1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Restrictive Malware on Windows 10 Laptop

Discussion in 'Virus & Other Malware Removal' started by Outdacell, Jul 10, 2017.

Thread Status:
Not open for further replies.
Advertisement
  1. Outdacell

    Outdacell Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    138
    First Name:
    Melvin
    I know I have some malware on this laptop but when attempting to remove it (via antimalware software) it handicaps the software. Whether its not allowing definition updates to Malwarebytes or SuperAntiSpyware, or not running TDSSKiller or freezing up Malwarebytes Anti Rootkit Beta scanner. I've even removed antispyware software because of how useless it really was. I even tried booting the PC into safemode and tried running these applications and every last one said the resource was already running even though the PC was just booted up with nothing running.

    I need some help before this gets any worse. Any ideas?


    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Home, 64 bit
    Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz, Intel64 Family 6 Model 60 Stepping 3
    Processor Count: 8
    RAM: 8120 Mb
    Graphics Card: Intel(R) HD Graphics 4600, 1024 Mb
    Hard Drives: C: 697 GB (506 GB Free);
    Motherboard: Type2 - Board Vendor Name1, Type2 - Board Product Name1
    Antivirus: Windows Defender, Enabled and Updated
     
  2. Outdacell

    Outdacell Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    138
    First Name:
    Melvin
    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
    Ran by Sharon-Toshiba (administrator) on DESKTOP-RL5BCH2 (10-07-2017 22:12:41)
    Running from C:\Users\Sharon-Toshiba\Downloads
    Loaded Profiles: Sharon-Toshiba (Available Profiles: defaultuser0 & Sharon-Toshiba)
    Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\dataup\dataup.exe
    () C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
    (Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (Nitro PDF Software) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    () C:\Windows\System32\tprdpw64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
    (Google, Inc) C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Google Inc.) C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
    () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
    (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
    (CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda\cshzvz\ct.exe
    () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
    () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
    () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
    (Microsoft Corporation) C:\Windows\System32\prevhost.exe
    (Microsoft Corporation) C:\Windows\System32\prevhost.exe
    ==================== Registry (Whitelisted) ====================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [601944 2015-08-14] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [559920 2015-10-09] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
    HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369240 2015-10-20] (Microsoft Corp.)
    HKLM-x32\...\Run: [TSUScheduler] => C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe [923520 2011-08-18] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [cpx] => "C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
    HKLM-x32\...\Run: [svcvmx] => C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [Dashlane] => C:\Users\Sharon-Toshiba\AppData\Roaming\Dashlane\Dashlane.exe [505296 2017-06-29] (Dashlane, Inc.)
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [DashlanePlugin] => C:\Users\Sharon-Toshiba\AppData\Roaming\Dashlane\DashlanePlugin.exe [552400 2017-06-29] (Dashlane, Inc.)
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7963552 2017-06-12] (SUPERAntiSpyware)
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [Google Update] => C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [Google Photos Backup] => C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-24] (BlueStack Systems, Inc.)
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [MusicManager] => C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-01] (Google Inc.)
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [Spotify Web Helper] => C:\Users\Sharon-Toshiba\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-16] (Spotify Ltd)
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4022328 2017-05-25] (Tonec Inc.)
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [InterStat] => C:\Users\Sharon-Toshiba\AppData\Roaming\InterStat\interstat.exe <==== ATTENTION
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [GoogleChromeAutoLaunch_5E9B00E50FBF7F4CE97A3FE9A19AA703] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2017-07-10]
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2017-03-17]
    ShortcutTarget: Slack.lnk -> C:\Users\Sharon-Toshiba\AppData\Local\slack\slack.exe (Slack Technologies)
    BootExecute: autocheck autochk * sdnclean64.exe
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    Tcpip\Parameters: [DhcpNameServer] 4.2.2.1
    Tcpip\..\Interfaces\{314a7f20-9c10-454a-9f70-ba6bc0b00dfe}: [DhcpNameServer] 4.2.2.1
    Tcpip\..\Interfaces\{4b3b1d40-78f9-45a8-a2d5-40e1d7cf8a39}: [DhcpNameServer] 8.8.8.8
    Internet Explorer:
    ==================
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-07-04] (Oracle Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-04] (Oracle Corporation)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-07-04] (Oracle Corporation)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-04] (Oracle Corporation)
    Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Sharon-Toshiba\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2017-06-29] (Dashlane, Inc.)
    Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
    Edge:
    ======
    Edge Extension: (Office Online) -> 2016_MicrosoftOfficeOnline_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.OfficeOnline_1.5.1.0_neutral__8wekyb3d8bbwe [2017-05-15]
    Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.1.6.0_neutral__c1wakc4j0nefm [2017-05-26]
    Edge Extension: (Pin It Button) -> EdgeExtension_PinterestPinItButton_xnkra2w3aecd0 => C:\Program Files\WindowsApps\Pinterest.PinItButton_1.39.5.0_neutral__xnkra2w3aecd0 [2017-04-15]
    Edge Extension: (Save to Pocket) -> EdgeExtension_PocketSavetoPocket_v63j13wrfzj3t => C:\Program Files\WindowsApps\Pocket.SavetoPocket_2.0.38.0_neutral__v63j13wrfzj3t [2017-04-06]
    Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.45.0_neutral__qq0fmhteeht3j [2017-06-23]
    Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.16.0_neutral__8wekyb3d8bbwe [2017-04-15]
    FireFox:
    ========
    FF DefaultProfile: 2y9roifj.default
    FF DefaultProfile: [email protected]
    FF ProfilePath: C:\Users\Sharon-Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2y9roifj.default [2017-06-30]
    FF Session Restore: Mozilla\Firefox\Profiles\2y9roifj.default -> is enabled.
    FF Extension: (Emoji Keyboard) - C:\Users\Sharon-Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2y9roifj.default\Extensions\@emojikeyboard.xpi [2017-06-22]
    FF Extension: (Enhancer for YouTube™) - C:\Users\Sharon-Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2y9roifj.default\Extensions\[email protected] [2017-03-25]
    FF Extension: (Dashlane) - C:\Users\Sharon-Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2y9roifj.default\Extensions\[email protected] [2017-06-22]
    FF Extension: (uBlock Origin) - C:\Users\Sharon-Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2y9roifj.default\Extensions\[email protected] [2017-06-22]
    FF HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
    FF Extension: (No Name) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-05-16]
    FF HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Sharon-Toshiba\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\Sharon-Toshiba\AppData\Roaming\IDM\idmmzcc5 [2017-06-07] [not signed]
    FF HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
    FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-04] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-04] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-04] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-04] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2016-03-03] (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: logmeonce.com/LogmeOnce -> C:\Program Files (x86)\LogmeOnce\nplogmeonce.dll [No File]
    FF Plugin HKU\S-1-5-21-1391234854-2931249872-507013314-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Sharon-Toshiba\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-1391234854-2931249872-507013314-1001: @talk.google.com/O1DPlugin -> C:\Users\Sharon-Toshiba\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-1391234854-2931249872-507013314-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1391234854-2931249872-507013314-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Sharon-Toshiba\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Sharon-Toshiba\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.trovi.com/?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=IFD16E428-4DBC-4DF1-9DBE-1A0EC18048F4&SearchSource=55&CUI=&UM=8&UP=SP8D5DC7D9-9954-4ED7-87CD-9BCDE28EEBEC&D=060115&SSPV="
    CHR DefaultSearchURL: Default -> chrome-extension://chphlpgkkbolifaimnlloiipkdnihall/onetab.html
    CHR DefaultSearchKeyword: Default -> lp
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default [2017-07-10]
    CHR Extension: (Google Translate) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-07-01]
    CHR Extension: (Scribd Downloader Free) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aijgbekkajnbfllinekkbcibhnmgkcne [2017-03-10]
    CHR Extension: (Google Drive) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-08]
    CHR Extension: (MEGA) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-06-30]
    CHR Extension: (YouTube) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-08]
    CHR Extension: (Adblock Plus) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
    CHR Extension: (OneTab) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-03-08]
    CHR Extension: (OneNote Online) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciniambnphakdoflgeamacamhfllbkmo [2017-03-08]
    CHR Extension: (Spotify - Music for every moment) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2017-03-08]
    CHR Extension: (Download Manager) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\daoidaoebhfcgccdpgjjcbdginkofmfe [2017-03-08]
    CHR Extension: (MiniPlay) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfddfiedihbijfeacjamchlliogmjjnd [2017-03-09]
    CHR Extension: (Session Buddy) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2017-07-05]
    CHR Extension: (Google Calendar) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-03-08]
    CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2017-03-08]
    CHR Extension: (Google Play Music) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-07-10]
