li][li]With malware it can be impossible to determine the outcome, and whilst we will work to a positive result we strongly recommend you backup all your personal files and folders before we begin.[/li][li]As we proceed with disinfecting it may appear as if your computer is back to normal, but please stay with me till I give you the all clear. In return I will do the same for you.[/li][li]Do remember the fixes used to clean your machine are meant for your computer only, and the use on another computer may cause serious damage to that machine.[/li][li]When your machine has been cleaned we will remove all the tools used, and also give you some tips to keep your computer clean and safe in the future.[/li][li]Finally, please allow me a little time to analyse any logs I request from you, I know you want your computer cleaned yesterday but please remember we are all volunteers here and we do have a life that sometimes takes us away from computers. If your thread gets closed due to no response from you you can PM me or a staff member and have it reopened. Should you not hear from me within 48 hours please PM me.[/li][li]That’s the last of the fine print so lets get under way:thumbsup:[/li][/ul]

We need a log from Farbar Recovery Scan Tool (FRST) to examine your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu"

Forums - PC Help Forum

https://pchelpforum.net/attachments/icon2-jpg.112/

PCHF Forums

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.

Forums - PC Help Forum

https://pchelpforum.net/attachments/frst-disclaimer-jpg.113/

PCHF Forums

[ol]
[li]Accept the default whitelist options,[/li][li]If the additions.txt options box is not checked please select it. [/li]
[li]Then select “Scan”[/li][/ol]

Forums - PC Help Forum

https://pchelpforum.net/attachments/frst-jpg.114/

PCHF Forums

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

Forums - PC Help Forum

https://pchelpforum.net/attachments/2016-08-12_152002-jpg.115/

PCHF Forums

Please COPY and PASTE the contents of these two files in your next post.

We will also need a log from AdwCleaner for further information.

Please download a copy of AdwCleaner from HERE, it is important to download it to your desktop.

Once downloaded to the desktop AdwCleaner will create an icon [MEDIA=imgur]eEGkHPS[/MEDIA]

Should you receive any security warnings or your User Account Control warning appears whilst you are using this application you can safely allow AdwCleaner to continue.

Before running AdwCleaner please ensure all other programs and browsers are closed, then double left click the icon to open it.

AdwCleaner will open, click the scan button to start searching.

[MEDIA=imgur]hBYSf6z[/MEDIA]

The scan may take some time to complete, and when it has any malware found will be automatically selected for quarantining. Click the “Clean” button.

[MEDIA=imgur]ftC2WaB[/MEDIA]

After a few seconds a message should tell you your computer will now reboot. Allow the reboot.

When the computer restarts a log file will be displayed, but if its closed for any reason before copying the contents, you will find a copy of the file if you navigate to C:\AdwCleaner[C#].txt (The C denotes the Cleaning log)

[MEDIA=imgur]jr9Bx9h[/MEDIA]

Please Copy and Paste the contents of the log file with your next reply.

**maxim123** · 12-18-2017, 05:35 AM

frst and addition texts:

Frst:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by Max (administrator) on ADMIN (18-12-2017 11:12:49)
Running from C:\Users\USER\Desktop
Loaded Profiles: Max (Available Profiles: Max)
Platform: Windows 10 Pro Version 1703 15063.786 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) D:\Program Files\Sandboxie\SbieSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo Group Limited) C:\Program Files\lenovo\iMController\Service\Lenovo.Modern.ImController.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
() D:\Program Files (x86)\tunnelbear\TunnelBear.Maintenance.exe
(Windscribe Limited) D:\Program Files (x86)\Windscribe\WindscribeService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Tonec Inc.) D:\Program Files (x86)\Internet Download Manager\IDMan.exe
(QFX Software Corporation) D:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) D:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Tonec Inc.) D:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)
HKLM...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM-x32...\Run: [KeyScrambler] => d:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-08-14] (QFX Software Corporation)
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\Run: [SandboxieControl] => d:\Program Files\Sandboxie\SbieCtrl.exe [799880 2017-10-30] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\Run: [IDMan] => D:\Program Files (x86)\Internet Download Manager\IDMan.exe [4022328 2017-11-04] (Tonec Inc.)
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\MountPoints2: {0fd87a4d-a848-11e7-854a-68f728506e46} - “F:\HiSuiteDownLoader.exe”
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\MountPoints2: {857f8e51-c5bd-11e7-8555-7629af2c9055} - “F:\Setup.exe” /s

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-900945925-988278395-3478122750-1001] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{01068155-a52c-4740-b306-07578124303c}: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{29e036c1-4265-4952-8012-f43a55ab4933}: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{3ee4e1e4-47d5-4352-aec3-6f70569b12df}: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{550aa576-2f3f-4c5f-92a0-b05da9b2b432}: [DhcpNameServer] 172.18.12.1
Tcpip..\Interfaces{F6C362E6-31CF-4394-9851-E5D33DF654FC}: [DhcpNameServer] 192.168.30.1
[HEADING=1]Internet Explorer:[/HEADING]
HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
URLSearchHook: [S-1-5-21-900945925-988278395-3478122750-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU.DEFAULT → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-900945925-988278395-3478122750-1001 → {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) → {0055C089-8582-441B-A0BF-17B458C2A3A8} → D:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-09-22] (Internet Download Manager, Tonec Inc.)
BHO: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) → {0055C089-8582-441B-A0BF-17B458C2A3A8} → D:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-09-22] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-03] (Oracle Corporation)
BHO-x32: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-03] (Oracle Corporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
[HEADING=1]FireFox:[/HEADING]
FF DefaultProfile: eq5dug03.default-1511160404574
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\eq5dug03.default-1511160404574 [2017-12-18]
FF Session Restore: Mozilla\Firefox\Profiles\eq5dug03.default-1511160404574 → is enabled.
FF Extension: (Zhongwen: Chinese-English Dictionary) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\eq5dug03.default-1511160404574\Extensions{b65c7bc6-846b-4f65-b6ed-099d7e042309}.xpi [2017-12-18]
FF Extension: (Adblock Plus) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\eq5dug03.default-1511160404574\Extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF HKU\S-1-5-21-900945925-988278395-3478122750-1001...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - D:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-10-06]
FF HKU\S-1-5-21-900945925-988278395-3478122750-1001...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\USER\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\USER\AppData\Roaming\IDM\idmmzcc5 [2017-11-06] [Legacy] [not signed]
FF HKU\S-1-5-21-900945925-988278395-3478122750-1001...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26] [Legacy]
FF Plugin: @adobe.com/FlashPlayer → C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 → C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 → C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer → C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp → D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf → D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 → C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 → C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater → C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 → C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 → C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 → D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 → d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 → d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @webex.com/npatgpc → D:\ProgramData\WebEx\npatgpc.dll [2016-12-21] (Cisco WebEx LLC)
[HEADING=1]Chrome:[/HEADING]
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2017-12-18]
CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (Google Search) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Just Read) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmanlpmmkibanfdgjocnabmcaclkmod [2017-09-02]
CHR Extension: (ChromeVox) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgejglhpjiefppelpmljglcjbhoiplfn [2017-05-03]
CHR Extension: (Zhongwen: Chinese-English Dictionary) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde [2017-12-11]
CHR Extension: (Timer Loop) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdkfiefeoimmobmhdimachkfcpkgahlc [2017-05-09]
CHR Extension: (TTSReader - Unlimited Text-To-Speech) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\melfcogdhodeocnkdiplgdpkllopbhan [2017-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-03]
CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-10]
CHR HKLM...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-10-06]
CHR HKLM...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-10-06]
CHR HKLM-x32...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DsRoleSvc; C:\WINDOWS\system32\dsrolesrv.dll [288768 2017-06-05] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2015-08-24] (ELAN Microelectronics Corp.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373688 2017-06-12] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68408 2017-11-12] (Lenovo Group Limited)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
R2 SbieSvc; d:\Program Files\Sandboxie\SbieSvc.exe [198792 2017-10-30] (Sandboxie Holdings, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TunnelBearMaintenance; D:\Program Files (x86)\tunnelbear\TunnelBear.Maintenance.exe [37248 2017-09-06] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-08] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-08] (Microsoft Corporation)
R2 WindscribeService; d:\Program Files (x86)\Windscribe\WindscribeService.exe [71272 2017-05-09] (Windscribe Limited)
S3 Browser; %SystemRoot%\System32\browser.dll

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\atikmdag.sys [36558232 2017-05-04] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\atikmpag.sys [528792 2017-05-04] (Advanced Micro Devices, Inc.)
R2 AnviFPFltd; C:\WINDOWS\System32\DRIVERS\AnviFPFltd.sys [28568 2015-02-09] (AnviSoft.com)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 fcdabus; C:\WINDOWS\System32\drivers\fcdabus.sys [24592 2008-10-29] (FarStone Inc.)
U5 FVXSCSI; C:\Windows\System32\Drivers\FVXSCSI.sys [118360 2009-12-23] (FarStone Inc.)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [224208 2015-06-03] (QFX Software Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R1 MpKsl6120f8d3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates{6DAD1BA3-FC3A-4157-B699-2DAB1A22ADC4}\MpKsl6120f8d3.sys [58120 2017-12-15] (Microsoft Corporation)
R1 MpKsl903a975c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates{0195D31D-9DF5-4DFF-BF1E-F7A20A830081}\MpKsl903a975c.sys [58120 2017-12-18] (Microsoft Corporation)
S3 pbfilter; D:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-08-09] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [615728 2015-06-04] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-08-10] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-08-10] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-03-19] (Realtek Semiconductor Corporation )
R3 SbieDrv; d:\Program Files\Sandboxie\SbieDrv.sys [209544 2017-10-30] (Sandboxie Holdings, LLC)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-02-09] (Anchorfree Inc.)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (The OpenVPN Project)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-08] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-08] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-08] (Microsoft Corporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-03-17] (CyberLink Corp.)
S3 catchme; ??\C:\Users\USER\AppData\Local\Temp\catchme.sys <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-18 11:12 - 2017-12-18 11:14 - 000020222 _____ C:\Users\USER\Desktop\FRST.txt
2017-12-18 11:10 - 2017-12-18 11:10 - 002392064 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
2017-12-16 10:30 - 2017-12-18 10:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-16 10:25 - 2017-12-16 10:31 - 000081823 _____ C:\Users\USER\Desktop\mb-clean-results.txt
2017-12-16 10:11 - 2017-12-16 10:11 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-12-15 21:28 - 2017-12-15 21:28 - 000071906 _____ C:\Users\USER\Desktop\ADMIN.txt
2017-12-13 16:47 - 2017-12-13 16:47 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-12-13 14:10 - 2017-11-30 09:18 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-13 14:10 - 2017-11-30 09:18 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-13 14:10 - 2017-11-30 09:18 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-12-13 14:10 - 2017-11-30 09:14 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-13 14:10 - 2017-11-30 09:11 - 002647216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-13 14:10 - 2017-11-30 09:09 - 000870896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-13 14:10 - 2017-11-30 09:08 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-13 14:10 - 2017-11-30 09:08 - 001194248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-13 14:10 - 2017-11-30 08:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-13 14:10 - 2017-11-30 08:44 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-13 14:10 - 2017-11-30 08:43 - 006763128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-13 14:10 - 2017-11-30 08:43 - 000702032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-13 14:10 - 2017-11-30 08:42 - 001123968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-13 14:10 - 2017-11-30 08:30 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-13 14:10 - 2017-11-30 08:30 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-13 14:10 - 2017-11-30 08:29 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-13 14:10 - 2017-11-30 08:29 - 019334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-13 14:10 - 2017-11-30 08:29 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 14:10 - 2017-11-30 08:29 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-13 14:10 - 2017-11-30 08:29 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-13 14:10 - 2017-11-30 08:28 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-13 14:10 - 2017-11-30 08:28 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-13 14:10 - 2017-11-30 08:28 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-13 14:10 - 2017-11-30 08:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-13 14:10 - 2017-11-30 08:27 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-12-13 14:10 - 2017-11-30 08:27 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 14:10 - 2017-11-30 08:27 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-13 14:10 - 2017-11-30 08:27 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 14:10 - 2017-11-30 08:27 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-13 14:10 - 2017-11-30 08:27 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-13 14:10 - 2017-11-30 08:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-13 14:10 - 2017-11-30 08:26 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-12-13 14:10 - 2017-11-30 08:26 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-13 14:10 - 2017-11-30 08:26 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-12-13 14:10 - 2017-11-30 08:26 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 14:10 - 2017-11-30 08:26 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-13 14:10 - 2017-11-30 08:25 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-13 14:10 - 2017-11-30 08:25 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-13 14:10 - 2017-11-30 08:25 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-13 14:10 - 2017-11-30 08:25 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-13 14:10 - 2017-11-30 08:25 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-13 14:10 - 2017-11-30 08:24 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-13 14:10 - 2017-11-30 08:24 - 003206656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-13 14:10 - 2017-11-30 08:24 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-13 14:10 - 2017-11-30 08:24 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-12-13 14:10 - 2017-11-30 08:23 - 008195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-13 14:10 - 2017-11-30 08:23 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-12-13 14:10 - 2017-11-30 08:23 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-13 14:10 - 2017-11-30 08:23 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-12-13 14:10 - 2017-11-30 08:23 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-13 14:10 - 2017-11-30 08:22 - 006252544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-13 14:10 - 2017-11-30 08:22 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-13 14:10 - 2017-11-30 08:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-13 14:10 - 2017-11-30 08:22 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-12-13 14:10 - 2017-11-30 08:21 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-12-13 14:10 - 2017-11-30 08:21 - 004726784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-13 14:10 - 2017-11-30 08:21 - 003652096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-13 14:10 - 2017-11-30 08:21 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-13 14:10 - 2017-11-30 08:21 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-13 14:10 - 2017-11-30 08:21 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-12-13 14:10 - 2017-11-30 08:21 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-13 14:10 - 2017-11-30 08:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-13 14:10 - 2017-11-30 08:20 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-13 14:10 - 2017-11-30 08:19 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-12-13 14:10 - 2017-11-17 15:31 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-12-13 14:10 - 2017-11-17 15:31 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-13 14:10 - 2017-11-17 15:31 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-12-13 14:10 - 2017-11-17 15:31 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-13 14:10 - 2017-11-17 15:31 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-13 14:10 - 2017-11-17 15:31 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-13 14:10 - 2017-11-17 15:31 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-12-13 14:10 - 2017-11-17 15:31 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-12-13 14:10 - 2017-11-17 15:31 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-12-13 14:10 - 2017-11-17 15:31 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-13 14:10 - 2017-11-17 15:31 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-12-13 14:10 - 2017-11-17 15:31 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-12-13 14:10 - 2017-11-17 15:31 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-12-13 14:10 - 2017-11-17 15:26 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-12-13 14:10 - 2017-11-17 15:24 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-12-13 14:10 - 2017-11-17 15:24 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-13 14:10 - 2017-11-17 15:22 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-13 14:10 - 2017-11-17 15:16 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-12-13 14:10 - 2017-11-17 14:48 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-13 14:10 - 2017-11-17 14:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-13 14:10 - 2017-11-17 14:44 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-12-13 14:10 - 2017-11-17 14:41 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-12 12:03 - 2017-12-12 12:04 - 000552148 _____ C:\WINDOWS\Minidump\121217-26953-01.dmp
2017-12-12 12:03 - 2017-12-12 12:03 - 547241216 _____ C:\WINDOWS\MEMORY.DMP
2017-12-10 10:59 - 2017-12-10 10:59 - 000000000 ____D C:\Program Files\Dolby Digital Plus
2017-12-08 11:42 - 2017-12-08 11:42 - 000852798 _____ C:\Users\USER\Desktop\SecurityCheck.exe
2017-12-03 11:39 - 2017-12-03 11:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2017-11-20 12:26 - 2017-12-10 09:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-20 12:26 - 2017-12-10 09:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-20 12:26 - 2017-12-09 18:09 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-20 12:26 - 2017-11-20 12:26 - 000000999 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-11-19 09:45 - 2017-12-02 23:59 - 000000626 _____ C:\Users\USER\Desktop\insanity.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-18 11:12 - 2017-08-08 09:24 - 000000000 ____D C:\FRST
2017-12-18 11:04 - 2017-06-04 15:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-18 10:45 - 2015-06-07 08:27 - 000000791 _____ C:\Users\USER\Desktop\mod 2 (.txt
2017-12-18 09:26 - 2017-08-08 16:17 - 000000000 ____D C:\Users\USER\AppData\LocalLow\Mozilla
2017-12-16 16:20 - 2016-11-24 15:20 - 000159265 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-12-16 16:15 - 2017-06-04 15:10 - 000000180 _____ C:\WINDOWS\system32{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-12-16 15:02 - 2017-10-03 20:16 - 000000000 ____D C:\Users\USER\AppData\Roaming\DMCache
2017-12-16 10:29 - 2017-06-04 15:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-16 10:28 - 2017-03-18 17:25 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-12-16 10:25 - 2015-02-02 16:34 - 000000000 ____D C:\Users\USER\AppData\Local\CrashDumps
2017-12-16 10:10 - 2017-03-19 02:46 - 000000000 ____D C:\WINDOWS\INF
2017-12-15 21:38 - 2017-03-19 02:48 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-15 21:38 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-15 21:26 - 2015-10-30 19:01 - 000000000 ____D C:\Users\USER\Downloads\Compressed
2017-12-14 20:21 - 2014-08-17 19:03 - 000000000 ____D C:\Users\USER\AppData\Local\Packages
2017-12-14 19:37 - 2017-03-08 02:10 - 000000000 ____D C:\Users\USER\AppData\Roaming\vlc
2017-12-13 17:28 - 2016-11-21 00:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-13 17:24 - 2017-06-04 15:07 - 005042168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-13 16:47 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-13 15:51 - 2016-10-02 19:28 - 000479040 _____ C:\Users\USER\Desktop\mixed.xspf
2017-12-13 14:23 - 2017-03-19 02:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-13 14:18 - 2015-02-15 19:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-13 14:13 - 2017-10-11 13:47 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 14:12 - 2015-02-15 19:22 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-12 12:03 - 2017-06-30 08:31 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-10 10:53 - 2015-04-11 20:00 - 000000000 ____D C:\Users\USER\AppData\Local\ElevatedDiagnostics
2017-12-09 08:42 - 2015-10-03 12:48 - 000002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-08 10:12 - 2017-10-20 09:50 - 000000000 ____D C:\Users\USER\AppData\Roaming\qBittorrent
2017-12-07 13:13 - 2017-10-03 20:16 - 000000000 ____D C:\Users\USER\AppData\Roaming\IDM
2017-12-05 16:24 - 2017-09-24 11:15 - 000000000 ____D C:\Users\USER\AppData\Roaming\TunnelBear
2017-12-02 08:10 - 2017-03-19 02:51 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-02 08:10 - 2017-03-19 02:51 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-30 08:49 - 2013-08-22 21:29 - 000395310 __RSH C:\bootmgr
2017-11-26 09:28 - 2017-09-07 15:06 - 000163560 _____ C:\WINDOWS\system32\prfh0804.dat
2017-11-26 09:28 - 2017-09-07 15:06 - 000054938 _____ C:\WINDOWS\system32\prfc0804.dat
2017-11-26 09:28 - 2017-06-04 15:14 - 000720926 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-21 16:32 - 2015-02-15 15:48 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-20 12:17 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-19 21:09 - 2014-08-17 21:25 - 000000000 ____D C:\Users\USER\AppData\Roaming\Mozilla

==================== Files in the root of some directories =======

2015-10-10 00:28 - 2015-10-10 00:28 - 000000132 _____ () C:\Users\USER\AppData\Roaming\Adobe BMP Format CS6 Prefs
2016-11-25 22:45 - 2016-11-29 09:54 - 000000724 _____ () C:\Users\USER\AppData\Local\BlackToText907.tif
2015-02-02 14:12 - 2015-08-08 10:01 - 3941910743 _____ () C:\Users\USER\AppData\Local\BTServer.log
2016-11-25 22:53 - 2016-11-29 09:54 - 000000026 _____ () C:\Users\USER\AppData\Local\gt-props
2015-03-23 18:33 - 2017-10-30 09:24 - 000007600 _____ () C:\Users\USER\AppData\Local\resmon.resmoncfg
2016-06-18 10:14 - 2016-06-18 10:14 - 000000000 _____ () C:\Users\USER\AppData\Local{0F5721C5-C3C8-48A3-8C8E-0FF32FF6C759}
[HEADING=1]Some files in TEMP:[/HEADING]
2017-12-02 22:11 - 2017-12-02 22:11 - 000040448 ____N () C:\Users\USER\AppData\Local\Temp\proxy_vole585277975860488209.dll
2017-12-02 22:11 - 2017-12-02 22:11 - 000040448 ____N () C:\Users\USER\AppData\Local\Temp\proxy_vole5885040924349865855.dll
2017-12-02 22:11 - 2017-12-02 22:11 - 000040448 ____N () C:\Users\USER\AppData\Local\Temp\proxy_vole7166972014569587069.dll
2017-12-03 11:29 - 2017-12-03 11:32 - 008980104 _____ (Sandboxie Holdings, LLC) C:\Users\USER\AppData\Local\Temp\SandboxieInstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-15 22:39

==================== End of FRST.txt ============================

addition:
[HEADING=1]

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Max (18-12-2017 11:16:00)
Running from C:\Users\USER\Desktop
Windows 10 Pro Version 1703 15063.786 (X64) (2017-06-04 10:08:36)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-900945925-988278395-3478122750-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-900945925-988278395-3478122750-503 - Limited - Disabled)
Guest (S-1-5-21-900945925-988278395-3478122750-501 - Limited - Disabled)
Max (S-1-5-21-900945925-988278395-3478122750-1001 - Administrator - Enabled) => C:\Users\USER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32...\7-Zip) (Version: - )
9-lab Removal Tool (HKLM-x32...\9-lab Removal Tool) (Version: - )
Adobe AIR (HKLM-x32...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AMD Software (HKLM...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32...\Anki) (Version: - )
Audacity 2.1.3 (HKLM-x32...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
AutoHotkey 1.1.26.01 (HKLM...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Bulk Rename Utility 2.7.1.3 (HKLM...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
calibre (HKLM-x32...{00F91371-9FE2-4F75-9B49-8F7D1C135214}) (Version: 3.7.0 - Kovid Goyal)
Catalyst Control Center Next Localization BR (HKLM...{15EEB07A-3FB9-FA4C-8EFF-697728CB1E5C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM...{D6823E97-B396-927D-D651-AFB82BE03523}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM...{4B01C6D5-4693-6CA8-ECF7-A0F9E7FEC6DB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM...{A63E3031-0522-18C6-F18F-7EE80973315F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM...{50DBC6DD-C2A2-2C38-FE37-A48208474155}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM...{A2966D0F-43BB-116D-C9C7-49612FBFD0AE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM...{4C608ED2-535B-2119-3661-9E6F7DDB600F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM...{BF26ACAF-6D09-023B-5FB7-8A848874A724}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM...{9005C809-497A-FD45-CB96-76A3338E35B9}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM...{9DB37D05-F855-5D7D-08C2-25E00E2CCDBC}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM...{87250370-0A99-4ED9-DCE4-970DAC325FA5}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM...{D84300A6-72F1-5771-B3B1-8FC71184AB38}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM...{1F815C78-D31E-53FD-C8BF-3215E4F022A3}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM...{56D13277-FA9F-2842-682D-DD7298973585}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM...{79F58747-D616-4CDB-7D8B-4BC580D99153}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM...{8D0C7788-D519-7B65-36F6-D0D21296F173}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM...{02E80355-64BF-6C1E-B0B7-76857D62A86D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM...{930FD2C7-D026-197D-94E4-CB5917CE7420}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM...{086D11E3-9CA4-DBEF-2B48-5A2EFFD53145}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM...{77158555-E271-A561-ECDA-611639388B5C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM...{97673BD1-8CA0-53EF-C4E7-282CD8748F1C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM...{D0C1EAB6-92F1-EE91-04C2-5947EE150593}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM...{57EAA61A-CD02-DF34-0839-2549F57A334C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM...{F1AD64B3-4114-8EF7-407C-F9F9122EDA68}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM...{AA477FD2-347B-1732-5D8C-AF35AF1B9703}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM...{ED28D75F-557C-39C9-5004-F8F17C8BC279}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM...{41268A73-D680-48C5-DE5E-CF67C05CBBBB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM...{BBFC5953-2CB9-5932-1D47-52E4AA99737B}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM...{01E7D692-D785-743F-5A55-F00162D26A1C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM...{9655DE76-0987-9159-5A7E-FCE18409D004}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM...{5D8BA452-1264-7D13-E4EC-8236EC5B83FE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM...{CD73EC8B-9F04-5EA1-8FD4-AEE4DAC51267}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM...{397C2EE5-B514-0CC5-53C3-2FBE46CE6EDF}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM...{F49BA906-83DA-3F5A-5B24-03C8DE2A3936}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM...{45FA39D2-8AEB-AFF8-2FA6-96891732CB80}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM...{5A466CAA-F071-D9EF-A799-EF63552DBE70}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM...{B3EA6CCB-F44C-DC35-94F5-1B9CC18FE598}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM...{D7DC4DDB-3E0D-6F79-4258-4A461654B689}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM...{ACDFF800-6015-BEEC-8A27-7B1A80915273}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM...{AEE4C0AE-CDAF-5D37-2DA3-A2B3FDFE6E81}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM...{A28B1FC5-3947-9D39-7FE5-A3CB18E16358}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM...{BE064737-1F2C-ECDD-916C-798E3D18C263}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM...\CCleaner) (Version: 5.35 - Piriform)
Conexant HD Audio (HKLM...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
DCX Trader 1.8.15 (HKLM-x32...\DCX_Deploy_0) (Version: - )
Dolby Digital Plus Home Theater (HKLM...{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Foxit Reader (HKLM-x32...\Foxit Reader_is1) (Version: 8.3.1.21155 - Foxit Software Inc.)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32...{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
IDM Patch 6.29 build 2 Patch (HKLM-x32...\IDM Patch 6.29 build 2 Patch) (Version: 6.29 build 2 - Crackingpatching.com Team)
InstaTrader (HKLM-x32...\InstaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
Intel(R) Processor Graphics (HKLM-x32...{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Internet Download Manager (HKLM-x32...\Internet Download Manager) (Version: - Tonec Inc.)
IP Camera Adapter (HKLM-x32...{6D140BFF-7CC5-4BFE-AD6D-47035FFE5F14}) (Version: 2.0.0.0 - Pavel Khlebovich)
Java 8 Update 144 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JDownloader 2 (HKLM...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeyScrambler (HKLM-x32...\KeyScrambler) (Version: 3.8.1.0 - QFX Software Corporation)
K-Lite Codec Pack 11.4.0 Basic (HKLM-x32...\KLiteCodecPack_is1) (Version: 11.4.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32...\LAME_is1) (Version: - )
Lenovo EasyCamera (HKLM-x32...{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo pointing device (HKLM...\Elantech) (Version: 11.4.69.4 - ELAN Microelectronic Corp.)
MetaTrader - EXNESS (HKLM-x32...\MetaTrader - EXNESS) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft Excel 2010 (HKLM-x32...\Office14.EXCEL) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM...{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32...{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32...{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32...{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32...{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32...{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 57.0.2 (x64 en-US) (HKLM...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MusicBee 3.0 (HKLM-x32...\MusicBee) (Version: 3.0 - Steven Mayall)
Network Recording Player (HKLM-x32...{79417ECE-DA9D-49B3-B1C9-83AA3EAE6AE0}) (Version: 31.9.3.13 - Cisco WebEx LLC)
OEM Application Profile (HKLM-x32...{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenAL (HKLM-x32...\OpenAL) (Version: - )
PeerBlock 1.2 (r693) (HKLM...{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PrimoPDF – brought to you by Nitro PDF Software (HKLM-x32...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PX Profile Update (HKLM-x32...{954CFDDE-AF07-2AF9-9600-706E798D42BA}) (Version: 1.00.1. - AMD) Hidden
qBittorrent 3.3.16 (HKLM-x32...\qBittorrent) (Version: 3.3.16 - The qBittorrent project)
Raptr (HKLM-x32...\Raptr) (Version: 5.2.1-r113066-release - Raptr, Inc)
Sandboxie 5.22 (64-bit) (HKLM...\Sandboxie) (Version: 5.22 - Sandboxie Holdings, LLC)
Skype Click to Call (HKLM-x32...{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32...{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: - )
Subtitle Edit 3.4.6 (HKLM-x32...\SubtitleEdit_is1) (Version: 3.4.6.544 - Nikse)
Subtitle Edit 3.5.3 (HKLM...\SubtitleEdit_is1) (Version: 3.5.3.0 - Nikse)
TunnelBear (HKLM-x32...{8092fbe5-9e59-4729-a5de-5bb6a64873cc}) (Version: 3.0.37.12 - TunnelBear)
TunnelBear (HKLM-x32...{ABC9BE61-B890-4100-BCA4-5AC3BF1F3CB5}) (Version: 3.0.37.12 - TunnelBear) Hidden
Tweaking.com - Windows Repair (HKLM-x32...\Tweaking.com - Windows Repair) (Version: 4.0.1 - Tweaking.com)
USB Vibration Joystick (HKLM-x32...{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Virtual DJ Home - Atomix Productions (HKLM-x32...\Virtual DJ Home - Atomix Productions) (Version: - )
VLC media player (HKLM-x32...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM...{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windscribe version 1.70 build 4 (HKLM-x32...{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.70 build 4 - Windscribe)
WinHTTrack Website Copier 3.48-22 (x64) (HKLM...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
WinRAR 4.01 (32-bit) (HKLM-x32...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinRAR 5.40 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wise Data Recovery 3.82 (HKLM-x32...\Wise Data Recovery_is1) (Version: 3.82 - WiseCleaner.com, Inc.)
YTD Video Downloader 5.8.8 (HKLM-x32...{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.8.8 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID{0112bcab-ec40-8cbd-e8e0-18acfa7731940}\InprocServer32 → 0x6C41493845567338387553786F394142486741734146567A5A584A4F5957316C5055347651534E4462323177595735355055347651534E46545746706244314F4C30456A5648687553575139546939425150694B4563797A4D355763592F7044516932 (the data entry has 114 more characters). => No File
CustomCLSID: HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID{ef79fc18-df28-de4f-628c-b2e02c0815a76}\InprocServer32 → 0x9B8193826C8AD201D0E395826C8AD201010000000300000000000000 => No File
ShellIconOverlayIdentifiers: [ IDM Shell Extension] → {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc.)
ContextMenuHandlers1-x32: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => d:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [9-lab Removal Tool] → {8E571ABB-30D3-402F-BBEC-3954466CF529} => C:\Program Files\9-lab\Removal Tool\shellext.dll [2016-02-10] (9-lab LLC)
ContextMenuHandlers1-x32: [AIMP] → {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => → No File
ContextMenuHandlers1-x32: [Atheros] → {B8952421-0E55-400B-94A6-FA858FC0A39F} => → No File
ContextMenuHandlers1-x32: [EPP] → {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-19] (Microsoft Corporation)
ContextMenuHandlers1-x32: [Foxit_ConvertToPDF_Reader] → {A94757A0-0226-426F-B4F1-4DF381C630D3} => d:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-29] (Foxit Software Inc.)
ContextMenuHandlers1-x32: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [9-lab Removal Tool] → {8E571ABB-30D3-402F-BBEC-3954466CF529} => C:\Program Files\9-lab\Removal Tool\shellext.dll [2016-02-10] (9-lab LLC)
ContextMenuHandlers2: [EPP] → {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-19] (Microsoft Corporation)
ContextMenuHandlers4: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => → No File
ContextMenuHandlers4-x32: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => d:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4-x32: [9-lab Removal Tool] → {8E571ABB-30D3-402F-BBEC-3954466CF529} => C:\Program Files\9-lab\Removal Tool\shellext.dll [2016-02-10] (9-lab LLC)
ContextMenuHandlers4-x32: [AIMP] → {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => → No File
ContextMenuHandlers4-x32: [EncryptionMenu] → {A470F8CF-A1E8-4f65-8335-227475AA5C46} => → No File
ContextMenuHandlers4-x32: [EPP] → {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-19] (Microsoft Corporation)
ContextMenuHandlers4-x32: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers4-x32-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers4-x32-x32: [WorkFolders] → {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => → No File
ContextMenuHandlers5: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => → No File
ContextMenuHandlers5: [ACE] → {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] → {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => → No File
ContextMenuHandlers5: [igfxDTCM] → {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-06-12] (Intel Corporation)
ContextMenuHandlers5: [WorkFolders] → {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => → No File
ContextMenuHandlers6: [9-lab Removal Tool] → {8E571ABB-30D3-402F-BBEC-3954466CF529} => C:\Program Files\9-lab\Removal Tool\shellext.dll [2016-02-10] (9-lab LLC)
ContextMenuHandlers6: [BriefcaseMenu] → {85BBD920-42A0-1069-A2E4-08002B30309D} => → No File
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] → {A94757A0-0226-426F-B4F1-4DF381C630D3} => d:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-29] (Foxit Software Inc.)
ContextMenuHandlers6: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CFFAC74-2B0F-48F1-BAB2-7BD1A9E75C5C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess → No File <==== ATTENTION
Task: {12382A3B-9F27-4B4D-B7C0-6551032014C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
Task: {123F2F42-CE4F-4735-9E20-428497D2B200} - System32\Tasks\shutdown => C:\Windows\System32\shutdown.exe [2017-03-19] (Microsoft Corporation)
Task: {175EEFC8-16F5-4072-9093-46A1E622F59D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B → No File <==== ATTENTION
Task: {3A164F3D-787C-4685-BECB-4B7B366C9FDF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-12-13] (Microsoft Corporation)
Task: {4641179A-BBA6-4BA3-9BF2-A13AB04B2C27} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d → No File <==== ATTENTION
Task: {4B2BA625-3C43-42B8-8C98-8C7BAA251A61} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {6A0F36AE-7DF3-413C-BA95-E51BD7EE99AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d → No File <==== ATTENTION
Task: {6CFFC74A-9478-4A80-A16C-61BCC681BAB1} - \WPD\SqmUpload_S-1-5-21-900945925-988278395-3478122750-1001 → No File <==== ATTENTION
Task: {6D4B293C-8F43-4453-A883-362E6FDDFE83} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {6EB06010-4116-42F9-80EF-3ABA32C5DC1D} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {72595494-3553-45FA-886B-5B4AC6806CA5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {819DCFAD-1A4F-4AC2-BC4F-5295BF9C12A9} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7370e126-3bd9-40e1-bef2-35bfb98dde62 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {9AAC07DE-0054-4D1F-9665-8B0FF9DFAC7D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\78c2b2e3-92a3-4e9c-9a27-300ebec8e373 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {9C5012CD-5C56-4DF9-977B-DC497AE46D8E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {9DC43337-F240-499B-A7BB-353C15DEBCC4} - System32\Tasks{1E6113B1-6320-42D6-98F3-9B2BBA5E0C28} => “d:\program files (x86)\mozilla firefox\firefox.exe” hxxp://ui.skype.com/ui/0/7.4.0.102/en/go/help.faq.installer?LastError=1638
Task: {A0CCB3EE-6C70-4B21-8E5B-F6AD89850B71} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {A2F71EA0-2D51-4117-9233-DF4CA5CD6A9D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd → No File <==== ATTENTION
Task: {ADE1B79E-902D-48F4-B104-0EAE57D965F2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d → No File <==== ATTENTION
Task: {B6E6ABD5-79ED-4B43-AAEB-7ECE3DAC097C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
Task: {BF728E4A-B1B4-406C-A6B2-1A4888A56396} - \OfficeSoftwareProtectionPlatform\SvcRestartTask → No File <==== ATTENTION
Task: {C07B4EB8-2EF6-4E54-832F-41346E84FE16} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent → No File <==== ATTENTION
Task: {C3366BA4-5CE0-4910-AB6B-A7BAF87DB671} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent → No File <==== ATTENTION
Task: {C46672D1-5E5C-4532-9CBB-5C4BB6E96FDF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\971cd3d0-3178-4923-86f1-728b838306da => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {C640FB47-29FB-4AC6-AFA5-C82226025C5A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d → No File <==== ATTENTION
Task: {D1D516C0-190A-447A-B181-6D3ADBE8AA1A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig → No File <==== ATTENTION
Task: {E68F61B3-0DDC-4B36-9D4D-DBC48274E53D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0374cc50-4abf-4d47-add0-f6850fafb218 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {E8B2FAB0-9F31-47D9-BC7A-29F2CCA8997C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {F7ECD4CC-F7F6-409A-890E-5F836A87DBEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d → No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-04-09 09:10 - 2011-03-01 04:22 - 000095008 _____ () C:\WINDOWS\System32\Primomonnt.dll
2017-09-06 16:48 - 2017-09-06 16:48 - 000037248 _____ () D:\Program Files (x86)\tunnelbear\TunnelBear.Maintenance.exe
2017-03-19 02:43 - 2017-03-19 02:43 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-06-04 15:11 - 2010-10-26 12:40 - 000049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2017-03-19 02:44 - 2017-03-19 08:15 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-12 17:38 - 2017-12-12 17:45 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-12-12 17:38 - 2017-12-12 17:45 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-12-12 17:38 - 2017-12-12 17:45 - 024735744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-12-12 17:38 - 2017-12-12 17:45 - 002551808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\skypert.dll
2017-12-14 19:54 - 2017-12-14 20:21 - 000477184 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-12-14 19:54 - 2017-12-14 20:21 - 058590720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-06 14:13 - 2017-10-06 14:20 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-11-14 08:54 - 2017-11-14 09:16 - 000164864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-12-14 19:54 - 2017-12-14 20:21 - 003727360 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-10-06 14:13 - 2017-10-06 14:20 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-12-14 19:54 - 2017-12-14 20:21 - 002270720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2017-12-14 19:54 - 2017-12-14 20:21 - 016395264 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-12-14 19:54 - 2017-12-14 20:21 - 003579904 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-12-14 19:54 - 2017-12-14 20:21 - 003204096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-08-29 11:45 - 2017-08-29 11:46 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-14 19:54 - 2017-12-14 20:21 - 000043520 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-12-14 19:54 - 2017-12-14 20:21 - 004038144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.People.PeoplePicker.dll
2017-12-14 19:54 - 2017-12-14 20:21 - 001367040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-12-14 19:54 - 2017-12-14 20:21 - 000214528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\SKU.dll
2017-10-10 18:45 - 2017-10-10 18:46 - 004252672 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-09-26 09:54 - 2017-09-26 09:56 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5ED747B8 [274]
AlternateDataStreams: C:\ProgramData\Temp:9857FAE3 [248]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => “”=“Service”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-900945925-988278395-3478122750-1001...\kmpmedia.net → hxxp://player.kmpmedia.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-26 08:15 - 2017-08-07 13:09 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-900945925-988278395-3478122750-1001\Control Panel\Desktop\Wallpaper → C:\Users\USER\Desktop\World_China_China__Guilin__Reed_Flute_Cave_027788_.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: FoxitReaderService => 2
MSCONFIG\Services: RosettaStoneDaemon => 2
HKLM...\StartupApproved\StartupFolder: => “Virtual Router Manager.lnk”
HKLM...\StartupApproved\StartupFolder: => “MagicLinker.lnk”
HKLM...\StartupApproved\Run: => “WindowsDefender”
HKLM...\StartupApproved\Run: => “HotKeysCmds”
HKLM...\StartupApproved\Run: => “Persistence”
HKLM...\StartupApproved\Run: => “AdobeAAMUpdater-1.0”
HKLM...\StartupApproved\Run: => “BtServer”
HKLM...\StartupApproved\Run: => “SmartAudio”
HKLM...\StartupApproved\Run32: => “Acrobat Assistant 8.0”
HKLM...\StartupApproved\Run32: => “Adobe Acrobat Speed Launcher”
HKLM...\StartupApproved\Run32: => “Adobe ARM”
HKLM...\StartupApproved\Run32: => “PowerDVD13Agent”
HKLM...\StartupApproved\Run32: => “USB Security”
HKLM...\StartupApproved\Run32: => “DelaypluginInstall”
HKLM...\StartupApproved\Run32: => “iSkysoft Helper Compact.exe”
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\StartupApproved\StartupFolder: => “OneNote 2010 Screen Clipper and Launcher.lnk”
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\StartupApproved\Run: => “Adobe”
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\StartupApproved\Run: => “Viber”
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\StartupApproved\Run: => “Messenger (Yahoo!)”
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\StartupApproved\Run: => “SandboxieControl”
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\StartupApproved\Run: => “uTorrent”
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\StartupApproved\Run: => “BlueStacks Agent”

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{4BD32AB6-F32F-4C2D-80E5-849A3530ED4C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{00003329-0888-4DD1-BFB7-7C8CF8634328}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{502B8641-BC35-4116-9C7E-18F6F156319E}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{61D1F560-FA78-4193-B943-7E28153C3B77}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{70F29ED6-836B-4B1A-B762-BB62499A24C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2CC7D37F-120E-4605-947A-2C9080097EBB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{47E1951A-0030-44EA-918B-259B72B0ED7F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check “winmgmt” service or repair WMI.

==================== Faulty Device Manager Devices =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click “Action”, and then click “Enable Device”. This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (12/18/2017 11:05:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “D:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (12/18/2017 11:05:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “D:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (12/16/2017 04:15:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “D:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (12/16/2017 03:02:42 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (12/16/2017 03:02:35 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (12/16/2017 03:02:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atieclxx.exe, version: 22.19.162.4, time stamp: 0x58fe9ff1
Faulting module name: atieclxx.exe, version: 22.19.162.4, time stamp: 0x58fe9ff1
Exception code: 0xc0000005
Fault offset: 0x0000000000026be6
Faulting process id: 0xa84
Faulting application start time: 0x01d376288241015b
Faulting application path: C:\WINDOWS\system32\atieclxx.exe
Faulting module path: C:\WINDOWS\system32\atieclxx.exe
Report Id: 361ba877-dba9-4685-ac58-cbbb56b8285f
Faulting package full name:
Faulting package-relative application ID:

Error: (12/16/2017 10:41:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “D:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (12/16/2017 10:41:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “D:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (12/16/2017 10:30:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “D:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (12/16/2017 10:29:16 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance due to the following error: The operation completed successfully. 0x0.
[HEADING=1]System errors:[/HEADING]
Error: (12/18/2017 09:25:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/16/2017 09:49:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/16/2017 04:18:25 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (12/16/2017 10:32:37 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (12/16/2017 10:31:04 AM) (Source: DCOM) (EventID: 10016) (User: ADMIN)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user ADMIN\Max SID (S-1-5-21-900945925-988278395-3478122750-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (12/16/2017 10:29:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the WAS service which failed to start because of the following error:
The specified module could not be found.

Error: (12/16/2017 10:29:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WMPNetworkSvc service terminated with the following error:
An attempt was made to reference a token that does not exist.

Error: (12/16/2017 10:29:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MSMQ service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/16/2017 10:29:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MSMQ service to connect.

Error: (12/16/2017 10:29:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error:
A device attached to the system is not functioning.
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2017-12-16 20:12:40.903
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-16 20:12:40.259
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-13 20:43:12.048
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-13 20:43:11.572
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-12 12:50:54.381
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-12 12:50:54.193
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-10 11:59:01.142
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-10 11:59:00.843
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-08 12:11:03.011
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-08 12:11:02.701
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core™ i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 75%
Total physical RAM: 3992.36 MB
Available physical RAM: 981.43 MB
Total Virtual: 6808.36 MB
Available Virtual: 2512.75 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:116.37 GB) (Free:53.82 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:348.57 GB) (Free:3.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 13FCABC6)
Partition 1: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=836 MB) - (Type=27)
Partition 3: (Not Active) - (Size=348.6 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

[/HEADING]

windows defender turned off

windows defender turned off

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment