GeekPolice Tech TutorialsLog in

 

Avast detected Win32:WanaCry-A [Trj]

Share

descriptionSolvedAvast detected Win32:WanaCry-A [Trj]

more_horiz
Hello. It's been a while since I last posted here.

Earlier my avast reported that it has blocked Win32:WanaCry-A [Trj] from C://Windows/mssecsvc.exe. I promptly scanned with Malwarebytes and it came up with nothing, and I haven't had any problems ever since, but I wouldn't want any risk. Here are the Farbar log files.

Hope someone would be able to help me with this. Thank you very much!

(FRST log)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Lenovo (administrator) on LENOVO-PC (06-09-2017 15:44:02)
Running from C:\Users\Lenovo\Desktop
Loaded Profiles: Lenovo & UpdatusUser (Available Profiles: Lenovo & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Smadsoft) C:\Program Files (x86)\Smadav\SMΔRTP.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
() C:\Program Files\4G LTE Modem\4G_Server.exe
() C:\Program Files\Smartfren Connex CE682 UI\HEject.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-05] (Avast Software s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-554792734-2349590706-3231685140-1000\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1552384 2013-06-08] (Smadsoft)
HKU\S-1-5-21-554792734-2349590706-3231685140-1000\...\MountPoints2: {644c2e0f-fac4-11e5-92e8-3c970e78b861} - F:\startme.exe
HKU\S-1-5-21-554792734-2349590706-3231685140-1000\...\MountPoints2: {8d8898f4-89ec-11e7-a0bf-3c970e78b861} - F:\Setup.exe
HKU\S-1-5-21-554792734-2349590706-3231685140-1000\...\MountPoints2: {c314f666-61f6-11e5-9c0c-3c970e78b861} - F:\Setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-22] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-05-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-05-02] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 152.118.148.61
Tcpip\..\Interfaces\{0F3BF603-014F-4837-A02B-0C14AE86E29D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C8636510-DCCB-4567-A145-93D2F64DCD37}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{D7AFF867-DE79-4C10-B7E0-ADE42EE1B4DD}: [DhcpNameServer] 152.118.148.61

Internet Explorer:
==================
HKU\S-1-5-21-554792734-2349590706-3231685140-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-554792734-2349590706-3231685140-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://plasa.msn.com/?ocid=iehp
HKU\S-1-5-21-554792734-2349590706-3231685140-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKU\S-1-5-21-554792734-2349590706-3231685140-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-554792734-2349590706-3231685140-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-554792734-2349590706-3231685140-1001 -> DefaultScope {6A1806CD-94D4-4689 URL =
SearchScopes: HKU\S-1-5-21-554792734-2349590706-3231685140-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-03] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-03] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\d6qkra4s.default [2017-09-06]
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\d6qkra4s.default -> Delta Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\d6qkra4s.default ->
FF Homepage: Mozilla\Firefox\Profiles\d6qkra4s.default -> hxxp://www.google.com/
FF Extension: (MEGA) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\d6qkra4s.default\Extensions\firefox@mega.co.nz.xpi [2017-09-06]
FF Extension: (Firefox Screenshots) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\d6qkra4s.default\features\{0d76c49e-7032-48d1-a097-235e4b1c7145}\screenshots@mozilla.org.xpi [2017-09-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-02-06] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @peeringportal.com/AOD -> C:\Windows\nppeeraod.dll [2014-04-02] (Peering Portal, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2010-10-07] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2010-10-07] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-04] (Apple Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.dregol.com/?f=1&a=drg_ir_15_28&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBzyyEzyyB0A0BtBzztB0AtN0D0Tzu0StCtBzzzztN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAzy0DyEtDyDyE0AtGyCzz0AyBtG0EyC0ByBtGtDtBtAzztGtCyD0BtAtA0F0EyE0F0AzztC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyDyDtBtDyE0BtAtGyBtByCzytGyE0DzyzytG0AtC0E0FtGzzyCtD0F0BtAtD0AtCtCyEzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzzyDyB&cr=970179351&ir=
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default [2017-09-04]
CHR Extension: (Google Slides) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]
CHR Extension: (Google Search) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (NicoNico Audio Extractor) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecoahjklhopckkiefihjloeidikepdh [2015-01-13]
CHR Extension: (Adobe Acrobat) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-19]
CHR Extension: (Google Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-30]
CHR Extension: (Avast Online Security) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-09-04]
CHR Extension: (SoundCloud Downloader Free) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2015-12-02]
CHR Extension: (Skype) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-04]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-13]
CHR Extension: (Chrome Media Router) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-03] (Avast Software s.r.o.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
R2 CDROM_Detect; C:\Program Files\4G LTE Modem\4G_Server.exe [327680 2016-11-19] () [File not signed]
R2 CDROM_Eject_H; C:\Program Files\Smartfren Connex CE682 UI\HEject.exe [306176 2013-10-26] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-20] (Wacom Technology, Corp.)
S2 TabletServicePen; C:\Windows\system32\Pen_Tablet.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-03] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-03] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-03] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-05] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-03] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-03] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
S3 CT_QUALCOMM_U_drv; C:\Windows\System32\DRIVERS\CT_QUALCOMM_U_drv.sys [118016 2009-04-27] (QUALCOMM Incorporated)
S3 UsbModemDriver; C:\Windows\System32\DRIVERS\USB_MODEM_H.sys [28160 2013-07-18] ()
S3 USB_BusEnum_H; C:\Windows\System32\DRIVERS\USB_BusEnum_H.sys [44544 2013-07-18] ()
S3 USB_ETS_H; C:\Windows\System32\DRIVERS\USB_ETS_H.sys [21760 2013-07-18] (Via Telecom, Inc.)
S3 USB_WinMux_H; C:\Windows\System32\DRIVERS\USB_WinMux_H.sys [37376 2013-07-18] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-06 15:44 - 2017-09-06 15:45 - 000024813 _____ C:\Users\Lenovo\Desktop\FRST.txt
2017-09-06 15:43 - 2017-09-06 15:44 - 000000000 ____D C:\FRST
2017-09-06 15:41 - 2017-09-06 15:42 - 002395648 _____ (Farbar) C:\Users\Lenovo\Desktop\FRST64.exe
2017-09-04 08:12 - 2017-09-04 08:12 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Google
2017-08-26 06:58 - 2017-08-26 10:40 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\4G_General
2017-08-26 06:58 - 2017-08-26 06:58 - 000000769 _____ C:\Users\Public\Desktop\4G LTE Modem.lnk
2017-08-26 06:58 - 2017-08-26 06:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4G LTE Modem
2017-08-26 06:57 - 2017-08-26 06:58 - 000000000 ____D C:\Program Files\4G LTE Modem
2017-08-26 06:57 - 2009-04-27 16:33 - 000118016 _____ (QUALCOMM Incorporated) C:\Windows\system32\Drivers\CT_QUALCOMM_U_drv.sys
2017-08-22 16:48 - 2017-08-22 16:48 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-06 14:41 - 2009-07-14 11:45 - 000014448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-06 14:41 - 2009-07-14 11:45 - 000014448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-06 14:40 - 2014-07-16 07:12 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-06 14:35 - 2016-11-17 09:43 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Mozilla
2017-09-06 14:33 - 2013-06-08 18:41 - 000000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-09-06 14:32 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-05 08:27 - 2009-07-14 12:13 - 000779266 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-05 08:27 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf
2017-09-05 08:01 - 2013-06-16 19:13 - 000000132 _____ C:\Users\Lenovo\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-09-03 16:16 - 2013-06-08 18:41 - 000000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-09-03 05:19 - 2013-06-08 18:57 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Adobe
2017-08-30 07:37 - 2013-06-08 19:16 - 000118048 _____ C:\Users\Lenovo\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-30 06:39 - 2013-06-11 19:25 - 000004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-08-29 08:48 - 2013-06-08 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-08-29 08:04 - 2013-06-08 18:36 - 000000000 ____D C:\Users\UpdatusUser
2017-08-29 08:01 - 2009-07-14 11:45 - 005028936 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-29 07:46 - 2014-02-17 17:41 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Corel
2017-08-29 07:00 - 2015-01-13 08:04 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-29 07:00 - 2015-01-13 08:04 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-28 06:48 - 2016-11-16 10:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-28 06:48 - 2013-06-08 18:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-25 15:01 - 2013-06-13 06:33 - 000000000 ____D C:\Users\Lenovo\Documents\I don't even
2017-08-22 16:48 - 2016-08-25 11:31 - 000000000 ____D C:\Program Files\Tablet
2017-08-21 07:42 - 2013-06-08 19:14 - 000000000 __SHD C:\[Smad-Cage]
2017-08-08 21:23 - 2017-05-19 18:18 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-08 21:23 - 2013-06-11 18:58 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-08 21:23 - 2013-06-11 18:58 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-08 21:23 - 2013-06-11 18:58 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-08 21:23 - 2013-06-11 18:58 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-08 21:23 - 2013-06-11 18:58 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2007-10-27 15:24 - 2007-10-27 15:24 - 000000338 _____ () C:\Program Files (x86)\anthro_data.dat
2001-11-17 07:37 - 2001-11-17 07:37 - 000025664 _____ () C:\Program Files (x86)\ant_new.dat
2007-10-27 15:46 - 2007-10-27 15:46 - 000000000 _____ () C:\Program Files (x86)\ausbeute.dat
2007-08-29 05:33 - 2007-08-29 05:33 - 001231140 _____ () C:\Program Files (x86)\bls.dat
2007-10-27 15:49 - 2007-10-27 15:49 - 000001376 _____ () C:\Program Files (x86)\DECKUNG.DAT
2007-10-27 14:03 - 2007-10-27 14:03 - 000021054 _____ () C:\Program Files (x86)\dge.rcd
2007-10-27 14:03 - 2007-10-27 14:03 - 000021054 _____ () C:\Program Files (x86)\dge2000.rcd
2007-10-20 02:25 - 2007-10-20 02:25 - 000001391 _____ () C:\Program Files (x86)\diet.epl
2007-10-27 14:03 - 2007-10-27 14:03 - 000016269 _____ () C:\Program Files (x86)\fao-who.rcd
2007-10-27 14:03 - 2007-10-27 14:03 - 000005069 _____ () C:\Program Files (x86)\foodfreq.dat
2001-12-01 21:41 - 2001-12-01 21:41 - 000006278 _____ () C:\Program Files (x86)\gruppen.dat
2007-10-29 06:15 - 2007-10-29 06:15 - 000036729 _____ () C:\Program Files (x86)\help.chm
2016-09-26 11:38 - 2016-09-26 11:38 - 000002157 _____ () C:\Program Files (x86)\INSTALL.LOG
1998-09-11 08:58 - 1998-09-11 08:58 - 000054155 _____ () C:\Program Files (x86)\intervie.dat
2007-01-04 09:36 - 2007-01-04 09:36 - 000000000 _____ () C:\Program Files (x86)\lm_info.dat
2007-04-03 13:23 - 2007-04-03 13:23 - 000012384 _____ () C:\Program Files (x86)\Naehrstoff_Erhaltung.dat
2007-10-29 06:18 - 2007-10-29 06:18 - 000620032 _____ () C:\Program Files (x86)\nutrisurvey.exe
2007-10-27 14:03 - 2007-10-27 14:03 - 000017226 _____ () C:\Program Files (x86)\rda.rcd
2007-10-29 06:36 - 2007-10-29 06:36 - 000000390 _____ () C:\Program Files (x86)\readme.txt
2007-10-27 15:46 - 2007-10-27 15:46 - 000038535 _____ () C:\Program Files (x86)\rezepte.dat
2007-10-27 15:48 - 2007-10-27 15:48 - 000036210 _____ () C:\Program Files (x86)\sprache.dat
2007-10-27 14:05 - 2007-10-27 14:05 - 000036210 _____ () C:\Program Files (x86)\sprache.org
2002-01-26 11:26 - 2002-01-26 11:26 - 000019968 _____ () C:\Program Files (x86)\template.dot
2016-10-03 11:36 - 2016-10-03 11:36 - 000008910 _____ () C:\Program Files (x86)\winebis.ini
2014-09-07 18:14 - 2014-09-07 20:34 - 000000132 _____ () C:\Users\Lenovo\AppData\Roaming\Adobe GIF Format CS5 Prefs
2013-06-16 19:13 - 2017-09-05 08:01 - 000000132 _____ () C:\Users\Lenovo\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-02-17 17:41 - 2014-02-17 17:41 - 000000088 __RSH () C:\ProgramData\64258BCEE8.sys
2014-02-17 17:41 - 2014-02-17 17:41 - 000002828 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
2016-04-05 10:37 - 2016-04-05 10:37 - 000003584 _____ () C:\Users\Lenovo\AppData\Local\Temp\3zrndgww.dll
2015-09-18 17:48 - 2012-06-06 12:03 - 000805376 _____ (Microsoft Corporation) C:\Users\Lenovo\AppData\Local\Temp\cdo3589887275.dll
2016-01-22 19:13 - 2016-01-22 19:13 - 000003584 _____ () C:\Users\Lenovo\AppData\Local\Temp\enpyfxs0.dll
2013-06-11 18:47 - 2013-06-11 18:49 - 017617288 _____ (Adobe Systems Incorporated) C:\Users\Lenovo\AppData\Local\Temp\fp_pl_pfs_installer.exe
2017-05-03 06:58 - 2017-05-03 06:58 - 001562112 _____ (Opera Software) C:\Users\Lenovo\AppData\Local\Temp\Opera_installer_201752581249.dll
2017-05-03 06:58 - 2017-05-03 06:58 - 001562112 _____ (Opera Software) C:\Users\Lenovo\AppData\Local\Temp\Opera_installer_201752583193.dll
2017-05-03 06:58 - 2017-05-03 06:58 - 001562112 _____ (Opera Software) C:\Users\Lenovo\AppData\Local\Temp\Opera_installer_2017525831998.dll
2017-05-03 07:00 - 2017-05-03 07:00 - 001980416 _____ (Opera Software) C:\Users\Lenovo\AppData\Local\Temp\Opera_installer_201753054625.dll
2014-02-23 01:06 - 2014-02-23 05:04 - 000003584 _____ () C:\Users\Lenovo\AppData\Local\Temp\rctn96ox.dll
2015-04-06 20:38 - 2015-04-06 20:46 - 045209696 _____ (Skype Technologies S.A.) C:\Users\Lenovo\AppData\Local\Temp\SkypeSetup.exe
2017-08-29 07:46 - 2007-11-29 18:05 - 000501024 _____ (Corel Corporation) C:\Users\Lenovo\AppData\Local\Temp\Uninst.exe
2013-06-11 19:49 - 2013-06-11 19:50 - 004961800 _____ (Microsoft Corporation) C:\Users\Lenovo\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-08 13:48

==================== End of FRST.txt ============================

descriptionSolvedRe: Avast detected Win32:WanaCry-A [Trj]

more_horiz
Here's the Addition log.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Lenovo (06-09-2017 15:45:25)
Running from C:\Users\Lenovo\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-06-08 11:30:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-554792734-2349590706-3231685140-500 - Administrator - Disabled)
Guest (S-1-5-21-554792734-2349590706-3231685140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-554792734-2349590706-3231685140-1610 - Limited - Enabled)
Lenovo (S-1-5-21-554792734-2349590706-3231685140-1000 - Administrator - Enabled) => C:\Users\Lenovo
UpdatusUser (S-1-5-21-554792734-2349590706-3231685140-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4G LTE Modem (HKLM\...\4G LTE Modem_is1) (Version:  - )
4Media MP4 to MP3 Converter 6 (HKLM-x32\...\4Media MP4 to MP3 Converter 6) (Version: 6.8.0.1101 - 4Media)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.9.9 - Atheros Communications Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.8.0.29676 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{3792811C-832F-4392-B44A-24092901EDDC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Edirol HQ Orchestral VSTi v1.03 (HKLM-x32\...\Edirol HQ Orchestral VSTi v1.03) (Version:  - )
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.2.5 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.2.5 - Lenovo)
FairStars CD Ripper 1.90 (HKLM-x32\...\FairStars CD Ripper_is1) (Version:  - FairStars Soft)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP Deskjet Ink Adv 2060 K110 Basic Device Software (HKLM\...\{857F4F6C-3CEF-4E80-8EB5-2DF65DFD8ED9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet Ink Adv 2060 K110 Help (HKLM-x32\...\{261A4762-744B-4C71-81D2-57FA5038DC7B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet Ink Adv 2060 K110 Product Improvement Study (HKLM\...\{CC25768B-BC3C-4D5D-B511-9BE035616B11}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
IHMC CmapTools v5.05.01 (HKLM-x32\...\IHMC CmapTools v5.05.01) (Version: 5.0.5.1 - Institute for Human & Machine Cognition)
IK Multimedia Authorization Manager version 1.0.9 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.9 - IK Multimedia)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35132 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2656 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
LINE (HKU\S-1-5-21-554792734-2349590706-3231685140-1000\...\LINE) (Version: 5.3.0.1506 - LINE Corporation)
M3 Kedokteran (HKLM-x32\...\{1CA28C2F-235A-4A06-948A-0D7F08714276}) (Version: 1.1.0 - PT Yapindo Jaya Abadi)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 id) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 id)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
NutriSurvey 2007 for Windows (HKLM-x32\...\NutriSurvey 2007 for Windows) (Version:  - )
NVIDIA Graphics Driver 296.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.73 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.7.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.13 - NVIDIA Corporation)
Opera Stable 44.0.2510.1449 (HKLM-x32\...\Opera 44.0.2510.1449) (Version: 44.0.2510.1449 - Opera Software)
Pandora Service (HKLM-x32\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV) <==== ATTENTION
PASW Statistics 18 (HKLM-x32\...\{C25215FC-5900-48B0-B93C-8D3379027312}) (Version: 18.0.0 - SPSS Inc.)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Pdfedit (HKLM-x32\...\{6C11089A-E23F-4E9B-B12C-316BF1A4376B}) (Version: 4.5.0.0 - PdfEdit team)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
Python 2.7.12 (64-bit) (HKLM\...\{9DA28CE5-0AA5-429E-86D8-686ED898C666}) (Version: 2.7.12150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
SampleTank FREE (HKLM-x32\...\{6559654F-2F38-491F-8411-211517C3E635}) (Version: 2.5.5 - IK Multimedia)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
Smartfren Connex CE682 UI (HKLM\...\Smartfren Connex CE682 UI_is1) (Version:  - )
Steinberg Hypersonic VSTi DXi v2.0 (HKLM-x32\...\Steinberg Hypersonic VSTi DXi_is1) (Version:  - )
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)
Vegas Pro 10.0 (64-bit) (HKLM\...\{C616FD4F-11F5-11E0-A38F-0013D3D69929}) (Version: 10.0.470 - Sony)
VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
スホタフソ・ケツチ・ヌテキケタフセ・ニトタフセ鏆コ ヌテキッアラタホ (HKLM-x32\...\スホタフソ・ケツチ・ヌテキケタフセ・ニトタフセ鏆コ ヌテキッアラタホ) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-03] (Avast Software s.r.o.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-03] (Avast Software s.r.o.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-03] (Avast Software s.r.o.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers3-x32: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\Smadav\SmadExtc.dll [2010-02-19] (Smadsoft)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-02-17] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2012-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-03] (Avast Software s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6-x32: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\Smadav\SmadExtc.dll [2010-02-19] (Smadsoft)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {36869DF3-5D42-4E0D-AE1D-0C416AD122AF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-20] (Avast Software s.r.o.)
Task: {574C5F8C-5322-488F-85AB-2323FD32C362} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5E9566A5-C45E-485E-AF5C-ACA68BFCC64C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {940ACEAC-16C0-41A6-B56A-93F12343F2E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9D1C0A4C-88A5-4BFA-8D3C-907546908E78} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {9E1B6130-1985-478F-A292-310815B3024E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {B3979309-DDAC-4851-B299-59097C428E86} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-16] (AVAST Software)
Task: {B7946BCF-6367-4FF2-BB6A-16AC75BF2057} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {BB75D126-6D65-4385-9AC2-14F5C6813C76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C5C6E67F-EF34-4A9C-9C82-53BC595EF07C} - System32\Tasks\AdobeAAMUpdater-1.0-Lenovo-PC-Lenovo => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {C6433F76-C027-416C-A1BA-5667E520F021} - System32\Tasks\HPCustParticipation HP Deskjet Ink Adv 2060 K110 => C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {CDF5B61F-87CD-4CE1-9DD2-042E915E7C31} - System32\Tasks\{5FAEAC12-67E4-4CF1-8249-ADFB261B89B1} => C:\Windows\system32\pcalua.exe -a "D:\Installer & Stuffs\nutrisurvey2007.exe" -d "D:\Installer & Stuffs"
Task: {F761914E-8B39-467C-A4AC-819692CE1C6F} - System32\Tasks\updater => C:\Program Files (x86)\M3 Kedokteran\M3 Updater.exe [2014-08-28] (PT Yapindo Jaya Abadi)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com
Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://www.image-line.com/diagnosti
Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com
Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk

==================== Loaded Modules (Whitelisted) ==============

2011-03-17 00:07 - 2011-03-17 00:07 - 004297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-08-26 06:57 - 2016-11-19 22:32 - 000327680 _____ () C:\Program Files\4G LTE Modem\4G_Server.exe
2015-09-24 10:47 - 2013-10-26 09:42 - 000306176 _____ () C:\Program Files\Smartfren Connex CE682 UI\HEject.exe
2013-06-08 18:40 - 2011-12-16 11:37 - 000128280 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2016-08-25 11:32 - 2014-08-20 02:12 - 001356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2015-07-03 19:01 - 2015-07-03 19:01 - 000104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-03 19:01 - 2015-07-03 19:01 - 000081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-09-06 09:46 - 2017-09-06 09:46 - 005897648 _____ () C:\Program Files\AVAST Software\Avast\defs\17090502\algo.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 000073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 001044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-08-26 06:57 - 2016-11-19 22:32 - 000375808 _____ () C:\Program Files\4G LTE Modem\ATManager.dll
2013-06-11 20:13 - 2012-10-22 11:21 - 001277952 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll
2013-06-11 20:13 - 2012-07-09 17:57 - 002090496 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avcodec-53.dll
2013-06-11 20:13 - 2011-12-06 16:19 - 000133632 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avutil-51.dll
2013-06-11 20:13 - 2012-03-23 10:07 - 000224768 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\libupnp.dll
2015-07-03 19:01 - 2015-07-03 19:01 - 040540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 004297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 008801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-06-08 18:40 - 2011-12-16 09:39 - 001198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2009-06-11 04:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-554792734-2349590706-3231685140-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 152.118.148.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Energy Management => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
MSCONFIG\startupreg: EnergyUtility => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{8A53A090-946C-4E6C-8F72-FF84CD98A967}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8464671B-510F-4C71-B56A-4EF11FF7ADD9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1C74A6B4-913B-42F6-9589-423E94A791F7}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{4641ACB0-068B-4820-9379-3918C0D5A7A1}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5C99A325-9845-4784-BF59-5624A0444A80}] => (Allow) C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\USBSetup.exe
FirewallRules: [{0A64B76D-1D3C-474C-8DEF-94597D9B0DE7}] => (Allow) C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\USBSetup.exe
FirewallRules: [{CFBFD930-5165-45A3-8460-91EB676A687C}] => (Allow) C:\Users\Lenovo\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{48F45634-00EC-48AE-A6BC-04B641BC16AE}] => (Allow) C:\Users\Lenovo\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{CF56D769-A37B-44D0-810A-56E5C18A8C4F}C:\users\lenovo\desktop\bittorrent.exe] => (Block) C:\users\lenovo\desktop\bittorrent.exe
FirewallRules: [UDP Query User{A4D4061B-AA77-4A26-ADF8-0CC745F5BBD6}C:\users\lenovo\desktop\bittorrent.exe] => (Block) C:\users\lenovo\desktop\bittorrent.exe
FirewallRules: [{E884BB20-AAFA-42A1-ADDF-D1CCAB5ACC4C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{99D1F5FD-4F69-4085-A8E9-8D5241562C14}] => (Allow) LPort=2869
FirewallRules: [{07611C57-CBE2-4828-B00D-72D580B9630D}] => (Allow) LPort=1900
FirewallRules: [{CF2F8DCB-47F3-49F0-9AFB-94CD44AB5137}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7B11EC2B-FC2F-4DBE-9EC2-20E27B677312}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0069286-EFD1-4769-83DA-47FA37F41229}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7825F991-5CF8-4734-B37A-FB741C4F1211}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5220064F-CF64-41A3-964B-DCA9CC17D37D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{556D46C5-AEC9-40B0-9272-46DA5B874020}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{6F146DDD-3EE2-471C-9848-AB8FC06194FB}C:\program files (x86)\ihmc cmaptools\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ihmc cmaptools\jre\bin\javaw.exe
FirewallRules: [UDP Query User{8B6F24E1-CA23-49D4-9828-FE621B99B261}C:\program files (x86)\ihmc cmaptools\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ihmc cmaptools\jre\bin\javaw.exe
FirewallRules: [{343CF5B6-418E-4DC0-AC27-D0EA5772897D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B0F459C7-7018-46C7-9EDF-6ACF715EDC22}] => (Allow) C:\Windows\skcbgm.exe
FirewallRules: [{173D4B63-B12E-4F9D-9B5D-A9B7C5DF77F5}] => (Allow) C:\Windows\skcbgm.exe
FirewallRules: [{5FB7CE2D-F200-4BB9-8CFA-B673D31B22FA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{047B5E1B-5CC5-4643-9652-47B63EEE47E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9ED54E5D-822B-4599-A922-BB8982675BE4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{68565AB9-832C-4DD4-B48E-E49E7F9FA790}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2D4A9DB6-1C64-4CA9-8A62-658972B82FA7}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [{A15E5546-A2BB-4048-9E1A-4AF8BFFB5FF9}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{AC7CC3B3-F4D3-4280-A233-3BDAF0C1B8E9}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [{5509295C-1861-4F65-9BEB-CB9FAF78554A}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{2227E5CA-8471-4B4C-AC02-A8AF2636CD3D}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [{D2A0E85A-4CFA-4C84-9C6B-2D53EE891882}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [TCP Query User{A8CF03D6-1AFF-40E9-9F44-8FDE50A92DB9}C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe] => (Allow) C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe
FirewallRules: [UDP Query User{E1795B06-A712-4DEB-9030-30246685750C}C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe] => (Allow) C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe
FirewallRules: [TCP Query User{C02DB129-22DA-4E77-BBA4-C013950FA032}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe
FirewallRules: [UDP Query User{96680F23-41F4-4E35-A397-DB2EE8447F40}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe
FirewallRules: [{4213732C-4836-49D3-AD87-ED828346365D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C9B1D7F1-A5B9-4039-B78F-2F0BE1F73C3F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{28EDA197-184A-4753-A599-60933BC05273}] => (Allow) C:\Users\Lenovo\AppData\Local\LINE\bin\4.10.2.1257\LINE.exe
FirewallRules: [{A6441A87-485E-4157-87B2-3E8C19E4AE58}] => (Allow) C:\Users\Lenovo\AppData\Local\LINE\bin\4.10.2.1257\LINE.exe
FirewallRules: [{C9D38352-03D3-4575-951C-C73C0D67ED2C}] => (Allow) C:\Users\Lenovo\AppData\Local\LINE\bin\4.10.2.1257\LineUpdater.exe
FirewallRules: [{3C2EE569-D4DD-4AA9-A410-23F39256C876}] => (Allow) C:\Users\Lenovo\AppData\Local\LINE\bin\4.10.2.1257\LineUpdater.exe
FirewallRules: [{3F6FE9B3-08E4-4B48-A8A8-AB47EE760B3F}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{EACA77C6-9516-4608-9595-61758043D01E}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{32921016-F017-4678-91BC-EEFE35D5D92D}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{2B1C2F56-C62D-4929-88AB-D6FCCE4BA98D}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{2E993B63-EF3F-4580-9FDF-C35F26AACC12}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0C902298-9714-48DA-9F5E-5D6205C4411B}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{9BE422BD-98B8-4A83-BD9F-1142E1169694}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{D75B6E48-5C61-4829-8666-EAD752AA54A5}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{9662F844-5958-4A37-8187-202310556ED6}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: NVIDIA GeForce 610M    
Description: NVIDIA GeForce 610M    
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvlddmkm
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2017 08:06:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4179579

Error: (09/05/2017 08:06:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4179579

Error: (09/05/2017 08:06:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/05/2017 08:06:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4178549

Error: (09/05/2017 08:06:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4178549

Error: (09/05/2017 08:06:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/05/2017 08:06:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4177535

Error: (09/05/2017 08:06:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4177535

Error: (09/05/2017 08:06:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/05/2017 08:06:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4176537


System errors:
=============
Error: (09/06/2017 02:58:33 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/06/2017 02:58:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/06/2017 02:36:13 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/06/2017 02:36:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/06/2017 02:35:52 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/06/2017 02:35:39 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/06/2017 02:35:28 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/06/2017 02:35:18 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/06/2017 02:35:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/06/2017 02:34:57 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


CodeIntegrity:
===================================
  Date: 2016-09-22 19:00:32.595
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-22 19:00:32.593
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-21 18:55:02.593
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-21 18:55:02.517
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 72%
Total physical RAM: 3943.41 MB
Available physical RAM: 1103.14 MB
Total Virtual: 7885 MB
Available Virtual: 4278.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:99.9 GB) (Free:10.83 GB) NTFS
Drive d: () (Fixed) (Total:365.76 GB) (Free:25.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=365.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

descriptionSolvedRe: Avast detected Win32:WanaCry-A [Trj]

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer. 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download AdwareCleaner onto your Desktop. AdwCleaner

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.



If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.



AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.



AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.


  • It should update automatically if the computer is connected to the internet.
  • Click on Threat Scan and click on Scan Now.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  • Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  • When disinfection is completed you can click on "Copy to Clipboard".
  • Paste the log in you next reply (CTRL+ V)

*************************************************
Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Security Check

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

descriptionSolvedRe: Avast detected Win32:WanaCry-A [Trj]

more_horiz
P2P - I see you have P2P software (BitTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

descriptionSolvedRe: Avast detected Win32:WanaCry-A [Trj]

more_horiz
Thanks for the response, Dave. Here's the Adwcleaner log:

# AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 07 13:00:24 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: PanService


***** [ Folders ] *****

Deleted: C:\Program Files (x86)\PANDORA.TV
Deleted: C:\Users\Lenovo\AppData\Local\Bundled software uninstaller
Deleted: C:\Users\Lenovo\AppData\Local\Temp\mt_ffx
Deleted: C:\ProgramData\BitGuard
Deleted: C:\ProgramData\Application Data\BitGuarda
Deleted: C:\Users\All Users\BitGuard
Deleted: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Deleted: C:\Program Files (x86)\Coupons


***** [ Files ] *****

Deleted: C:\Users\Lenovo\Desktop\Sync Folder.lnk


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\dregol.com
Deleted: [Key] - HKU\S-1-5-21-554792734-2349590706-3231685140-1000\Software\APN PIP
Deleted: [Key] - HKCU\Software\APN PIP
Deleted: [Key] - HKU\S-1-5-21-554792734-2349590706-3231685140-1000\Software\BABSOLUTION
Deleted: [Key] - HKCU\Software\BABSOLUTION
Deleted: [Key] - HKU\S-1-5-21-554792734-2349590706-3231685140-1000\Software\BI
Deleted: [Key] - HKU\S-1-5-21-554792734-2349590706-3231685140-1001\Software\BI
Deleted: [Key] - HKCU\Software\BI
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Deleted: [Key] - HKLM\SOFTWARE\PIP
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\escort.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|BackgroundHost64.exe
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost64.exe
Deleted: [Key] - HKLM\SOFTWARE\Conduit
Deleted: [Key] - HKU\S-1-5-21-554792734-2349590706-3231685140-1000\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{3601b5c5-5255-4dc9-ad46-2951e225f22e}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{a6da7c31-adfa-4531-a681-ff2c75c340f1}
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing|bProtectShowTabsWelcome
Deleted: [Key] - HKLM\SOFTWARE\delta
Deleted: [Key] - HKU\S-1-5-21-554792734-2349590706-3231685140-1000\Software\delta
Deleted: [Key] - HKCU\Software\delta


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: SoundCloud Downloader Free -


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [7118 B] - [2017/9/7 12:55:29]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

descriptionSolvedRe: Avast detected Win32:WanaCry-A [Trj]

more_horiz
The MBAM log (it actually says it detected nothing)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 07/09/2017
Scan Time: 20:38
Logfile: mbam log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.09.07.05
Rootkit Database: v2017.08.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lenovo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358651
Time Elapsed: 38 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

The JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64
Ran by Lenovo (Administrator) on 07/09/2017 at 21:44:06,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 28

Successfully deleted: C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll (File)
Successfully deleted: C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll (File)
Successfully deleted: C:\Users\Lenovo\Appdata\LocalLow\delta (Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Roaming\pdfforge (Folder)
Successfully deleted: C:\Windows\couponprinter.ocx (File)
Successfully deleted: C:\Program Files (x86)\delta (Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\04F74JY9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14P0Z6V2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1K3FVILM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\44B6DVIS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IVYKXL1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6OHCGCD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K7RJA2GR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\04F74JY9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14P0Z6V2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1K3FVILM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\44B6DVIS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IVYKXL1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6OHCGCD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K7RJA2GR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)

Deleted the following from C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\d6qkra4s.default\prefs.js
user_pref(browser.search.order.1, Delta Search);
user_pref(browser.urlbar.suggest.searches, false);
user_pref(extensions.delta.admin, false);
user_pref(extensions.delta.aflt, babsst);
user_pref(extensions.delta.appId, {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3});
user_pref(extensions.delta.autoRvrt, false);
user_pref(extensions.delta.dfltLng, id);
user_pref(extensions.delta.excTlbr, false);
user_pref(extensions.delta.ffxUnstlRst, true);
user_pref(extensions.delta.id, 98ea282a000000000000f4b7e29497ab);
user_pref(extensions.delta.instlDay, 15900);
user_pref(extensions.delta.instlRef, sst);
user_pref(extensions.delta.newTab, false);
user_pref(extensions.delta.prdct, delta);
user_pref(extensions.delta.prtnrId, delta);
user_pref(extensions.delta.rvrt, false);
user_pref(extensions.delta.smplGrp, none);
user_pref(extensions.delta.tlbrId, base);
user_pref(extensions.delta.tlbrSrchUrl, );
user_pref(extensions.delta.vrsn, 1.8.21.5);
user_pref(extensions.delta.vrsnTs, 1.8.21.516:01:45);
user_pref(extensions.delta.vrsni, 1.8.21.5);
user_pref(extensions.delta_i.babExt, );
user_pref(extensions.delta_i.babTrack, affID=119820&tsp=4943);
user_pref(extensions.delta_i.srcExt, ss);
user_pref(extensions.freecorder@freecorder.com.menuitems, [{\name\:\Freecorder Menu Header\,\img\:\hxxp://freecorder.com/fc8/ui/buttons/menu_header.png\,\width\:2



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/09/2017 at 21:49:46,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

descriptionSolvedRe: Avast detected Win32:WanaCry-A [Trj]

more_horiz
And last, the Security Check log.

 Results of screen317's Security Check version 1.014 --- 12/23/15 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
avast! Antivirus  
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 26.0.0.151 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (55.0.3)
 Google Chrome (60.0.3112.113)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````

I don't quite understand these logs, has any of these tools detected any extremely malicious items in my computer? Also for the BitTorrent, I rarely use it now but unfortunately I still need it for some things. I'll use it with caution though, and I might uninstall it in the future once I'd no longer have to use it.

descriptionSolvedRe: Avast detected Win32:WanaCry-A [Trj]

more_horiz
Please update Avast asap. It shows out-of-date. If you can't update it, uninstall it and install MSE below.
MicroSoft Security Essentials   All versions and all languages.

Update your Adobe Reader. get.adobe.com/reader .

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
***************************************************************
has any of these tools detected any extremely malicious items in my computer?

Nothing very malicious. Perhaps, Avast stopped it early enough.

ESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.

    Download and execute ESET OnlineScan (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
    Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :

        Enable detection of potentially unwanted applications;
        Scan archives;
        Scan for potentially unsafe applications;
        Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;

  

    After you're done checking these options, click on Start and ESET Online Scanner will download it's virus signature database before starting the scan;
   

    Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
   

    After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
   


    Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
   


    Once you're done, click on the Back button;
    Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;

descriptionSolvedRe: Avast detected Win32:WanaCry-A [Trj]

more_horiz
Hello, sorry for not replying in a while. I've tried scanning with ESET earlier, but it just took so long (4+ hours and still at about 60% progress...) and I didn't have the time to finish it since my connectivity was limited. I'll make another attempt next day or maybe the day after tomorrow, but is there any tips on how to speed up the scanning process?? Thank you so much.

descriptionSolvedRe: Avast detected Win32:WanaCry-A [Trj]

more_horiz
Damnion wrote:
Hello, sorry for not replying in a while. I've tried scanning with ESET earlier, but it just took so long (4+ hours and still at about 60% progress...) and I didn't have the time to finish it since my connectivity was limited. I'll make another attempt next day or maybe the day after tomorrow, but is there any tips on how to speed up the scanning process?? Thank you so much.

It's not a big deal if you can't run it but it really shouldn't take that long. Other than that warning did you have any other indications that your computer was infected?

descriptionSolvedRe: Avast detected Win32:WanaCry-A [Trj]

more_horiz
The progress bar was already at about 90% when it was scanning C:, but afterwards it started scanning D: and the bar went back to 60% or so... I have only 9 GB left on C:, could that have something to do with it? As for any other indications of being infected, nothing's acting weird so far. Anyway, when I stopped the scan, it already detected some stufs, so here's the log.

C:\AdwCleaner\Quarantine\exuieaoEiI\uninstall.exe    a variant of Win32/Adware.Coupons.AA application    cleaned by deleting
C:\Users\Lenovo\AppData\Local\Temp\busC13D\BUSolution.dll    Win32/Toolbar.Babylon.AE potentially unwanted application    cleaned by deleting
C:\Users\Lenovo\AppData\Local\Temp\dlmEA30.tmp\KMPlayer_3.6.0.87.exe    a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application    cleaned by deleting
C:\Users\Lenovo\AppData\Local\Temp\E9CD2F63-BAB0-7891-8E4D-7BC22F0D5D93\Latest\BUSolution.dll    a variant of Win32/Toolbar.Babylon.P potentially unwanted application    cleaned by deleting
C:\Users\Lenovo\AppData\Local\Temp\E9CD2F63-BAB0-7891-8E4D-7BC22F0D5D93\Latest\Delta.crx    a variant of Win32/Toolbar.Babylon.I potentially unwanted application,a variant of Win32/Toolbar.Babylon.P potentially unwanted application,a variant of Win32/Toolbar.Babylon.Q potentially unwanted application    deleted
C:\Users\Lenovo\AppData\Local\Temp\E9CD2F63-BAB0-7891-8E4D-7BC22F0D5D93\Latest\IEHelper.dll    Win32/Toolbar.Babylon.E potentially unwanted application    cleaned by deleting
C:\Users\Lenovo\AppData\Local\Temp\E9CD2F63-BAB0-7891-8E4D-7BC22F0D5D93\Latest\MntrDLLInstall.dll    a variant of Win32/Toolbar.Babylon.V potentially unwanted application    cleaned by deleting
C:\Users\Lenovo\AppData\Local\Temp\_ir_sf_temp_0\npCouponPrinter.dll    a variant of Win32/Adware.Coupons.AA application    cleaned by deleting
C:\Users\Lenovo\AppData\Local\Temp\_ir_sf_temp_0\npMozCouponPrinter.dll    a variant of Win32/Adware.Coupons.AA application    cleaned by deleting
C:\Users\Lenovo\AppData\Roaming\BitTorrent\BitTorrent.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting
C:\Users\Lenovo\Desktop\BitTorrent.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting
C:\Users\Lenovo\Desktop\KMPlayer_3-6-0-87.exe    a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application    cleaned by deleting
D:\Installer & Stuffs\cbsidlm-cbsi109-KMPlayer-BP-10659939.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting
D:\Installer & Stuffs\Converter and OC\cbsidlm-cbsi118-4Media_MP4_to_MP3_Converter-SEO-10972870.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting
D:\Installer & Stuffs\Converter and OC\m4a-to-mp3-converter.exe    Win32/Somoto.E potentially unwanted application,a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application    cleaned by deleting
D:\Installer & Stuffs\Converter and OC\Setup_FreeConverter.exe    Win32/Toolbar.Widgi potentially unwanted application    cleaned by deleting
D:\Installer & Stuffs\FL studio\flstudio_10.0.8_online.exe    Win32/OpenCandy potentially unsafe application    cleaned by deleting

Thank you so much!

descriptionSolvedRe: Avast detected Win32:WanaCry-A [Trj]

more_horiz
Only 9 gb on C. What is the size of the C drive?

descriptionSolvedRe: Avast detected Win32:WanaCry-A [Trj]

more_horiz
Sorry for the late reply. The total size is 99,9 GB. I keep quite a lot of programs so yeah...

descriptionSolvedRe: Avast detected Win32:WanaCry-A [Trj]

more_horiz
The log shows that you only have 9Gb of free space on your C drive. Windows requires at least 15% (15 Gb) of free space to operate. You will need to free up some space. You can do this by removing/uninstalling no longer used or unwanted programs. You can also transfer important documents, photos, music and videos to an external harddrive or DVD's. Please let me know when you get this completed.

descriptionSolvedRe: Avast detected Win32:WanaCry-A [Trj]

more_horiz
Hello. I managed to clear up some stuffs, so now I have 15,7 GB space available. So what am I supposed to do next? Thank you.
Permissions in this forum:
You cannot reply to topics in this forum