    CHR Extension: (Dashlane Secure Password Manager) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2017-07-06]
    CHR Extension: (Bookmark Manager) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2017-03-08]
    CHR Extension: (TweetDeck by Twitter) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2017-03-08]
    CHR Extension: (Google Photos) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2017-03-08]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-06-30]
    CHR Extension: (ImageSpark - Ultimate Image Downloader) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hooaoionkjogngfhjjniefmenehnopag [2017-03-16]
    CHR Extension: (Kindle Cloud Reader) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2017-03-08]
    CHR Extension: (Google Play Music) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2017-03-08]
    CHR Extension: (Zillow) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\iifccoboedmhjapdlpgkigibgnkmdjoh [2017-03-08]
    CHR Extension: (Unpaywall) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplffkdpngmdjhlpjmppncnlhomiipha [2017-06-20]
    CHR Extension: (Grammarly for Chrome) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-10]
    CHR Extension: (Google Hangouts) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-05-26]
    CHR Extension: (SoundCloud Downloader Free) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2017-03-08]
    CHR Extension: (Google Maps) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-03-08]
    CHR Extension: (Google Dictionary (by Google)) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-03-08]
    CHR Extension: (Pocket) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2017-03-08]
    CHR Extension: (OneDrive) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2017-03-08]
    CHR Extension: (IDM Integration Module) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-06-30]
    CHR Extension: (Save to Pocket) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2017-06-30]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
    CHR Extension: (Hover Zoom) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2017-04-14]
    CHR Extension: (Gmail) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-08]
    CHR Extension: (Chrome Media Router) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-30]
    CHR Extension: (Clearbit Connect - Supercharge Gmail™) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnhcgfcafcnkbengdcanjablaabjplo [2017-03-08]
    CHR Extension: (Enhancer for YouTube™) - C:\Users\Sharon-Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2017-07-10]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]
    CHR HKU\S-1-5-21-1391234854-2931249872-507013314-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]
    Opera:
    =======
    OPR Extension: (Google Translate) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-04-10]
    OPR Extension: (Scribd Downloader Free) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\aijgbekkajnbfllinekkbcibhnmgkcne [2017-04-08]
    OPR Extension: (Scribd Downloader Free) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\fbfifpkeojjlabelpjdgonmigjofgoim [2017-05-15]
    OPR Extension: (Google Scholar Adder) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmjdgeladpkegliclimggpbbkamkhomb [2017-04-07]
    OPR Extension: (Pocket (formerly Read It Later)) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\hedlhkdmdlcjhiblbmfggdiaeekblnoi [2017-04-07]
    OPR Extension: (LastPass: Free Password Manager) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2017-07-01]
    OPR Extension: (Toolbox for Google Play Store™) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\ijoigpeoogooiilehgffdnidbminnfmc [2017-04-07]
    OPR Extension: (Unpaywall) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\iplffkdpngmdjhlpjmppncnlhomiipha [2017-06-01]
    OPR Extension: (Grammarly for Chrome) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-01]
    OPR Extension: (GooglePlus Full-Size) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbgdfdhfmcibgdohjihdkeeedgdhlmke [2017-04-07]
    OPR Extension: (Download Chrome Extension) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2017-04-07]
    OPR Extension: (Youtube Downloader) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\mdpelnicjpejiahnbkdohfjglhmaohcb [2017-06-07]
    OPR Extension: (Google Dictionary (by Google)) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-04-07]
    OPR Extension: (Huntr: Job Search Tracker ) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\mihdfbecejheednfigjpdacgeilhlmnf [2017-07-01]
    OPR Extension: (IDM Integration Module) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-06-23]
    OPR Extension: (Scribd Downloader Free) - C:\Users\Sharon-Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2017-06-23]
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
    ==================== Services (Whitelisted) ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    "drmkpro64" => service could not be unlocked. <==== ATTENTION
    S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
    S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corp.)
    S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-24] (BlueStack Systems, Inc.)
    R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-24] (BlueStack Systems, Inc.)
    S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-24] (BlueStack Systems, Inc.)
    R2 Dataup; C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
    R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
    R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2016-12-02] (Intel Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
    R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [327320 2016-03-03] (Nitro PDF Software)
    R2 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [417944 2016-03-03] ()
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2015-09-22] (CyberLink)
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
    R2 windowsmanagementservice; C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda\cshzvz\ct.exe [689664 2017-05-30] () [File not signed] <==== ATTENTION
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
    ===================== Drivers (Whitelisted) ======================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-24] (BlueStack Systems)
    S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-22] (Bluestack System Inc. )
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-05-31] ()
    R1 HssDRV6; C:\WINDOWS\system32\DRIVERS\hssdrv6.sys [44648 2015-09-18] (AnchorFree Inc.)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2016-12-12] (Intel Corporation)
    R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-22] (Malwarebytes)
    S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-22] (Malwarebytes)
    S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-22] (Malwarebytes)
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-07-10] (Malwarebytes)
    S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [92088 2017-03-23] (Malwarebytes)
    R1 MpKslaf4bbe7b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D57D94D4-4E56-4DC1-9C00-E85D52ED7149}\MpKslaf4bbe7b.sys [44928 2017-07-10] (Microsoft Corporation)
    R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2017-03-18] (Intel Corporation)
    R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
    R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72792 2017-05-04] (Synaptics Incorporated)
    R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42088 2015-09-18] (Anchorfree Inc.)
    R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [52816 2016-08-03] (Toshiba Client Solutions Co., Ltd.)
    S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
    R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-03-17] (Windows (R) Win 7 DDK provider)
    S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2017-07-10 22:12 - 2017-07-10 22:14 - 00035461 _____ C:\Users\Sharon-Toshiba\Downloads\FRST.txt
    2017-07-10 22:11 - 2017-07-10 22:12 - 00000000 ____D C:\FRST
    2017-07-10 20:26 - 2017-07-10 20:26 - 02437120 _____ (Farbar) C:\Users\Sharon-Toshiba\Downloads\FRST64.exe
    2017-07-10 20:14 - 2017-07-10 20:16 - 02338496 _____ C:\Users\Sharon-Toshiba\Downloads\Hitlers Black Victims - Clarence Lusane.pdf
    2017-07-10 17:35 - 2017-07-10 17:45 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2017-07-10 17:33 - 2017-07-10 17:46 - 00000000 ____D C:\WINDOWS\pss
    2017-07-10 17:32 - 2017-07-10 17:32 - 00000000 ___HD C:\OneDriveTemp
    2017-07-10 17:23 - 2017-07-10 17:24 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Sharon-Toshiba\Desktop\tdsskiller.exe
    2017-07-10 15:42 - 2017-07-10 15:42 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump
    2017-07-10 15:40 - 2017-07-10 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
    2017-07-10 15:40 - 2017-07-10 15:40 - 00000000 ____D C:\Program Files (x86)\EMET 5.5
    2017-07-10 15:39 - 2017-07-10 15:39 - 00001067 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2017-07-10 15:16 - 2017-07-10 15:16 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
    2017-07-10 15:16 - 2017-07-10 15:16 - 00000000 ____D C:\Program Files (x86)\Secunia
    2017-07-05 00:02 - 2017-07-05 00:02 - 01192400 _____ C:\WINDOWS\is-MAP9U.exe
    2017-07-05 00:02 - 2017-07-05 00:02 - 00022709 _____ C:\WINDOWS\is-MAP9U.msg
    2017-07-05 00:02 - 2017-07-05 00:02 - 00000334 _____ C:\WINDOWS\is-MAP9U.lst
    2017-07-04 23:56 - 2017-07-04 23:56 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
    2017-07-04 22:15 - 2017-07-10 17:27 - 00000000 ____D C:\Program Files\AVAST Software
    2017-07-04 22:13 - 2017-07-04 22:13 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
    2017-07-04 22:11 - 2017-07-04 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2017-07-04 22:11 - 2017-07-04 22:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2017-07-04 22:07 - 2017-07-04 22:07 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
    2017-07-04 22:06 - 2017-07-04 22:06 - 00000000 ____D C:\Program Files\Java
    2017-07-04 21:56 - 2017-07-04 21:56 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2017-07-04 21:55 - 2017-07-04 21:55 - 00000000 ____D C:\Program Files (x86)\Java
    2017-07-04 20:00 - 2017-07-10 15:38 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-07-01 03:49 - 2017-07-01 03:50 - 00546716 _____ C:\WINDOWS\Minidump\070117-33906-01.dmp
    2017-07-01 03:49 - 2017-07-01 03:49 - 960298518 _____ C:\WINDOWS\MEMORY.DMP
    2017-07-01 03:49 - 2017-07-01 03:49 - 00000000 ____D C:\WINDOWS\Minidump
    2017-07-01 03:32 - 2017-07-01 03:32 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
    2017-07-01 03:26 - 2017-07-01 03:26 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Sun
    2017-07-01 03:25 - 2017-07-04 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-07-01 03:21 - 2017-07-01 03:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-07-01 03:16 - 2017-07-01 03:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-07-01 03:16 - 2017-07-01 03:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-07-01 03:15 - 2017-07-01 03:15 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2017-07-01 03:15 - 2017-07-01 03:15 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2017-07-01 03:15 - 2017-07-01 03:15 - 00000000 ____D C:\Program Files (x86)\Adobe
    2017-07-01 03:14 - 2017-07-01 03:14 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-07-01 03:11 - 2017-07-10 17:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-07-01 03:11 - 2017-07-04 21:31 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-07-01 03:11 - 2017-07-04 21:31 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2017-07-01 03:09 - 2017-07-04 20:08 - 00003966 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1498892944
    2017-07-01 03:09 - 2017-07-04 20:08 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
    2017-07-01 00:18 - 2017-07-01 00:18 - 00128728 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
    2017-06-30 22:50 - 2017-06-30 22:50 - 00000085 _____ C:\WINDOWS\wininit.ini
    2017-06-30 22:22 - 2017-06-30 22:22 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2017-06-30 22:21 - 2017-07-01 00:02 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2017-06-30 22:21 - 2017-06-30 22:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-06-30 22:17 - 2017-07-10 17:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2017-06-30 22:14 - 2017-07-10 15:02 - 00000000 ____D C:\Users\Sharon-Toshiba\Desktop\mbar
    2017-06-30 21:58 - 2017-06-30 22:08 - 00000000 ____D C:\AdwCleaner
    2017-06-30 20:19 - 2017-07-04 22:11 - 00001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2017-06-30 17:35 - 2017-06-30 17:35 - 00000000 ____D C:\SUPERDelete
    2017-06-30 17:25 - 2017-07-04 19:59 - 00000662 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
    2017-06-30 17:12 - 2017-06-30 20:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\llssoft
    2017-06-30 17:02 - 2017-06-30 18:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist
    2017-06-30 17:02 - 2017-06-30 17:02 - 00003796 _____ C:\WINDOWS\System32\Tasks\AdapterUpdater
    2017-06-30 17:02 - 2017-06-30 17:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\devnull
    2017-06-30 17:02 - 2017-06-30 17:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\ggxfkhl
    2017-06-30 17:02 - 2017-06-30 17:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda
    2017-06-30 17:02 - 2017-06-30 17:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\AdvinstAnalytics
    2017-06-30 17:01 - 2017-06-30 17:01 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\c
    2017-06-30 17:00 - 2017-06-30 17:00 - 00000000 ____D C:\Program Files (x86)\GenlTybros
    2017-06-30 16:54 - 2017-06-30 17:01 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
    2017-06-30 16:54 - 2017-06-30 16:55 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\AGData
    2017-06-30 16:35 - 2017-06-30 16:35 - 00035352 _____ (Connectify) C:\WINDOWS\system32\Drivers\cnnctfy3.sys
    2017-06-30 16:23 - 2017-06-30 16:59 - 00002317 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Оpеrа Вrоwsеr.lnk
    2017-06-30 15:14 - 2017-06-30 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin
    2017-06-30 15:12 - 2017-06-30 15:12 - 00000000 ____D C:\Users\Sharon-Toshiba\Documents\http%3a%2f%2fmirrors.koehn.com%2fcygwin%2fcygwin-ftp%2f
    2017-06-30 15:08 - 2017-06-30 15:08 - 00000000 ____D C:\Users\Sharon-Toshiba\Documents\http%3a%2f%2fcygwin.mirrors.hoobly.com%2f
    2017-06-30 15:07 - 2017-06-30 15:09 - 00000000 ____D C:\Users\Sharon-Toshiba\Documents\http%3a%2f%2fcygwin.mirror.constant.com%2f
    2017-06-30 15:05 - 2017-06-30 15:14 - 00000000 ____D C:\cygwin64
    2017-06-30 14:54 - 2017-06-30 14:54 - 01010720 ___RS (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCHRT20.OCX
    2017-06-30 14:54 - 2017-06-30 14:54 - 00224016 ___RS (Microsoft Corporation) C:\WINDOWS\SysWOW64\TABCTL32.OCX
    2017-06-30 14:54 - 2017-06-30 14:54 - 00140488 ___RS (Microsoft Corporation) C:\WINDOWS\SysWOW64\COMDLG32.OCX
    2017-06-30 14:53 - 2017-06-30 14:53 - 01070232 ___RS (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
    2017-06-27 02:47 - 2017-06-27 02:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
    2017-06-27 01:23 - 2017-06-27 01:27 - 00000000 ____D C:\Program Files (x86)\BlueStacks
    2017-06-27 01:23 - 2017-05-24 02:58 - 00000000 ____D C:\ProgramData\BlueStacks
    2017-06-23 21:07 - 2017-06-23 21:09 - 12678001 _____ C:\Users\Sharon-Toshiba\Downloads\drive-download-20170624T010752Z-001.zip
    2017-06-23 20:02 - 2017-06-23 20:09 - 00733184 _____ C:\Users\Sharon-Toshiba\Downloads\Dario Fernandez-Morera-The Myth of the Andalusian Paradise_ Muslims, Christians, and Jews under Islamic Rule in Medieval Spain-Intercollegiate Studies Institute (2016).epub
    2017-06-23 20:00 - 2017-06-23 20:00 - 00193318 _____ C:\Users\Sharon-Toshiba\Downloads\fernandez-morera.pdf
    2017-06-18 09:49 - 2017-06-18 09:49 - 02785959 _____ C:\Users\Sharon-Toshiba\Downloads\[Massey,_Gerald]_The_natural_genesis_or,_Second_p(b-ok.org) (1).pdf
    2017-06-13 23:36 - 2017-06-13 23:36 - 00000000 ____D C:\WINDOWS\PCHEALTH
    2017-06-13 23:34 - 2017-06-03 06:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2017-06-13 23:34 - 2017-06-03 06:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2017-06-13 23:34 - 2017-06-03 06:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2017-06-13 23:34 - 2017-06-03 06:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2017-06-13 23:34 - 2017-06-03 06:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2017-06-13 23:34 - 2017-06-03 06:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2017-06-13 23:34 - 2017-06-03 06:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-06-13 23:34 - 2017-06-03 06:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2017-06-13 23:34 - 2017-06-03 06:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2017-06-13 23:34 - 2017-06-03 06:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2017-06-13 23:34 - 2017-06-03 06:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2017-06-13 23:34 - 2017-06-03 06:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-06-13 23:34 - 2017-06-03 06:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
    2017-06-13 23:34 - 2017-06-03 06:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
    2017-06-13 23:34 - 2017-06-03 06:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
    2017-06-13 23:34 - 2017-06-03 06:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2017-06-13 23:34 - 2017-06-03 05:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2017-06-13 23:34 - 2017-06-03 05:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2017-06-13 23:34 - 2017-06-03 05:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2017-06-13 23:34 - 2017-06-03 05:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2017-06-13 23:34 - 2017-06-03 05:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-06-13 23:34 - 2017-06-03 05:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2017-06-13 23:34 - 2017-06-03 05:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
    2017-06-13 23:34 - 2017-06-03 05:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2017-06-13 23:34 - 2017-06-03 05:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
    2017-06-13 23:34 - 2017-06-03 05:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2017-06-13 23:34 - 2017-06-03 05:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2017-06-13 23:34 - 2017-06-03 05:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2017-06-13 23:34 - 2017-06-03 05:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-06-13 23:34 - 2017-06-03 05:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
    2017-06-13 23:34 - 2017-06-03 05:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-06-13 23:34 - 2017-06-03 05:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2017-06-13 23:34 - 2017-06-03 05:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
    2017-06-13 23:34 - 2017-06-03 05:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2017-06-13 23:34 - 2017-06-03 05:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-06-13 23:34 - 2017-06-03 05:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
    2017-06-13 23:34 - 2017-06-03 05:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
    2017-06-13 23:34 - 2017-06-03 05:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
    2017-06-13 23:34 - 2017-06-03 05:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2017-06-13 23:34 - 2017-06-03 05:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2017-06-13 23:34 - 2017-06-03 05:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-06-13 23:34 - 2017-06-03 05:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2017-06-13 23:34 - 2017-06-03 05:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2017-06-13 23:34 - 2017-06-03 05:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2017-06-13 23:34 - 2017-06-03 05:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
    2017-06-13 23:34 - 2017-06-03 05:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2017-06-13 23:34 - 2017-06-03 05:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2017-06-13 23:34 - 2017-06-03 05:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2017-06-13 23:34 - 2017-06-03 05:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
    2017-06-13 23:34 - 2017-06-03 05:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
    2017-06-13 23:34 - 2017-06-03 05:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
    2017-06-13 23:34 - 2017-06-03 05:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2017-06-13 23:34 - 2017-06-03 05:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-06-13 23:34 - 2017-06-03 05:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-06-13 23:34 - 2017-06-03 05:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
    2017-06-13 23:34 - 2017-06-03 05:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2017-06-13 23:34 - 2017-06-03 05:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
    2017-06-13 23:34 - 2017-06-03 05:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2017-06-13 23:34 - 2017-06-03 05:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
    2017-06-13 23:34 - 2017-06-03 05:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-06-13 23:34 - 2017-06-03 05:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2017-06-13 23:34 - 2017-06-03 05:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2017-06-13 23:34 - 2017-06-03 05:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
    2017-06-13 23:34 - 2017-06-03 05:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
    2017-06-13 23:34 - 2017-06-03 05:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2017-06-13 23:34 - 2017-06-03 05:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2017-06-13 23:34 - 2017-06-03 05:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2017-06-13 23:34 - 2017-06-03 05:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-06-13 23:34 - 2017-06-03 05:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
    2017-06-13 23:34 - 2017-06-03 05:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
    2017-06-13 23:34 - 2017-06-03 05:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-06-13 23:34 - 2017-06-03 05:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
    2017-06-13 23:34 - 2017-06-03 05:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2017-06-13 23:34 - 2017-06-03 05:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2017-06-13 23:34 - 2017-06-03 05:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2017-06-13 23:34 - 2017-06-03 05:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2017-06-13 23:34 - 2017-06-03 04:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-06-13 23:34 - 2017-06-03 04:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2017-06-13 23:34 - 2017-06-03 04:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2017-06-13 23:34 - 2017-06-03 04:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2017-06-13 23:34 - 2017-06-03 04:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-06-13 23:34 - 2017-06-03 04:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2017-06-13 23:34 - 2017-06-03 04:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2017-06-13 23:34 - 2017-06-03 04:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
    2017-06-13 23:34 - 2017-06-03 04:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2017-06-13 23:34 - 2017-06-03 04:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2017-06-13 23:34 - 2017-06-03 04:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2017-06-13 23:34 - 2017-06-03 04:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2017-06-13 23:34 - 2017-06-03 04:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2017-06-13 23:34 - 2017-06-03 04:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2017-06-13 23:34 - 2017-06-03 04:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2017-06-13 23:34 - 2017-06-03 04:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2017-06-13 23:34 - 2017-06-03 04:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
    2017-06-13 23:34 - 2017-06-03 04:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2017-06-13 23:34 - 2017-06-03 04:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2017-06-13 23:34 - 2017-06-03 04:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2017-06-13 23:34 - 2017-06-03 04:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2017-06-13 23:34 - 2017-06-03 04:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2017-06-13 23:34 - 2017-06-03 04:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-06-13 23:34 - 2017-06-03 04:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-06-13 23:34 - 2017-06-03 04:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2017-06-13 23:34 - 2017-06-03 04:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2017-06-13 23:34 - 2017-06-03 04:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2017-06-13 23:34 - 2017-06-03 04:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2017-06-13 23:34 - 2017-06-03 04:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2017-06-13 23:34 - 2017-06-03 04:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
    2017-06-12 13:35 - 2017-06-12 13:39 - 25795785 _____ C:\Users\Sharon-Toshiba\Downloads\Sleight of Mouth by Robert Dilts.pdf
    2017-06-10 20:11 - 2017-06-10 20:11 - 00007607 _____ C:\Users\Sharon-Toshiba\AppData\Local\Resmon.ResmonCfg
    ==================== One Month Modified files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2017-07-10 22:12 - 2017-03-09 13:43 - 00000000 ___RD C:\Users\Sharon-Toshiba\Google Drive
    2017-07-10 22:10 - 2017-04-15 07:48 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-07-10 20:42 - 2017-04-15 08:16 - 00004184 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6A62C9AA-5090-47B0-AAB7-506E12B279C8}
    2017-07-10 17:53 - 2017-03-08 14:32 - 00000000 ____D C:\Program Files\Opera
    2017-07-10 17:50 - 2017-03-08 13:13 - 00000000 ___RD C:\Users\Sharon-Toshiba\OneDrive
    2017-07-10 17:49 - 2017-04-15 07:52 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-07-10 17:49 - 2017-03-08 20:39 - 00000000 __SHD C:\Users\Sharon-Toshiba\IntelGraphicsProfiles
    2017-07-10 17:47 - 2017-04-15 08:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-07-10 17:46 - 2017-03-18 07:40 - 02097152 _____ C:\WINDOWS\system32\config\BBI
    2017-07-10 17:33 - 2017-03-09 10:48 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\DMCache
    2017-07-10 17:26 - 2017-04-15 07:54 - 00000000 ____D C:\Users\Sharon-Toshiba
    2017-07-10 17:25 - 2017-03-10 23:39 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\MusicBee
    2017-07-10 15:05 - 2017-03-09 09:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-07-10 14:43 - 2017-03-08 22:28 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\CrashDumps
    2017-07-09 01:08 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-07-09 01:08 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-07-05 02:27 - 2017-03-10 23:29 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Mp3tag
    2017-07-05 00:02 - 2017-03-09 09:49 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-07-05 00:02 - 2017-03-09 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-07-04 21:31 - 2017-03-08 14:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-07-04 21:19 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\NDF
    2017-07-04 20:57 - 2017-03-21 15:32 - 00000000 ____D C:\Users\Sharon-Toshiba\Downloads\Music Inbox
    2017-07-04 11:33 - 2017-03-08 22:00 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Dashlane
    2017-07-04 11:32 - 2017-03-08 22:26 - 00001983 _____ C:\Users\Sharon-Toshiba\Desktop\Dashlane.lnk
    2017-07-04 11:32 - 2017-03-08 22:00 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
    2017-07-04 02:37 - 2017-03-16 20:49 - 00000000 ____D C:\Users\Sharon-Toshiba\Downloads\Telegram Desktop
    2017-07-04 02:34 - 2017-03-10 14:21 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Telegram Desktop
    2017-07-02 23:58 - 2017-04-15 08:15 - 01142712 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-07-02 23:52 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2017-07-01 03:15 - 2017-03-10 18:28 - 00000000 ____D C:\ProgramData\Adobe
    2017-07-01 03:15 - 2017-03-10 18:03 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\Adobe
    2017-07-01 03:15 - 2017-03-08 13:11 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Adobe
    2017-07-01 03:14 - 2017-03-08 13:37 - 00000000 ____D C:\Program Files (x86)\Google
    2017-06-30 23:44 - 2017-03-09 13:15 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Skype
    2017-06-30 23:06 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
    2017-06-30 22:25 - 2017-03-19 16:00 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Apple Computer
    2017-06-30 22:25 - 2017-03-19 13:24 - 00000000 ____D C:\Program Files\Common Files\Apple
    2017-06-30 22:17 - 2017-03-09 09:49 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-06-30 22:01 - 2017-04-23 17:38 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\Facebook
    2017-06-30 22:01 - 2017-03-08 13:11 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\Packages
    2017-06-30 22:00 - 2017-03-19 13:21 - 00000000 ____D C:\ProgramData\Apple
    2017-06-30 17:32 - 2017-03-09 13:26 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\FluxSoftware
    2017-06-30 17:02 - 2017-03-09 10:03 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\tixati
    2017-06-30 16:59 - 2017-03-08 22:09 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    2017-06-30 16:59 - 2017-03-08 14:19 - 00002450 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
    2017-06-30 01:17 - 2017-03-09 14:23 - 00000000 ____D C:\ProgramData\Package Cache
    2017-06-27 12:06 - 2017-03-09 09:49 - 00077376 _____ C:\WINDOWS\SMSS-PFRO540b.tmp
    2017-06-27 02:47 - 2017-03-10 11:46 - 00001048 ____N C:\Users\Public\Desktop\Mp3tag.lnk
    2017-06-27 02:47 - 2017-03-10 11:46 - 00000000 ____D C:\Program Files (x86)\Mp3tag
    2017-06-27 01:35 - 2017-03-09 18:39 - 00000000 ____D C:\ProgramData\BlueStacksSetup
    2017-06-27 01:27 - 2017-03-18 17:03 - 00000000 __RHD C:\Users\Public\Libraries
    2017-06-27 01:27 - 2017-03-09 18:38 - 00001644 ____N C:\Users\Public\Desktop\BlueStacks.lnk
    2017-06-27 01:27 - 2017-03-09 18:38 - 00001644 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
    2017-06-27 01:26 - 2017-03-09 17:59 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\Bluestacks
    2017-06-23 23:48 - 2017-03-09 14:48 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\Kodi
    2017-06-23 15:50 - 2017-05-22 22:36 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\Apple Inc
    2017-06-22 12:40 - 2017-03-08 14:23 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\LocalLow\Mozilla
    2017-06-20 22:35 - 2017-05-22 22:35 - 00003522 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
    2017-06-20 13:13 - 2017-04-15 08:16 - 00003308 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2017-06-20 13:13 - 2017-03-08 13:13 - 00002390 ____N C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-06-19 17:15 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
    2017-06-18 09:12 - 2016-11-20 14:51 - 00000000 __RHD C:\Users\Public\AccountPictures
    2017-06-18 09:09 - 2017-04-15 07:48 - 00381168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-06-14 03:10 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
    2017-06-14 03:10 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2017-06-13 23:46 - 2017-03-08 14:21 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-06-13 23:42 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-06-13 23:42 - 2017-03-08 14:21 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-06-13 23:36 - 2016-07-16 07:47 - 00000167 _____ C:\WINDOWS\win.ini
    ==================== Files in the root of some directories =======
    2017-03-17 21:56 - 2017-04-14 18:15 - 0004502 _____ () C:\Users\Sharon-Toshiba\AppData\Roaming\VoiceMeeterDefault.xml
    2017-05-17 11:32 - 2017-05-17 11:32 - 0125952 _____ () C:\Users\Sharon-Toshiba\AppData\Local\report
    2017-06-10 20:11 - 2017-06-10 20:11 - 0007607 _____ () C:\Users\Sharon-Toshiba\AppData\Local\Resmon.ResmonCfg
    2017-03-09 19:29 - 2017-03-09 19:29 - 0000552 _____ () C:\Users\Sharon-Toshiba\AppData\Local\TroubleshooterConfig.json
    2017-03-08 14:24 - 2017-03-08 14:24 - 0000003 _____ () C:\Users\Sharon-Toshiba\AppData\Local\updater.log
    2017-03-08 14:24 - 2017-05-07 02:50 - 0000425 _____ () C:\Users\Sharon-Toshiba\AppData\Local\UserProducts.xml
    Some files in TEMP:
    ====================
    2017-06-28 11:05 - 2017-06-28 11:05 - 3181912 _____ (Lead IT) C:\Users\Sharon-Toshiba\AppData\Local\Temp\djzjVb3W-prog.exe
    2014-03-02 16:39 - 2014-06-29 17:48 - 0384141 _____ () C:\Users\Sharon-Toshiba\AppData\Local\Temp\Quarantine.exe
    ==================== Bamital & volsnap ======================
    (There is no automatic fix for files that do not pass verification.)
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
    LastRegBack: 2017-07-04 23:16
    ==================== End of FRST.txt ============================
     

    Attached Files:

  3. Outdacell

    Outdacell Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    138
    First Name:
    Melvin
    ADDITION.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
    Ran by Sharon-Toshiba (10-07-2017 22:14:39)
    Running from C:\Users\Sharon-Toshiba\Downloads
    Windows 10 Home Version 1703 (X64) (2017-04-15 12:28:24)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================
    Administrator (S-1-5-21-1391234854-2931249872-507013314-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1391234854-2931249872-507013314-503 - Limited - Disabled)
    defaultuser0 (S-1-5-21-1391234854-2931249872-507013314-1000 - Limited - Disabled) => C:\Users\defaultuser0
    Guest (S-1-5-21-1391234854-2931249872-507013314-501 - Limited - Disabled)
    Sharon-Toshiba (S-1-5-21-1391234854-2931249872-507013314-1001 - Administrator - Enabled) => C:\Users\Sharon-Toshiba
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
    Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
    Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.478.0 - Microsoft Corporation)
    BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.320.8504 - BlueStack Systems, Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    calibre 64bit (HKLM\...\{69892FF1-CBA3-49AF-B80A-E074B3B755E5}) (Version: 2.85.1 - Kovid Goyal)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.43.50 - Conexant)
    CyberLink PowerDirector 15 (HKLM-x32\...\{FA285575-B543-4E6E-A573-A4F534AC9965}) (Version: 15.0.2509.0 - CyberLink Corp.)
    CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 5620 - CyberLink Corp.)
    Dashlane (HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Dashlane) (Version: 4.8.2.33026 - Dashlane, Inc.)
    dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 16.2 - Illustrate)
    DTS Studio Sound (HKLM-x32\...\{793B70D2-41E9-46AB-9DDC-B34C99D07DB5}) (Version: 1.02.4100 - DTS, Inc.)
    EMET 5.5 (HKLM-x32\...\{E27E74F0-0EAD-4C5D-8F6F-1C9192D24AA5}) (Version: 5.5 - Microsoft Corporation)
    Google Chrome (HKLM\...\{715E251E-9134-3D1D-BE19-1C6EE18F8D24}) (Version: 59.0.3071.115 - Google, Inc.)
    Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
    Google Photos Backup (HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
    Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    Hotspot Shield 6.20.31 (HKLM-x32\...\{91992aa0-fd97-42e1-b9d1-5ce98771560d}) (Version: 6.20.31.9929 - AnchorFree Inc.)
    Hotspot Shield 6.20.31 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925B26899EC}) (Version: 6.20.31.9929 - AnchorFree Inc.) Hidden
    IDM Crack 6.28 build 9 (HKLM-x32\...\IDM Crack 6.28 build 9) (Version: build 11 - Crackingpatching.com Team)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    Internet Download Manager 6.27 Build 5 (HKLM-x32\...\Internet Download Manager 6.27 Build 5) (Version: 6.27 Build 5 - Computer Worms Team Corporation)
    Internet Download Manager 6.27 Build 9 (HKLM-x32\...\Internet Download Manager 6.27 Build 9) (Version: 6.27 Build 9 - SadeemPC.com Corporation)
    IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
    Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
    Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
    Kodi (HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Kodi) (Version: - XBMC-Foundation)
    LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
    LogmeOnce (HKLM-x32\...\{290B0BCF-B778-487B-A31E-BEE82BD88D17}) (Version: 5.0.0 - LogmeOnce) Hidden
    Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
    MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
    Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
    Mp3tag v2.83 (HKLM-x32\...\Mp3tag) (Version: 2.83 - Florian Heidenreich)
    Music Manager (HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\MusicManager) (Version: - Google, Inc.)
    MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall)
    MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.4.1 - MusicBrainz)
    Nitro Pro 10 (HKLM\...\{A0953D23-D7EA-4A7F-BADE-D22EFF58CE57}) (Version: 10.5.8.44 - Nitro)
    Opera Stable 46.0.2597.39 (HKLM-x32\...\Opera 46.0.2597.39) (Version: 46.0.2597.39 - Opera Software)
    Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
    Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
    Slack (HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\slack) (Version: 2.5.2 - Slack Technologies)
    Spotify (HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Spotify) (Version: 1.0.52.725.g943b26a8 - Spotify AB)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
    Telegram Desktop version 1.1.7 (HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.1.7 - Telegram Messenger LLP)
    Tixati (HKLM-x32\...\tixati) (Version: - )
    TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.0.6406 - Toshiba Corporation)
    TOSHIBA Face Recognition (HKLM\...\{2E557F12-8BE7-4DA8-AABB-7814DD6A783F}) (Version: 4.0.5.0 - Toshiba Corporation)
    TOSHIBA Sync Utility (HKLM-x32\...\{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}) (Version: 2.0.3092 - TOSHIBA Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.01.0002 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM\...\{B040D5C9-C9AA-430A-A44E-696656012E61}) (Version: 3.0.6.6401 - Toshiba Corporation)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
    Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
    Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-1391234854-2931249872-507013314-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1391234854-2931249872-507013314-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1391234854-2931249872-507013314-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1391234854-2931249872-507013314-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
    ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
    ContextMenuHandlers01: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
    ContextMenuHandlers01: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-06-23] (Florian Heidenreich)
    ContextMenuHandlers01: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 10\NPShellExtension.dll [2016-03-03] (Nitro PDF)
    ContextMenuHandlers02: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-06-23] (Florian Heidenreich)
    ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
    ContextMenuHandlers03: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
    ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
    ContextMenuHandlers04: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
    ContextMenuHandlers04: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-06-23] (Florian Heidenreich)
    ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-02] (Intel Corporation)
    ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {075819DF-F872-4672-A272-F737E697C1CC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
    Task: {4903CBC5-5F66-448C-9367-61B88D45BD72} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
    Task: {61FE036E-C031-418D-9828-21D92664EE38} - System32\Tasks\update-S-1-5-21-1391234854-2931249872-507013314-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
    Task: {77E97C2C-FFAB-4A6F-9E14-0FC4B687CDC5} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-05-27] ()
    Task: {85FAA391-7683-484E-AA88-B1D2E4B9BBC0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1391234854-2931249872-507013314-1001Core => C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-09] (Google Inc.)
    Task: {88606482-1289-4C0E-8C37-34C7976E8EE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-08] (Google Inc.)
    Task: {8C674570-60E4-40B4-93D0-F4CFB91FD814} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1391234854-2931249872-507013314-1001UA => C:\Users\Sharon-Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-09] (Google Inc.)
    Task: {9A8501CC-2C74-4DAD-9CFF-57F833A2E479} - System32\Tasks\AdapterUpdater => C:\Program Files (x86)\devnull\NetAdapterUpdate\NetAdapterUpdate.exe
    Task: {E3BD04A5-837A-4D5C-9BA6-502F2C356C39} - System32\Tasks\Opera scheduled Autoupdate 1498892944 => C:\Program Files\Opera\launcher.exe [2017-07-04] (Opera Software)
    Task: {E55C1CBA-79A1-4F0E-BD5B-AFAD16F1B150} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-08] (Google Inc.)
    Task: {F8A53A33-5AF0-4D4E-B297-45BAF58707FA} - \update-sys -> No File <==== ATTENTION
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\update-S-1-5-21-1391234854-2931249872-507013314-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
    ==================== Shortcuts & WMI ========================
    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gооglе Plаy Мusiс.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
    Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gооglе Наngоuts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
    Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pосkеt.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
    Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
    Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
    Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Наngоuts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
    Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
    Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
    Shortcut: C:\Users\Sharon-Toshiba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оpеrа.lnk -> C:\Program Files\Opera\launcher.bat ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Оpеrа Вrоwsеr.lnk -> C:\Program Files (x86)\Opera\launcher.bat (No File)
    ==================== Loaded Modules (Whitelisted) ==============
    2017-01-05 17:36 - 2017-01-05 17:36 - 00077824 _____ () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\dataup\dataup.exe
    2016-03-03 15:31 - 2016-03-03 15:31 - 00417944 _____ () c:\program files\nitro\pro 10\nitro_updateservice.exe
    2016-03-03 15:31 - 2016-03-03 15:31 - 02546840 _____ () c:\program files\nitro\pro 10\Nitro_KissMetrics.dll
    2016-12-02 08:32 - 2016-12-02 08:32 - 00401912 _____ () C:\WINDOWS\system32\igfxTray.exe
    2016-10-31 15:45 - 2016-10-31 15:45 - 00592384 _____ () C:\Users\Sharon-Toshiba\AppData\Local\MEGAsync\ShellExtX64.dll
    2017-02-23 00:56 - 2017-02-23 00:56 - 08911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N () C:\windows\system32\tprdpw64.exe
    2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2017-03-18 16:59 - 2017-03-18 22:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-04-21 15:37 - 2017-04-21 15:37 - 00884224 _____ () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
    2017-05-30 21:52 - 2017-05-30 21:52 - 00689664 ____N () C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda\cshzvz\ct.exe
    2017-04-21 16:28 - 2017-04-21 16:28 - 01080832 _____ () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
    2015-05-27 13:46 - 2015-05-27 13:46 - 00019960 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
    2017-03-18 16:58 - 2017-03-18 16:58 - 00047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
    2017-05-27 23:33 - 2017-05-20 01:59 - 02328576 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
    2017-03-18 16:58 - 2017-03-18 16:58 - 02836480 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
    2016-03-03 15:31 - 2016-03-03 15:31 - 01861784 _____ () C:\Program Files\Nitro\Pro 10\NitroPDFPreviewHandler.dll
    2017-05-04 11:13 - 2017-05-04 11:13 - 00235520 _____ () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\dataup\help_dll.dll
    2016-04-08 18:35 - 2016-04-08 18:35 - 03481600 _____ () C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
    2016-02-01 19:59 - 2016-02-01 19:59 - 00344064 _____ () C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
    2016-02-01 20:00 - 2016-02-01 20:00 - 00253440 _____ () C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
    2016-02-01 20:00 - 2016-02-01 20:00 - 00234496 _____ () C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
    2016-02-01 20:01 - 2016-02-01 20:01 - 00117248 _____ () C:\Users\Sharon-Toshiba\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
    2017-07-10 17:50 - 2017-07-10 17:50 - 00098816 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32api.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00110080 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\pywintypes27.dll
    2017-07-10 17:50 - 2017-07-10 17:50 - 00364544 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\pythoncom27.dll
    2017-07-10 17:50 - 2017-07-10 17:50 - 00320512 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32com.shell.shell.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00914432 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\_hashlib.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 01176576 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\wx._core_.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00806400 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\wx._gdi_.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00816128 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\wx._windows_.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 01067008 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\wx._controls_.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00733184 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\wx._misc_.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00682496 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\pysqlite2._sqlite.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00088064 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\_ctypes.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00686080 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\unicodedata.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00119808 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32file.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00108544 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32security.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00007168 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\hashobjs_ext.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00017920 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\thumbnails_ext.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00088064 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\usb_ext.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00012800 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\common.time34.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00018432 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32event.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00167936 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32gui.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00046080 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\_socket.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 01303552 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\_ssl.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00128512 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\_elementtree.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00127488 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\pyexpat.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00038912 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32inet.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00036864 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\_psutil_windows.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00524248 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\windows._lib_cacheinvalidation.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00011264 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32crypt.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00123392 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\wx._wizard.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00077312 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\wx._html2.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00027648 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\_multiprocessing.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00020480 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\_yappi.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00035840 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32process.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00078848 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\wx._animate.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00024064 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32pipe.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00010240 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\select.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00025600 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32pdh.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00017408 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32profile.pyd
    2017-07-10 17:50 - 2017-07-10 17:50 - 00022528 ____R () C:\Users\Sharon-Toshiba\AppData\Local\Temp\_MEI79202\win32ts.pyd
    2017-03-09 10:57 - 2014-09-05 12:55 - 00132808 _____ () C:\Users\Sharon-Toshiba\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll
    2017-01-14 19:40 - 2017-01-14 19:40 - 53460992 _____ () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
    2016-05-31 11:43 - 2016-05-31 11:43 - 01976832 _____ () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
    2016-05-31 11:44 - 2016-05-31 11:44 - 00075264 _____ () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
    2016-06-15 17:15 - 2016-06-15 17:15 - 17599640 _____ () C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)

    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    ==================== Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Hosts content: ===============================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2016-07-16 07:47 - 2017-06-30 23:05 - 00000762 _____ C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost
    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sharon-Toshiba\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\22885.jpg
    DNS Servers: 4.2.2.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    HKLM\...\StartupApproved\Run: => "WindowsDefender"
    HKLM\...\StartupApproved\Run: => "SmartAudio"
    HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
    HKLM\...\StartupApproved\Run: => "TCrdMain"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "TSUScheduler"
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\StartupFolder: => "Slack.lnk"
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "Dashlane"
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "DashlanePlugin"
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "Franz"
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_5E9B00E50FBF7F4CE97A3FE9A19AA703"
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "Google Update"
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "f.lux"
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "BlueStacks Agent"
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\StartupApproved\Run: => "InterStat"
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [TCP Query User{76B5CE00-0F2F-4018-9E57-80B2A9D1B56C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{67B364C0-63FD-4639-9ECA-94D7638192DB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{A462C221-E1AB-4C7D-8A48-E7BBDA24CEF3}] => (Allow) C:\Program Files\Opera\46.0.2597.32\opera.exe
    FirewallRules: [{FFBA873A-D1A6-49F7-8776-BE0B347CA311}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{9213CBD8-9B5C-4584-89BA-3A2A61BAD4A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{6815EA97-D458-439D-A548-1A246CDB09D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{0A24D0AC-8DAC-49B7-8E82-FFA2EF3BCA22}] => (Allow) %systemroot%\system32\alg.exe
    FirewallRules: [{6F21515F-8BFA-42F6-AA8B-EFD083EFA04F}] => (Allow) %systemroot%\system32\alg.exe
    FirewallRules: [{C0A661AF-3DC9-4949-84C6-156F80FBACCE}] => (Allow) %systemroot%\system32\alg.exe
    FirewallRules: [{4C974E52-85F7-4384-801D-93695B66AA2B}] => (Allow) %systemroot%\system32\alg.exe
    FirewallRules: [{C40BB2E1-8FF1-40E4-A924-30799D230C00}] => (Allow) %systemroot%\system32\alg.exe
    FirewallRules: [{04989576-4914-4EAE-8019-4CC5FA395B63}] => (Allow) %systemroot%\system32\alg.exe
    FirewallRules: [{AAFE1C60-CC6C-474B-B69F-6ADA1F3CB99B}] => (Allow) C:\Program Files\Opera\46.0.2597.39\opera.exe
    FirewallRules: [{B18C4719-78A4-4495-81D0-81F17C607B8C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.58.573.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{27D2BE35-19B4-41AA-98AB-8717DB69A3C3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.58.573.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{5B92C74B-C28E-44C1-8561-A8FD55CB4448}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.58.573.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{DA0ED750-42B2-40E0-9272-F9836BDD0898}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.58.573.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{B161D255-C4AD-4A3C-B1DE-DCF43E98AD15}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.58.573.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{AB3FCDBD-2EB4-482A-9570-D2B51EF26A2B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.58.573.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{47993EB2-CF59-4710-9F8B-8F26AF466395}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.58.573.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
    FirewallRules: [{C83EED58-1DB1-4FBB-8749-E70CCCD5C3C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.58.573.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
    ==================== Restore Points =========================
    04-07-2017 23:56:33 AA11
    06-07-2017 10:35:16 Removed Bonjour
    10-07-2017 03:30:56 AA11
    ==================== Faulty Device Manager Devices =============
    Name: Unknown USB Device (Device Descriptor Request Failed)
    Description: Unknown USB Device (Device Descriptor Request Failed)
    Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
    Manufacturer: (Standard USB Host Controller)
    Service:
    Problem: : Windows has stopped this device because it has reported problems. (Code 43)
    Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (07/10/2017 08:09:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: launcher.exe_Opera Internet Browser, version: 46.0.2597.39, time stamp: 0x595ab0e8
    Faulting module name: launcher.exe, version: 46.0.2597.39, time stamp: 0x595ab0e8
    Exception code: 0x80000003
    Fault offset: 0x0002e652
    Faulting process id: 0x16c0
    Faulting application start time: 0x01d2f9d9dd941fd0
    Faulting application path: C:\Program Files\Opera\launcher.exe
    Faulting module path: C:\Program Files\Opera\launcher.exe
    Report Id: c4554d64-d530-4bd6-8d01-0759d993902d
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (07/10/2017 05:53:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: launcher.exe_Opera Internet Browser, version: 46.0.2597.39, time stamp: 0x595ab0e8
    Faulting module name: launcher.exe, version: 46.0.2597.39, time stamp: 0x595ab0e8
    Exception code: 0x80000003
    Fault offset: 0x0002e652
    Faulting process id: 0x2e8c
    Faulting application start time: 0x01d2f9c6f165addb
    Faulting application path: C:\Program Files\Opera\launcher.exe
    Faulting module path: C:\Program Files\Opera\launcher.exe
    Report Id: 4b5d5561-45cc-48f2-8475-c0a9cc82f9fa
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (07/10/2017 05:33:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Video.UI.exe version 10.17054.1471.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 20bc
    Start Time: 01d2f9c3dc9fb142
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17054.14711.0_x64__8wekyb3d8bbwe\Video.UI.exe
    Report Id: 8551b1bd-d61f-4907-9a7d-50f49f25b82e
    Faulting package full name: Microsoft.ZuneVideo_10.17054.14711.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: Microsoft.ZuneVideo
    Error: (07/10/2017 05:33:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-RL5BCH2)
    Description: Activation of app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
    Error: (07/10/2017 05:31:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-RL5BCH2)
    Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
    Error: (07/10/2017 05:24:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-RL5BCH2)
    Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
    Error: (07/10/2017 04:57:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-RL5BCH2)
    Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
    Error: (07/10/2017 04:22:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-RL5BCH2)
    Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
    Error: (07/10/2017 03:57:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-RL5BCH2)
    Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
    Error: (07/10/2017 03:42:17 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: avastsvc.exe, version: 17.5.3559.0, time stamp: 0x594d3225
    Faulting module name: ucrtbase.dll, version: 10.0.15063.413, time stamp: 0xd4f9b4e4
    Exception code: 0xc0000409
    Fault offset: 0x000a543b
    Faulting process id: 0x4320
    Faulting application start time: 0x01d2f5357a798306
    Faulting application path: c:\program files\avast software\avast\avastsvc.exe
    Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
    Report Id: b794bba9-d7dc-41f8-9680-e82e4de7e82e
    Faulting package full name:
    Faulting package-relative application ID:

    System errors:
    =============
    Error: (07/10/2017 06:05:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Malwarebytes Service service failed to start due to the following error:
    The requested resource is in use.
    Error: (07/10/2017 06:04:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Malwarebytes Service service failed to start due to the following error:
    The requested resource is in use.
    Error: (07/10/2017 05:51:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Google Update Service (gupdate) service failed to start due to the following error:
    The requested resource is in use.
    Error: (07/10/2017 05:49:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (07/10/2017 05:49:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (07/10/2017 05:48:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the BingDesktopUpdate service to connect.
    Error: (07/10/2017 05:47:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MBAMService service failed to start due to the following error:
    The requested resource is in use.
    Error: (07/10/2017 05:47:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The !SASCORE service failed to start due to the following error:
    The requested resource is in use.
    Error: (07/10/2017 05:47:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The CldFlt service failed to start due to the following error:
    The request is not supported.
    Error: (07/10/2017 05:46:53 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
    {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

    CodeIntegrity:
    ===================================
    Date: 2017-07-10 22:11:34.440
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2017-07-10 22:11:33.281
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2017-07-10 22:11:33.279
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2017-07-10 21:58:09.423
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2017-07-10 21:47:01.442
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2017-07-10 21:47:01.397
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2017-07-10 21:46:59.693
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2017-07-10 21:46:59.692
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2017-07-10 20:27:33.725
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2017-07-10 20:27:33.723
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
    Percentage of memory in use: 66%
    Total physical RAM: 8120.17 MB
    Available physical RAM: 2756.03 MB
    Total Virtual: 11064.17 MB
    Available Virtual: 4333.56 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:697.35 GB) (Free:505.03 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 47CC5886)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=697.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=809 MB) - (Type=27)
    ==================== End of Addition.txt ============================
     

    Attached Files:

  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,219
    First Name:
    Derek
    Download attached fixlist.txt file and save it to your downloads folder.

    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

    Outdacell likes this.
  5. Outdacell

    Outdacell Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    138
    First Name:
    Melvin
    Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
    Ran by Sharon-Toshiba (11-07-2017 09:09:49) Run:1
    Running from C:\Users\Sharon-Toshiba\Downloads
    Loaded Profiles: Sharon-Toshiba (Available Profiles: defaultuser0 & Sharon-Toshiba)
    Boot Mode: Normal
    ==============================================
    fixlist content:
    *****************
    HKLM-x32\...\Run: [cpx] => "C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
    HKLM-x32\...\Run: [svcvmx] => C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] ()
    C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\...\Run: [InterStat] => C:\Users\Sharon-Toshiba\AppData\Roaming\InterStat\interstat.exe <==== ATTENTION
    C:\Users\Sharon-Toshiba\AppData\Roaming\InterStat
    "drmkpro64" => service could not be unlocked. <==== ATTENTION
    R2 Dataup; C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
    R2 windowsmanagementservice; C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda\cshzvz\ct.exe [689664 2017-05-30] () [File not signed] <==== ATTENTION
    C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda
    2017-07-05 00:02 - 2017-07-05 00:02 - 01192400 _____ C:\WINDOWS\is-MAP9U.exe
    2017-07-05 00:02 - 2017-07-05 00:02 - 00022709 _____ C:\WINDOWS\is-MAP9U.msg
    2017-07-05 00:02 - 2017-07-05 00:02 - 00000334 _____ C:\WINDOWS\is-MAP9U.lst
    2017-06-30 17:12 - 2017-06-30 20:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\llssoft
    2017-06-30 17:02 - 2017-06-30 18:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist
    2017-06-30 17:02 - 2017-06-30 17:02 - 00003796 _____ C:\WINDOWS\System32\Tasks\AdapterUpdater
    2017-06-30 17:02 - 2017-06-30 17:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\devnull
    2017-06-30 17:02 - 2017-06-30 17:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\ggxfkhl
    2017-06-30 17:02 - 2017-06-30 17:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda
    2017-06-30 17:02 - 2017-06-30 17:02 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Local\AdvinstAnalytics
    2017-06-30 17:01 - 2017-06-30 17:01 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\c
    2017-06-30 17:00 - 2017-06-30 17:00 - 00000000 ____D C:\Program Files (x86)\GenlTybros
    2017-06-30 16:54 - 2017-06-30 17:01 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
    2017-06-30 16:54 - 2017-06-30 16:55 - 00000000 ____D C:\Users\Sharon-Toshiba\AppData\Roaming\AGData
    Task: {F8A53A33-5AF0-4D4E-B297-45BAF58707FA} - \update-sys -> No File <==== ATTENTION
    emptytemp:
    *****************
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value could not remove.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value could not remove.
    "C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist" folder move:
    Could not move "C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist" => Scheduled to move on reboot.
    HKU\S-1-5-21-1391234854-2931249872-507013314-1001\Software\Microsoft\Windows\CurrentVersion\Run\\InterStat => value removed successfully
    "C:\Users\Sharon-Toshiba\AppData\Roaming\InterStat" => not found.
    "drmkpro64" => service could not be unlocked. <==== ATTENTION => Error: No automatic fix found for this entry.
    Dataup => Unable to stop service.
    HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
    windowsmanagementservice => Unable to stop service.
    HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected
    C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda => moved successfully
    C:\WINDOWS\is-MAP9U.exe => moved successfully
    C:\WINDOWS\is-MAP9U.msg => moved successfully
    C:\WINDOWS\is-MAP9U.lst => moved successfully
    "C:\Users\Sharon-Toshiba\AppData\Local\llssoft" folder move:
    Could not move "C:\Users\Sharon-Toshiba\AppData\Local\llssoft" => Scheduled to move on reboot.

    "C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist" folder move:
    Could not move "C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist" => Scheduled to move on reboot.
    C:\WINDOWS\System32\Tasks\AdapterUpdater => moved successfully
    C:\Users\Sharon-Toshiba\AppData\Roaming\devnull => moved successfully
    C:\Users\Sharon-Toshiba\AppData\Local\ggxfkhl => moved successfully
    "C:\Users\Sharon-Toshiba\AppData\Local\fxhvmda" => not found.
    C:\Users\Sharon-Toshiba\AppData\Local\AdvinstAnalytics => moved successfully
    C:\Users\Sharon-Toshiba\AppData\Roaming\c => moved successfully
    C:\Program Files (x86)\GenlTybros => moved successfully
    C:\Program Files (x86)\AnonymizerGadget => moved successfully
    C:\Users\Sharon-Toshiba\AppData\Roaming\AGData => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8A53A33-5AF0-4D4E-B297-45BAF58707FA} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8A53A33-5AF0-4D4E-B297-45BAF58707FA} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-sys => key removed successfully
    =========== EmptyTemp: ==========
    BITS transfer queue => 6053888 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 68352430 B
    Java, Flash, Steam htmlcache => 4243 B
    Windows/system/drivers => 21907112 B
    Edge => 277060127 B
    Chrome => 778676194 B
    Firefox => 379349288 B
    Opera => 587571013 B
    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 128 B
    systemprofile32 => 897528 B
    LocalService => 15736 B
    NetworkService => 731378 B
    defaultuser0 => 0 B
    Sharon-Toshiba => 1397529965 B
    RecycleBin => 7602309 B
    EmptyTemp: => 3.3 GB temporary data Removed.
    ================================
    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-07-2017 09:27:56)
    C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist => Is moved successfully
    C:\Users\Sharon-Toshiba\AppData\Local\llssoft => Is moved successfully
    C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist => Is moved successfully
    Result of scheduled keys to remove after reboot:
    HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
    HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected
    ==== End of Fixlog 09:27:56 ====
     

    Attached Files:

  6. Outdacell

    Outdacell Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    138
    First Name:
    Melvin
    Thanks for replying!
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,219
    First Name:
    Derek
    looks like it still has problems
    download & run the Emsisoft Emergency Repair Kit and see what that manages to fix
    please post back any logs it makes so we can see what next steps to take
     
    Outdacell likes this.
  8. Outdacell

    Outdacell Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    138
    First Name:
    Melvin
    Do I quarantine these or delete them?

    Emsisoft Emergency Kit - Version 2017.6
    Last update: 7/11/2017 6:42:16 PM
    User account: DESKTOP-RL5BCH2\Sharon-Toshiba
    Computer name: DESKTOP-RL5BCH2
    OS version: Windows 10x64
    Scan settings:
    Scan type: Malware Scan
    Objects: Rootkits, Memory, Traces, Files
    Detect PUPs: On
    Scan archives: Off
    Scan mail archives: Off
    ADS Scan: On
    File extension filter: Off
    Direct disk access: Off
    Scan start: 7/11/2017 6:44:27 PM
    C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe detected: Application.Agent.ASX (B) [krnl.xmd]
    C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe detected: Application.Agent.ASY (B) [krnl.xmd]
    C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist detected: Trojan.Trafmous (A) [286865]
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C} detected: Adware.Win32.Stripow (A) [257116]
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR -> {669695BC-A811-4A9D-8CDF-BA8C795F261C} detected: Adware.Win32.Stripow (A) [257125]
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9} detected: Adware.Win32.FastSearch (A) [267829]
    Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DATAUP detected: Trojan.Trafmous (A) [286844]
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} detected: Trojan.SmartService (A) [287271]
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} detected: Trojan.SmartService (A) [287271]
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} detected: Trojan.SmartService (A) [287272]
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} detected: Trojan.SmartService (A) [287273]
    C:\ProgramData\Malwarebytes' Anti-Malware (portable)\ndistpr64.sys-k.mbam detected: Rootkit.Agent.AJGT (B) [krnl.xmd]
    C:\ProgramData\Malwarebytes' Anti-Malware (portable)\ndistpr64.sys-r.mbam detected: Rootkit.Agent.AJGT (B) [krnl.xmd]
    C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\regtool\regtool.exe detected: Trojan.GenericKD.5377594 (B) [krnl.xmd]
    C:\Users\Sharon-Toshiba\AppData\Local\Opera Software\Opera Stable\old_Cache_000\f_01a059 -> (INFECTED_JS) detected: JS:Trojan.Cryxos.1018 (B) [krnl.xmd]
    Scanned 116537
    Found 15
    Scan end: 7/11/2017 7:38:24 PM
    Scan time: 0:53:57
     

    Attached Files:

  9. Outdacell

    Outdacell Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    138
    First Name:
    Melvin
    I'll quarantine them for now.
     
  10. Outdacell

    Outdacell Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    138
    First Name:
    Melvin
    For now, I'll select ok.

    upload_2017-7-11_19-56-9.png
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,219
    First Name:
    Derek
    release these 2 from quarantine.
    they are a false positive
    C:\ProgramData\Malwarebytes' Anti-Malware (portable)\ndistpr64.sys-k.mbam detected: Rootkit.Agent.AJGT (B) [krnl.xmd]
    C:\ProgramData\Malwarebytes' Anti-Malware (portable)\ndistpr64.sys-r.mbam detected: Rootkit.Agent.AJGT (B) [krnl.xmd]

    how is it now
    Are you still getting any problems
     
  12. Outdacell

    Outdacell Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    138
    First Name:
    Melvin
    Yes I am, I can't run Malwarebytes without it saying its running even though the service is stopped.
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,219
    First Name:
    Derek
    it looks like the malware is still there
    I have been doing a bit of research on fixing this one and there is an alternative fix. It is quite long & reasonably complicated but has been laid out in easy to follow steps
    https://www.bleepingcomputer.com/virus-removal/remove-ntuserlitelist-adware-and-Trojans

    I don't normally like suggesting a victim follows self help guides from another site, but in this case, it appears to be the only solution that does normally work.
     
    Outdacell likes this.
  14. Outdacell

    Outdacell Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    138
    First Name:
    Melvin
    Ok, I'll follow it and follow back on the results.
    I also ran another scan


    Emsisoft Emergency Kit - Version 2017.6
    Last update: 7/11/2017 6:42:16 PM
    User account: DESKTOP-RL5BCH2\Sharon-Toshiba
    Computer name: DESKTOP-RL5BCH2
    OS version: Windows 10x64
    Scan settings:
    Scan type: Quick Scan
    Objects: Rootkits, Memory, Traces
    Detect PUPs: On
    Scan archives: Off
    Scan mail archives: Off
    ADS Scan: On
    File extension filter: Off
    Direct disk access: Off
    Scan start: 7/12/2017 2:15:38 AM
    C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe detected: Application.Agent.ASX (B) [krnl.xmd]
    C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe detected: Application.Agent.ASY (B) [krnl.xmd]
    C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist detected: Trojan.Trafmous (A) [286865]
    Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DATAUP detected: Trojan.Trafmous (A) [286844]
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} detected: Trojan.SmartService (A) [287271]
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} detected: Trojan.SmartService (A) [287271]
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} detected: Trojan.SmartService (A) [287272]
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} detected: Trojan.SmartService (A) [287273]
    Scanned 63146
    Found 8
    Scan end: 7/12/2017 2:16:53 AM
    Scan time: 0:01:15
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} Trojan.SmartService (A)
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} Trojan.SmartService (A)
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} Trojan.SmartService (A)
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} Trojan.SmartService (A)
    C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist Trojan.Trafmous (A)
    C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe Application.Agent.ASY (B)
    C:\Users\Sharon-Toshiba\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe Application.Agent.ASX (B)
    Quarantined 7
     

    Attached Files:

  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,219
    First Name:
    Derek
    Outdacell likes this.
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1192799

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice