PDA

View Full Version : Help!!! I am still getting pop ups pages after running SpyBot



dealmaker
2016-09-09, 06:47
Hi,
I hope that I am posting this in the right place. I believe that I may have a virus in my computer because I am getting pop ups pages every few minutes. I am using Chrome and have updated my operating system to Windows 10. I am getting pop ups pages from the following sites so far: diep.io, fanficiton.net, gsn.com,kizi.com,silvergames.com, etc. I hope someone can help me resolve this. Please help. The FRST files and Addition files are too large to upload. Therefore, I am going to copy and paste the codes here.

FRST codes:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Admin (administrator) on UNIVERSE (08-09-2016 18:53:14)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Two Pilots) C:\WINDOWS\VPDAgent_x64.exe
(Lenovo.) C:\WINDOWS\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Conexant Systems Inc.) C:\WINDOWS\System32\CxAudMsg64.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(LULU SOFTWARE LIMITED) C:\Program Files\Soda PDF 8\creator-ws.exe
(LULU Software Limited) C:\ProgramData\LULU Software\Soda PDF 8 Manager\Soda PDF 8\Soda Manager.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
() C:\ProgramData\e5c4ef79-068a-447e-b589-daa814c96056\maintainer.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe
() C:\WINDOWS\SysWOW64\spdsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
(VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE
(Lenovo.) C:\WINDOWS\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
() C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
(Inmar, Inc.) C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(WRCS) C:\Program Files (x86)\WRCS\vCarsNet\Main\vCars.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PortableApps.com) C:\Users\Admin\Downloads\SpybotPortable\SpybotPortable.exe
(PortableApps.com) C:\Users\Admin\Downloads\SpybotPortable\SpybotPortable.exe
(Safer-Networking Ltd.) C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-03-22] (Adobe Systems Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-16] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo Group Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [136512 2008-03-14] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124240 2008-09-29] (McAfee, Inc.)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12120616 2016-07-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522704 2012-04-23] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104528 2013-02-26] (VMware, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Http Listener] => C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe [90760 2015-04-30] ()
HKLM-x32\...\Run: [Digital Coupon Print Driver] => C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe [90048 2015-09-22] (Inmar, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25197248 2016-08-30] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2313408 2016-04-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-11] (Google Inc.)
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\Run: [Ad-Aware Search Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\BrowserDock.exe
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\Run: [Akamai NetSession Interface] => "C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\RunOnce: [Uninstall C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_5\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_5\amd64"
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-06-10]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2011-11-11]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{33049c0e-d7c7-47c3-a0aa-7ae8ddcbec90}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b8f29825-ff1d-45f4-ad37-3e74059fec3b}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.cnn.com/
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL =
SearchScopes: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D081616-A0A14E5293D1943C986F&form=CONBDF&conlogo=CT3330954&q={searchTerms}
SearchScopes: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D081616-A0A14E5293D1943C986F&form=CONBDF&conlogo=CT3330954&q={searchTerms}
SearchScopes: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M6FD35AB2-EC60-4C0E-B7B8-26E0A74D56D3&SearchSource=58&CUI=&UM=6&UP=SPDE4422C2-9288-4216-A28C-B450C1FE1C92&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> {5709AA32-C414-4E22-B24E-4B9E96692EF3} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS479
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll [2008-09-29] (McAfee, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2011-12-05] (Symantec Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO-x32: Soda PDF 8 Helper -> {33779F20-17D7-4CC6-8248-78A4A78CEBFC} -> C:\Program Files (x86)\Soda PDF 8\creator-ie-helper.dll [2016-08-12] (LULU SOFTWARE LIMITED)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-26] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll [2008-09-29] (McAfee, Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2011-12-05] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-26] (Oracle Corporation)
BHO-x32: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll [2013-07-15] ()
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll [2013-07-15] ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Soda PDF 8 Toolbar - {A2689669-AD38-4AFD-B370-23E97E2B9D18} - C:\Program Files (x86)\Soda PDF 8\creator-ie-plugin.dll [2016-08-12] (LULU SOFTWARE LIMITED)
Toolbar: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP13EP100-10026/webex/ieatgpc1.cab

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: Soda PDF 8 -> C:\Program Files (x86)\Soda PDF 8\np-previewer.dll [2016-08-12] (LULU SOFTWARE LIMITED)
FF Plugin HKU\S-1-5-21-758200000-2134975689-3807630707-1003: @citrixonline.com/appdetectorplugin -> C:\Users\Admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-758200000-2134975689-3807630707-1003: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Admin\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-758200000-2134975689-3807630707-1003: hopster.com/CouponPrinterPlugin -> C:\Users\Admin\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)
FF Plugin HKU\S-1-5-21-758200000-2134975689-3807630707-1003: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Admin\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-11] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-04-25] (Cisco WebEx LLC)
FF HKLM\...\Firefox\Extensions: [soda_pdf_8_conv@sodapdf.com] - C:\Program Files\Soda PDF 8\resources\sodapdf8firefoxextension
FF Extension: (Soda PDF 8 Creator) - C:\Program Files\Soda PDF 8\resources\sodapdf8firefoxextension [2016-08-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2014-01-14] [not signed]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bing) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2016-09-05]
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
CHR Extension: (Video Downloader professional) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-08-15]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-07]
CHR Extension: (Yahoo Partner) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol [2016-08-21]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-04-25]
CHR Extension: (Grammarly for Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14]
CHR Extension: (Yahoo Partner) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-08-21]
CHR Extension: (Game Tube Now Advertising) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odgnpeandakimjdonmjgepbapjbhadgb [2016-09-04]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-05]
CHR HKU\S-1-5-21-758200000-2134975689-3807630707-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2014-05-20] (Two Pilots) [File not signed]
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-22] (Dropbox, Inc.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MaintainerSvc3.32.7672459; C:\ProgramData\e5c4ef79-068a-447e-b589-daa814c96056\maintainer.exe [128240 2015-10-22] ()
R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [17920 2008-09-29] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2008-03-14] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [175072 2008-09-29] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [62800 2008-09-29] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [75656 2008-09-29] (McAfee, Inc.)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
S2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [26624 2015-07-14] (The Neat Company) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-09-18] ()
R2 Samsung Printer Dianostics Service; C:\Windows\SysWOW64\\spdsvc.exe [499000 2016-06-18] ()
S3 Soda PDF 8; C:\Program Files\Soda PDF 8\ws.exe [2263504 2016-08-12] (LULU SOFTWARE LIMITED)
S3 Soda PDF 8 CrashHandler; C:\Program Files\Soda PDF 8\crash-handler-ws.exe [920016 2016-08-12] (LULU SOFTWARE LIMITED)
R2 Soda PDF 8 Creator; C:\Program Files\Soda PDF 8\creator-ws.exe [733136 2016-08-12] (LULU SOFTWARE LIMITED)
R2 Soda PDF 8 Manager; C:\ProgramData\LULU Software\Soda PDF 8 Manager\Soda PDF 8\Soda Manager.exe [900120 2016-08-11] (LULU Software Limited)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255608 2016-04-21] (Synaptics Incorporated)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2011-12-05] (Symantec Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13242960 2013-02-26] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-06-27] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [96016 2008-09-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [118688 2008-09-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [465792 2008-09-29] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [75800 2008-09-29] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [82504 2008-09-29] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42664 2016-01-07] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 Tvti2c; C:\Windows\system32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [33360 2013-02-26] (VMware, Inc.)
R1 vrvd5; C:\Windows\system32\DRIVERS\vrvd5.sys [13344 2016-08-21] (Rsupport Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssas64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-08 18:53 - 2016-09-08 18:53 - 00040303 _____ C:\Users\Admin\Downloads\FRST.txt
2016-09-08 18:52 - 2016-09-08 18:52 - 02397696 _____ (Farbar) C:\Users\Admin\Downloads\FRST64 (1).exe
2016-09-08 18:50 - 2016-09-08 18:53 - 00000000 ____D C:\FRST
2016-09-08 18:50 - 2016-09-08 18:50 - 02397696 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2016-09-08 07:01 - 2016-09-08 07:01 - 00151040 _____ C:\Users\Admin\Downloads\project-plan1-1.ppt
2016-09-08 01:14 - 2016-09-08 18:46 - 00000000 ____D C:\Users\Admin\Desktop\Popup virus
2016-09-08 00:26 - 2016-09-08 00:26 - 00001007 _____ C:\Users\Admin\Desktop\SpybotPortable - Shortcut.lnk
2016-09-07 23:42 - 2016-09-08 00:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-07 23:42 - 2016-09-07 23:42 - 00000000 ____D C:\Users\Admin\Documents\ProcAlyzer Dumps
2016-09-07 23:28 - 2016-09-07 23:28 - 00000000 ____D C:\ProgramData\Symantec Shared
2016-09-07 23:28 - 2012-05-18 19:56 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capicom.dll
2016-09-07 23:28 - 2007-03-21 20:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71.DLL
2016-09-07 23:28 - 2007-03-21 20:33 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCP71.DLL
2016-09-07 23:28 - 2007-03-21 20:33 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCR71.DLL
2016-09-07 23:26 - 2016-09-07 23:36 - 00000000 ____D C:\ProgramData\Symantec
2016-09-07 23:25 - 2016-09-07 23:26 - 00000000 ____D C:\Users\Admin\Desktop\Symantec_Endpoint_Protection_12.1.6_MP5_Part1_Trialware_EN
2016-09-07 23:23 - 2016-09-07 23:23 - 10467568 _____ (Akamai Technologies, Inc.) C:\Users\Admin\Downloads\installer.exe
2016-09-07 23:12 - 2016-09-07 23:13 - 119710544 _____ (PortableApps.com) C:\Users\Admin\Downloads\SpybotPortable_2.5.paf (2).exe
2016-09-07 23:08 - 2016-09-07 23:08 - 119710544 _____ (PortableApps.com) C:\Users\Admin\Downloads\SpybotPortable_2.5.paf (1).exe
2016-09-07 22:57 - 2016-09-07 22:57 - 00020375 _____ C:\Users\Admin\Downloads\Calendar-triumph09.ics
2016-09-07 10:06 - 2016-09-07 10:06 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-07 10:03 - 2016-09-07 23:42 - 00000000 ____D C:\Users\Admin\Downloads\SpybotPortable
2016-09-07 10:02 - 2016-09-07 10:03 - 119710544 _____ (PortableApps.com) C:\Users\Admin\Downloads\SpybotPortable_2.5.paf.exe
2016-09-07 09:11 - 2016-09-07 09:10 - 00349270 _____ C:\Users\Admin\Downloads\adblock.zip
2016-09-07 09:10 - 2016-09-07 09:10 - 00951808 _____ (SecuredDownload) C:\Users\Admin\Downloads\adblock.exe
2016-09-07 08:44 - 2016-09-07 08:44 - 00087105 _____ C:\Users\Admin\Desktop\ID.pdf
2016-09-07 08:40 - 2016-09-07 08:40 - 00797077 _____ C:\Users\Admin\Desktop\Marriage LICENSE.pdf
2016-09-06 21:33 - 2016-09-06 21:33 - 06832128 _____ C:\Users\Admin\Downloads\protists-and-fungi.ppt
2016-09-02 19:38 - 2016-09-02 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-31 21:46 - 2016-08-31 21:46 - 00336272 _____ C:\Users\Admin\Downloads\Radians and Reference Angles.pdf
2016-08-29 13:52 - 2016-09-05 17:06 - 00000000 ____D C:\Users\Admin\Desktop\Auto Karma Buyers
2016-08-22 21:16 - 2016-08-22 21:16 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-22 21:15 - 2016-08-22 21:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2016-08-21 21:10 - 2016-08-21 21:27 - 00000000 ____D C:\Program Files (x86)\Rsupport
2016-08-21 21:10 - 2016-08-21 21:10 - 00070688 _____ (Rsupport Corporation) C:\WINDOWS\system32\vrvd5.dll
2016-08-21 21:10 - 2016-08-21 21:10 - 00013344 _____ (Rsupport Corporation) C:\WINDOWS\system32\Drivers\vrvd5.sys
2016-08-19 22:38 - 2016-08-19 22:38 - 00000000 ____D C:\Users\Admin\AppData\Local\DeadByDaylight
2016-08-19 22:37 - 2016-08-19 22:37 - 00332024 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-08-19 22:37 - 2016-08-19 22:37 - 00000000 ____D C:\Users\Admin\AppData\Local\UnrealEngine
2016-08-19 16:24 - 2016-08-19 16:24 - 00629892 _____ C:\Users\Admin\Downloads\BIOL1111 syllabus - Fall 2016PACEJuly272016.pdf
2016-08-19 16:17 - 2016-08-19 16:17 - 00194545 _____ C:\Users\Admin\Downloads\Bio1111labonlinesyllabusFa2016.pdf
2016-08-18 20:46 - 2016-08-18 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-08-18 19:28 - 2016-08-18 19:28 - 03536384 _____ C:\Users\Admin\Downloads\scientificmethodpowerpointreviewlesson.ppt
2016-08-18 06:55 - 2016-08-18 06:55 - 00363145 _____ C:\Users\Admin\Desktop\Employee Withholding.pdf
2016-08-17 18:20 - 2016-08-17 18:20 - 00069169 _____ C:\Users\Admin\Downloads\104082 Cover Sheet .pdf
2016-08-17 18:12 - 2016-08-17 18:12 - 00101124 _____ C:\Users\Admin\Downloads\104082 POA 2 pages .pdf
2016-08-16 13:00 - 2016-08-16 13:00 - 01391610 _____ C:\Users\Admin\Downloads\152955.pdf
2016-08-16 13:00 - 2016-08-16 13:00 - 01391610 _____ C:\Users\Admin\Desktop\3183 Nectarine.pdf
2016-08-16 12:47 - 2016-08-16 12:47 - 01335136 _____ C:\Users\Admin\Downloads\SharpBuckhead@meetatroam.com_20160812_152955 (1).pdf
2016-08-16 12:24 - 2016-08-16 12:24 - 01335136 _____ C:\Users\Admin\Downloads\SharpBuckhead@meetatroam.com_20160812_152955.pdf
2016-08-16 11:58 - 2016-08-16 11:58 - 01982056 _____ C:\Users\Admin\Desktop\LLC Operating Agreement.pdf
2016-08-16 11:12 - 2016-08-16 11:12 - 00259738 _____ C:\Users\Admin\Downloads\operating-agreement1.pdf
2016-08-16 10:27 - 2016-08-16 10:27 - 01253927 _____ C:\Users\Admin\Desktop\ATC business license.pdf
2016-08-16 10:17 - 2016-08-16 10:17 - 01031841 _____ C:\Users\Admin\Desktop\Business License.pdf
2016-08-16 09:40 - 2016-08-16 09:40 - 00424156 _____ C:\Users\Admin\Desktop\Aj business license.pdf
2016-08-16 09:23 - 2016-08-21 20:44 - 00002960 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2016-08-16 09:23 - 2016-08-21 20:44 - 00002960 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2016-08-16 09:23 - 2016-08-16 09:23 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2016-08-16 09:23 - 2016-08-16 09:23 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2016-08-16 09:23 - 2016-08-16 09:23 - 00000000 ____D C:\ProgramData\LULU Software
2016-08-16 09:22 - 2016-08-16 10:26 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Soda PDF 8
2016-08-16 09:22 - 2016-08-16 09:55 - 00000000 ____D C:\Users\Admin\Documents\Soda PDF Files
2016-08-16 09:22 - 2016-08-16 09:45 - 00000000 ____D C:\ProgramData\Soda PDF 8
2016-08-16 09:22 - 2016-08-16 09:23 - 00000000 ____D C:\Program Files\Soda PDF 8
2016-08-16 09:22 - 2016-08-16 09:22 - 09576200 _____ (LULU Software Limited) C:\Users\Admin\Downloads\Soda_PDF_8_wc_Installer.exe
2016-08-16 09:22 - 2016-08-16 09:22 - 00000798 _____ C:\Users\Public\Desktop\Soda PDF 8.lnk
2016-08-16 09:22 - 2016-08-16 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF 8
2016-08-16 09:22 - 2016-08-16 09:22 - 00000000 ____D C:\Program Files (x86)\Soda PDF 8
2016-08-16 07:59 - 2016-08-16 09:47 - 00002553 _____ C:\Users\Admin\Desktop\AJ.pdf
2016-08-15 17:10 - 2016-08-15 17:10 - 03853176 _____ C:\Users\Admin\Downloads\Instagram (2).mp4
2016-08-15 17:10 - 2016-08-15 17:10 - 03853176 _____ C:\Users\Admin\Downloads\Instagram (1).mp4
2016-08-15 17:08 - 2016-08-15 17:08 - 03853176 _____ C:\Users\Admin\Downloads\Instagram.mp4
2016-08-12 21:15 - 2016-08-12 21:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-12 13:45 - 2016-08-03 05:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-12 13:44 - 2016-08-03 06:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-12 13:44 - 2016-08-03 05:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-12 13:44 - 2016-08-03 05:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-12 13:44 - 2016-08-03 05:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-12 13:44 - 2016-08-03 05:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-12 13:44 - 2016-08-03 05:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-12 13:44 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-12 13:44 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-12 13:44 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-12 13:43 - 2016-08-03 06:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-12 13:43 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-12 13:42 - 2016-08-03 05:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-12 13:42 - 2016-08-03 05:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-12 13:41 - 2016-08-03 05:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-12 13:41 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-12 13:41 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-12 13:41 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-12 13:41 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-12 13:40 - 2016-08-03 06:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-12 13:40 - 2016-08-03 06:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-12 13:40 - 2016-08-03 06:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-12 13:40 - 2016-08-03 06:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-12 13:40 - 2016-08-03 05:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-12 13:40 - 2016-08-03 05:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-12 13:40 - 2016-08-03 05:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-12 13:40 - 2016-08-03 05:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-12 13:40 - 2016-08-03 05:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-12 13:40 - 2016-08-03 05:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-12 13:40 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-12 13:39 - 2016-08-03 06:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-12 13:39 - 2016-08-03 06:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-12 13:39 - 2016-08-03 06:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-12 13:39 - 2016-08-03 05:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-12 13:39 - 2016-08-03 05:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-12 13:39 - 2016-08-03 05:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-12 13:39 - 2016-08-03 05:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-12 13:39 - 2016-08-03 05:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-12 13:39 - 2016-08-03 05:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-12 13:39 - 2016-08-03 05:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-12 13:39 - 2016-08-03 05:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-12 13:39 - 2016-08-03 05:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-12 13:39 - 2016-08-03 05:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-12 13:39 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-12 13:39 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-12 13:39 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-12 13:38 - 2016-08-03 06:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-12 13:38 - 2016-08-03 05:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-12 13:38 - 2016-08-03 05:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-12 13:38 - 2016-08-03 05:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-12 13:38 - 2016-08-03 05:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-12 13:38 - 2016-08-03 05:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-12 13:38 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-12 13:38 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-12 13:38 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-12 13:38 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-12 13:38 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-12 13:38 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-12 13:38 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-12 13:38 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-12 13:37 - 2016-08-03 06:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-12 13:37 - 2016-08-03 06:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-12 13:37 - 2016-08-03 06:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-12 13:37 - 2016-08-03 06:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-12 13:37 - 2016-08-03 06:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-12 13:37 - 2016-08-03 05:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-12 13:37 - 2016-08-03 05:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-12 13:37 - 2016-08-03 05:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-12 13:37 - 2016-08-03 00:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-12 13:36 - 2016-08-03 07:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-12 13:36 - 2016-08-03 07:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-12 13:36 - 2016-08-03 07:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-12 13:36 - 2016-08-03 06:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-12 13:36 - 2016-08-03 06:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-12 13:36 - 2016-08-03 06:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-12 13:36 - 2016-08-03 06:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-12 13:36 - 2016-08-03 05:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-12 13:36 - 2016-08-03 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-12 13:36 - 2016-08-03 05:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-12 13:36 - 2016-08-03 05:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-12 13:36 - 2016-08-03 05:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-12 13:36 - 2016-08-03 05:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-12 13:36 - 2016-08-03 05:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-12 13:36 - 2016-08-03 05:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-12 13:36 - 2016-08-03 05:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-12 13:36 - 2016-08-03 05:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-12 13:36 - 2016-08-03 05:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-12 13:36 - 2016-08-03 05:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-12 13:36 - 2016-08-03 05:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-12 13:36 - 2016-08-03 05:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-12 13:36 - 2016-08-03 01:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-12 13:36 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-12 13:36 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-12 13:36 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-12 13:36 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-12 13:36 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-12 13:36 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-12 13:36 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-12 13:36 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-12 13:36 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-12 13:36 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-12 13:36 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-12 13:36 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-12 13:36 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-12 13:36 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-12 13:35 - 2016-08-03 06:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-12 13:35 - 2016-08-03 06:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-12 13:35 - 2016-08-03 06:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-12 13:35 - 2016-08-03 06:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-12 13:35 - 2016-08-03 05:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-12 13:35 - 2016-08-03 05:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-12 13:35 - 2016-08-03 05:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-12 13:35 - 2016-08-03 05:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-12 13:35 - 2016-08-03 05:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-12 13:35 - 2016-08-03 05:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-12 13:35 - 2016-08-03 05:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-12 13:35 - 2016-08-03 05:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-12 13:35 - 2016-08-03 05:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-12 13:35 - 2016-08-03 05:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-12 13:35 - 2016-08-03 05:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-12 13:35 - 2016-08-03 05:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-12 13:35 - 2016-08-03 05:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-12 13:35 - 2016-08-03 05:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-12 13:35 - 2016-08-03 05:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-12 13:35 - 2016-08-03 05:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-12 13:35 - 2016-08-03 05:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-12 13:35 - 2016-08-03 05:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-12 13:35 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-12 13:35 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-12 13:35 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-12 13:35 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-12 13:35 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-12 13:35 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-12 13:35 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-12 13:13 - 2016-08-12 13:14 - 03145071 _____ C:\Users\Admin\Desktop\NextGear.pdf
2016-08-12 12:20 - 2016-08-12 12:20 - 01013839 _____ C:\Users\Admin\Downloads\NG_CreditApp_HR1 (1).pdf
2016-08-12 11:27 - 2016-08-12 11:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-08 18:53 - 2012-04-10 10:03 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2016-09-08 18:49 - 2012-04-10 10:03 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2016-09-08 18:35 - 2011-11-11 11:10 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-08 18:33 - 2013-08-16 12:46 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-08 18:20 - 2015-04-22 12:01 - 00000556 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-758200000-2134975689-3807630707-1003.job
2016-09-08 18:14 - 2016-04-22 13:09 - 00000906 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-09-08 17:22 - 2016-07-28 18:15 - 01019136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-08 17:22 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-08 17:22 - 2015-06-29 22:10 - 00000652 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-758200000-2134975689-3807630707-1003.job
2016-09-08 06:57 - 2016-04-22 13:12 - 00000000 ___RD C:\Users\Admin\Dropbox
2016-09-08 06:56 - 2016-04-22 13:09 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-09-08 06:56 - 2011-11-11 11:10 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-08 01:23 - 2013-02-13 16:05 - 00000000 ____D C:\ProgramData\VMware
2016-09-08 01:22 - 2016-04-27 02:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-08 01:22 - 2016-04-27 02:29 - 00366136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-08 01:22 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-09-08 00:30 - 2015-04-14 12:30 - 00000000 ____D C:\Users\Public\Documents\Neat ADF Scanner
2016-09-07 23:58 - 2015-04-14 19:22 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-09-07 23:38 - 2011-11-11 11:17 - 00000000 ____D C:\Program Files (x86)\Symantec
2016-09-07 10:09 - 2016-07-28 18:18 - 00000000 ____D C:\Users\Admin
2016-09-07 09:32 - 2014-10-11 19:29 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-09-05 21:15 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-03 21:25 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-03 11:28 - 2015-04-22 17:07 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Heroes and Generals
2016-09-03 11:07 - 2016-07-28 18:42 - 00003810 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-758200000-2134975689-3807630707-1003
2016-09-03 11:07 - 2016-07-28 18:42 - 00003714 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-758200000-2134975689-3807630707-1003
2016-09-02 20:06 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-09-02 20:06 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-02 19:38 - 2016-04-22 13:09 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-31 21:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-29 14:03 - 2016-04-25 09:04 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Temp
2016-08-28 08:29 - 2016-06-20 18:07 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Samsung
2016-08-28 08:29 - 2016-06-19 14:32 - 00000000 ____D C:\ProgramData\Samsung
2016-08-22 21:16 - 2016-08-02 19:50 - 00002413 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-22 21:16 - 2016-08-02 19:50 - 00000000 ___RD C:\Users\Admin\OneDrive
2016-08-21 21:27 - 2016-06-20 18:00 - 00000000 ____D C:\Users\Public\Documents\RSupport
2016-08-18 20:46 - 2015-11-17 20:04 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-08-18 20:46 - 2014-09-29 12:01 - 00002020 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-08-13 11:33 - 2016-04-27 02:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-13 03:57 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-13 03:37 - 2016-04-27 02:21 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-13 03:37 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-12 22:13 - 2013-08-21 20:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-12 21:37 - 2013-01-30 16:35 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-12 21:15 - 2013-02-14 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
2016-08-12 21:15 - 2013-02-14 12:00 - 00000000 ____D C:\Program Files\Microsoft Lync
2016-08-12 21:15 - 2013-02-14 12:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync

==================== Files in the root of some directories =======

2015-09-04 17:02 - 2015-09-04 17:02 - 0000098 _____ () C:\Users\Admin\AppData\Roaming\LauncherSettings_live.cfg
2015-09-04 17:03 - 2015-09-04 17:03 - 0000039 _____ () C:\Users\Admin\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-09-02 08:19 - 2014-09-02 08:19 - 0893239 _____ () C:\Users\Admin\AppData\Local\a.zip
2014-09-02 08:19 - 2014-09-02 08:19 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Admin\AppData\Local\BcsKtYcHW.dll
2015-02-10 20:37 - 2015-02-10 20:44 - 0000356 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\rscagent.exe
C:\Users\Admin\AppData\Local\Temp\WebCompanionInstaller.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-01 21:24

==================== End of FRST.txt ============================

Juliet
2016-09-09, 13:23
The Addition.txt didn't post. We can continue for now and run a new one in a bit.

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
In order to use AdwCleaner, you have to agree the Eula:
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

~~
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~

Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.

OR from this location Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php)


Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.




~~
please post
AdwCleaner[C1].txt
JRT.txt
Malwarebytes' Anti-Malware

dealmaker
2016-09-13, 18:38
Here is the addition log that was not attach previously. I was not able to send it as an attachment because it says that the file is too big. Attached are also files and logs from your recommendations. The only one that I was not able to do was the export file in the last step of the recommendation. Please see if you can still help me to resolve this issues. Thank you so much in advance for all of your help.

Kim

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Admin (08-09-2016 18:54:17)
Running from C:\Users\Admin\Downloads
Windows 10 Pro Version 1511 (X64) (2016-07-29 13:11:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-758200000-2134975689-3807630707-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-758200000-2134975689-3807630707-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-758200000-2134975689-3807630707-503 - Limited - Disabled)
Guest (S-1-5-21-758200000-2134975689-3807630707-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-758200000-2134975689-3807630707-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.6.0.248 - Adobe Systems Incorporated)
Adobe Reader 9.4.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.07059 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.07059 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.0 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.7) (Version: 5.0.1.7 - Coupons.com Incorporated)
CouponBar (HKLM-x32\...\CouponBar5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated) <==== ATTENTION
CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DisplayLink Core Software (HKLM\...\{08E79B2B-6479-4483-A0CB-86692D31F209}) (Version: 7.0.41409.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{7CF15243-E71F-47A1-B1A0-87AC0FC9BEDE}) (Version: 7.0.41419.0 - DisplayLink Corp.)
DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.39.1 - Dropbox, Inc.) Hidden
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.22.1.5530 (HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\GoToMeeting) (Version: 7.22.1.5530 - CitrixOnline)
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
HP LaserJet 400 M401 (HKLM-x32\...\{8989F6D9-550C-4178-A8CB-75B82A06621F}) (Version: 5.0.13198.1083 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM401DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.1 - HP) Hidden
HPLaserJet400-M401_HelpLearnCenter_SI (HKLM-x32\...\{4989DD05-86FB-4CA2-96C5-923DFAD89DA3}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM401 (x32 Version: 3.00.0003 - HP) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM401LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM401 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
IIS 7.5 Express (HKLM-x32\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
IsoBuster 3.1 (HKLM-x32\...\IsoBuster_is1) (Version: 3.1 - Smart Projects)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Manager (x32 Version: 8.1.4.29179 - LULU Software Limited) Hidden
McAfee Agent (HKLM-x32\...\{A638557B-1F13-40A0-9627-C892FBCA6960}) (Version: 4.0.0.1180 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}) (Version: 8.7.0 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Microsoft ASP.NET Web Pages 2 (HKLM-x32\...\{cb29be6c-39c4-493e-9da7-d585d5353714}) (Version: 2.0.20715.0 - Microsoft Corporation)
Microsoft Easy Assist v2 (HKLM-x32\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{11849FBC-C416-4742-8279-17C3A2C85F72}) (Version: 4.0.7577.4510 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1 (HKLM-x32\...\{82284382-30E3-4DED-980B-746278DA6CC2}) (Version: 4.0.8854.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1 (HKLM\...\{FAF57A91-58B3-490C-9D0C-66337DAD3F11}) (Version: 4.0.8854.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 Web Tools ENU (HKLM-x32\...\{A51500FE-6408-4305-B071-B961F691A4CE}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Platform Installer 4.5 (HKLM\...\{458707CD-9D7A-477F-B925-02242A29673B}) (Version: 4.0.1863 - Microsoft Corporation)
Microsoft WebMatrix 2 (HKLM-x32\...\{FCBF1750-6A2D-4A4E-AAE2-DDAEA0744DAE}) (Version: 2.0.1692 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Connector Net 6.5.4 (HKLM-x32\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)
Neat (HKLM-x32\...\Neat) (Version: 5.7.1.474 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.5 - The Neat Company)
Neat Core Files (x32 Version: 5.7.1.474 - The Neat Company) Hidden
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
NeatConnect Scanner Driver (HKLM\...\{6895EF47-6BD8-468E-BA09-B33636C65B7C}) (Version: 2.0.2.26 - The Neat Company)
NVIDIA nView 135.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.64 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.50.00 - )
Oracle VM VirtualBox 4.2.6 (HKLM\...\{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}) (Version: 4.2.6 - Oracle Corporation)
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
PrintMyCouponAnywhere (HKLM-x32\...\{9E5A9316-541D-4F22-BE19-AFE969C00B06}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Remote Desktop Connection Manager (HKLM-x32\...\{173A2B7F-535A-4403-A454-B41531EF0D7F}) (Version: 2.2.0423 - Microsoft Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RevTraxPrintMyCoupon (HKLM-x32\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.06.00.04(1/29/2016) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.18.0 - Samsung Electronics Co., Ltd.)
Samsung M283x Series (HKLM-x32\...\Samsung M283x Series) (Version: 1.16 (2/12/2016) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Soda PDF 8 (HKLM-x32\...\Soda8) (Version: 8.0.51.26536 - LULU Software Limited)
Soda PDF 8 Asian Fonts Pack (Version: 8.1.8.29211 - LULU Software Limited) Hidden
Soda PDF 8 Create Module (Version: 8.1.8.29211 - LULU Software Limited) Hidden
Soda PDF 8 Edit Module (Version: 8.1.8.29211 - LULU Software Limited) Hidden
Soda PDF 8 Forms Module (Version: 8.1.8.29211 - LULU Software Limited) Hidden
Soda PDF 8 Insert Module (Version: 8.1.8.29211 - LULU Software Limited) Hidden
Soda PDF 8 Review Module (Version: 8.1.8.29211 - LULU Software Limited) Hidden
Soda PDF 8 Secure Module (Version: 8.1.8.29211 - LULU Software Limited) Hidden
Soda PDF 8 View Module (Version: 8.1.8.29211 - LULU Software Limited) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.85 - Synaptics Incorporated)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20202 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
USB-Ethernet Adapter Device (HKLM\...\USB-Ethernet Adapter Device) (Version: - )
vCarsNet (HKLM-x32\...\{B8E8AB90-7729-11E0-6784-0F44122918BE}) (Version: 1.00.000 - Wayne Reaves Computer System)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.3.64 - VeriSign)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 9.0.2 - VMware, Inc)
VMware Workstation (Version: 9.0.2 - VMware, Inc.) Hidden
Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-758200000-2134975689-3807630707-1003_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-758200000-2134975689-3807630707-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\5102\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-758200000-2134975689-3807630707-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00077E09-894C-4B98-A627-D3F08EBF64CF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {01A3FF97-C460-4B94-AA69-8CED217C0BFA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {032D3562-5B52-4BCD-85E5-F19716558E5F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {05D0356A-2746-4ACF-97DB-605711F9861E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0CEB39A4-E2EE-404A-89D1-64ADBEEA8C5C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {0D12E138-D7F3-4DE3-851F-896D8297FD0E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0D4013CA-F602-49EE-8F61-3DB69316A646} - System32\Tasks\G2MUploadTask-S-1-5-21-758200000-2134975689-3807630707-1003 => C:\Program Files (x86)\Citrix\GoToMeeting\5530\g2mupload.exe [2016-09-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {0F3D2144-5143-4334-B51F-E209ADA72B68} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {0F710060-00D2-4BA2-AF7C-6A5802D89731} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1538F3EA-5A10-4804-A8B5-4935DB7BA499} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-22] (Dropbox, Inc.)
Task: {1ACCD2BC-ECAA-421E-92C4-7CC916C91DA6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-22] (Lenovo)
Task: {1B435872-DB8A-426A-9475-624CCE485D18} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {1CAAA471-219E-470D-A32B-BBDE5CCDA028} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {1E7F1F74-D5DD-44B6-B800-24AC8795F467} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {1E896E5C-18AD-4481-A02B-10AC19EBF08C} - System32\Tasks\G2MUpdateTask-S-1-5-21-758200000-2134975689-3807630707-1003 => C:\Program Files (x86)\Citrix\GoToMeeting\5530\g2mupdate.exe [2016-09-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {27D588D4-A691-47A7-A414-3D7164176EED} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {33F166BA-37C9-418D-8AA8-58D5F6F45B3D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {37647D1E-48E9-42A3-919C-C5303D73D655} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe
Task: {408D8D13-CFB1-4F67-9459-4BF34CA868EC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4ADBF9D5-101F-4E08-9670-3D4CA54CC055} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {4CB00FE0-BAAF-46A8-A3C2-F73C69316F1C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {51376539-ABC9-4D03-BA8C-B8967D76978B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {5364D6A4-6437-446D-807B-91CAFB0D1F26} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)
Task: {55241966-A525-483A-80B3-912957AB1D5B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {5BA07DE9-AFE8-4F78-BA8C-DD084C955095} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {5CB64ADC-CA99-4963-924B-A0700ADC4919} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {5DA599DE-1C9B-47FF-BBF2-8FA4DFE28F19} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {5EFA385E-8A85-4B23-9F7F-D67C082A8530} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {6620AE60-7FD9-4C82-852A-4C59BE211304} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6A5F17F4-D73F-474B-9222-4C3C2D3E2938} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {6D8247F1-2793-44EA-8594-F74737F2A75E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {6F474FD9-80A1-4693-8E21-971B91441F93} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {758B0F09-E5D2-4CD6-975A-93DABA92018A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {763E4ACC-AB81-44DA-8CF7-7120F2E84741} - System32\Tasks\{88D04C5A-08F1-46BF-BE6D-826FD3C5A573} => pcalua.exe -a C:\Users\Admin\Downloads\VirtualBox-4.2.6-82870-Win.exe -d C:\Users\Admin\Downloads
Task: {7FFFE23D-335B-4084-97CE-55FF7D8C2834} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {81B9AE31-23E3-4E62-BCFF-F4E245BF02F6} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {82BBD302-AE17-4BD9-99D8-B8C53B1697B2} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {856BE864-1CCC-49B9-9DE6-04FB26F1F2EA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {87915378-07E9-48BD-8E52-0983EC07D993} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {8823462B-14F6-4AED-B87A-DF0FD4C5F7AD} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {8A6F6665-22CB-4A09-87C6-E04B977D0151} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8B1B7A6E-229B-4344-8746-CC1D755158E3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {8C112146-A9E3-4233-AF42-AAA83BFEDD07} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {93777627-6E00-4392-808E-62DB858DE629} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {A0F4723E-16B2-4F55-9D13-AFA91B86D228} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe
Task: {A1B491D2-3F94-4DA5-950F-B488DE727980} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {A486E167-9479-4663-B5A0-4629162D27B2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A57CDDA4-929F-4106-A334-0367875C4063} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {A6A1DA33-B334-42B8-8A65-5BE22E4F52CA} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited)
Task: {A9959A3D-9107-4696-B525-2F3DBFC0B2C3} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {ACED52AB-140E-4311-8871-5D26079A766F} - System32\Tasks\{D25ABC7A-9004-4677-9F22-37E167700B15} => pcalua.exe -a E:\USBDocking.exe -d E:\
Task: {B5248C95-8BC1-4A3B-B146-01B7E17BC201} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {BB1F7CE4-D2C8-4408-9B72-9D5B2E041C98} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {BBDBB8D4-4614-461F-8B1F-A90F3F4BDFC0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {BCEA2A88-6122-4C82-AC8F-A4E6143E96EE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BD13DE06-B699-47D0-9469-B0D784E0E16C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BE450A59-BC54-4A8C-8819-8AE478CE56CD} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-22] (Microsoft Corporation)
Task: {BE5148A6-AC12-4D7B-900D-9B3A8C3AA0E3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C02FD36C-2D39-4CEE-B32B-09155945BF64} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {C421AFD3-E9F2-44A7-BEC8-03ACB2E8E28C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {CBF5BBC6-8397-42A6-8C88-968311A3945A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {CE47A082-0881-4AA7-A508-83DDCD3488D0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {CF3F434F-4CF4-45D3-BAA5-51F4E32EA7FB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D3952292-994E-4714-8078-DC727C525D6C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-22] (Dropbox, Inc.)
Task: {D70034E5-A372-41C3-92F3-C9C09B932853} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {D8D937D2-8E84-4F41-AA15-368D19A4AD0A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D98C6D61-054B-41BE-BF91-67CCD7846385} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {E666A94E-EDA9-4B43-A290-92E65A9F14FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {E7FC5682-30AD-4D7C-BF7B-C22AECA3893B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E8F84A36-50A8-47CC-A306-B69913BC6DE5} - System32\Tasks\Teamviewer-QS-updater-8aeq33h => C:\Users\Admin\AppData\Local\TeamViewer\CustomConfigs\8aeq33h\TeamViewer.exe [2015-12-14] (TeamViewer GmbH)
Task: {EF19F11F-F341-48CA-B4EF-EE727F3EC5D8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {F030A6A8-E074-454D-B7A5-A6AB8E738883} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-758200000-2134975689-3807630707-1003.job => C:\Program Files (x86)\Citrix\GoToMeeting\5530\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-758200000-2134975689-3807630707-1003.job => C:\Program Files (x86)\Citrix\GoToMeeting\5530\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\WINDOWS\Tasks\Teamviewer-QS-updater-8aeq33h.job => C:\Users\Admin\AppData\Local\TeamViewer\CustomConfigs\8aeq33h\TeamViewer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-28 18:12 - 2015-07-22 21:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-14 12:31 - 2014-05-20 15:01 - 00054784 _____ () C:\WINDOWS\System32\sdtnpm.dll
2015-07-17 07:31 - 2015-07-17 07:31 - 00022528 _____ () C:\WINDOWS\System32\ssk5mlm.dll
2015-07-17 07:31 - 2015-07-17 07:31 - 01604096 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\ssk5mdu.dll
2015-05-19 16:33 - 2015-09-18 22:39 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-11-17 11:35 - 2015-10-22 21:01 - 00128240 _____ () C:\ProgramData\e5c4ef79-068a-447e-b589-daa814c96056\maintainer.exe
2016-06-20 18:08 - 2016-06-18 07:43 - 00499000 _____ () C:\WINDOWS\SysWOW64\spdsvc.exe
2008-09-29 08:07 - 2008-09-29 08:07 - 00140288 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\VsEvntUI.dll
2015-04-14 12:31 - 2014-05-20 15:01 - 00018944 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\sdtnui.dll
2013-02-26 01:54 - 2013-02-26 01:54 - 13242960 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2016-07-28 22:01 - 2016-07-28 22:01 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2011-11-11 11:01 - 2011-08-31 14:03 - 00045568 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2016-07-28 22:01 - 2016-07-28 22:01 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-01 23:18 - 2016-04-01 23:18 - 00426160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-22 21:15 - 2016-08-22 21:15 - 01864384 _____ () C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-08-02 21:01 - 2016-08-02 21:02 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-27 02:10 - 2016-04-27 02:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-28 22:02 - 2016-07-28 22:02 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-28 22:02 - 2016-07-28 22:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-28 22:02 - 2016-07-28 22:02 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-28 22:02 - 2016-07-28 22:02 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-28 22:02 - 2016-07-28 22:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2011-11-11 10:54 - 2010-10-26 00:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 13:38 - 2014-09-08 13:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2015-04-30 14:43 - 2015-04-30 14:43 - 00090760 _____ () C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
2016-04-01 23:17 - 2016-04-01 23:17 - 31679664 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2009-05-28 02:09 - 2009-05-28 02:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2005-08-22 15:38 - 2005-08-22 15:38 - 03264512 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2008-03-14 04:00 - 2008-03-14 04:00 - 00057344 _____ () C:\Program Files (x86)\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
2013-02-26 02:28 - 2013-02-26 02:28 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2016-08-02 21:01 - 2016-08-02 21:02 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-08-02 21:01 - 2016-08-02 21:02 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2011-11-11 11:01 - 2011-08-31 14:03 - 00081920 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMROV.DLL
2011-11-11 11:02 - 2010-04-06 13:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-11-11 11:02 - 2010-04-06 13:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2016-08-22 21:15 - 2016-08-22 21:15 - 01383616 _____ () C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-22 21:15 - 2016-08-22 21:15 - 00118976 _____ () C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-08-06 12:58 - 2016-08-05 23:21 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-09-02 19:38 - 2016-08-05 23:21 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-09-02 19:38 - 2016-08-05 23:22 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-09-02 19:38 - 2016-08-05 23:21 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-08-06 12:58 - 2016-08-05 23:21 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-08-06 12:58 - 2016-08-05 23:21 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-08-06 12:58 - 2016-08-05 23:21 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-08-06 12:58 - 2016-08-05 23:22 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-09-02 19:38 - 2016-08-05 23:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-09-02 19:38 - 2016-08-05 23:24 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-06 12:58 - 2016-08-05 23:25 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-08-06 12:58 - 2016-08-05 23:21 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-08-06 12:58 - 2016-08-05 23:22 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-08-06 12:58 - 2016-08-05 23:25 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-09-02 19:38 - 2016-08-05 23:18 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-09-02 19:38 - 2016-08-30 17:38 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-09-02 19:38 - 2016-08-30 17:13 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-09-02 19:38 - 2016-08-30 17:38 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-09-02 19:38 - 2016-08-30 17:38 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-08-06 12:58 - 2016-08-05 23:22 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-04-07 11:44 - 2016-04-07 11:44 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-03-29 17:19 - 2016-03-29 17:19 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-03-29 17:19 - 2016-03-29 17:19 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-03-29 17:19 - 2016-03-29 17:19 - 00121856 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-03-29 17:19 - 2016-03-29 17:19 - 00126464 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-04-07 11:35 - 2016-04-07 11:35 - 00090304 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-03-29 17:19 - 2016-03-29 17:19 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-08-08 15:38 - 2016-08-02 20:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 15:38 - 2016-08-02 20:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-09-08 18:21 - 2016-09-08 18:21 - 00011264 _____ () C:\Users\Admin\AppData\Local\Temp\nsqEA6C.tmp\System.dll
2016-09-08 18:21 - 2016-09-08 18:21 - 00013312 _____ () C:\Users\Admin\AppData\Local\Temp\nsqEA6C.tmp\UAC.dll
2016-09-08 18:21 - 2016-09-08 18:21 - 00011264 _____ () C:\Users\Admin\AppData\Local\Temp\nsfF5A7.tmp\System.dll
2016-09-08 18:21 - 2016-09-08 18:21 - 00013312 _____ () C:\Users\Admin\AppData\Local\Temp\nsfF5A7.tmp\UAC.dll
2016-09-08 18:21 - 2016-09-08 18:21 - 00029696 _____ () C:\Users\Admin\AppData\Local\Temp\nsfF5A7.tmp\registry.dll
2014-05-13 13:04 - 2014-05-13 13:04 - 00109400 _____ () C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\snlThirdParty150.bpl
2014-05-13 13:04 - 2014-05-13 13:04 - 00167768 _____ () C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\snlFileFormats150.bpl
2014-05-13 13:04 - 2014-05-13 13:04 - 00416600 _____ () C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\DEC150.bpl
2016-08-08 15:38 - 2016-08-02 19:54 - 17602240 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Admin:Heroes & Generals [38]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-08-18 20:46 - 00000950 ____A C:\WINDOWS\system32\Drivers\etc\hosts

192.168.100.10 barnes53-dev barnes53-dev.stibo.corp
0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-758200000-2134975689-3807630707-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Thailand\DesktopBackground\thailand1.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C37041D2-63DF-4B46-A548-9DCD7BF07B32}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{05DA691F-FB6C-44D6-B407-9CE8114C5739}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{49909F58-5E28-4683-ABB7-FDD17B2BE9DA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{659B669E-A162-4BB9-9447-948A38C03ADB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{A088AD6F-B938-499A-821B-BC7211BF2101}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{C34D7FDA-E9C5-4B0F-94DF-AFDA9460E120}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{9718F1CD-7DC1-4FD3-9265-EB00EC01D938}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{4E83D652-80B2-45CE-BCD4-2426FF32D22A}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{7ACF01CB-1449-40B1-9468-358EC37CC1C3}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{87FC4C57-3713-4AF2-BDAF-75CB772C37CD}] => (Allow) LPort=15600
FirewallRules: [{11F152FA-E864-4719-BC84-50BD06D2D24A}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D0CF6008-23DA-4892-B677-C75034EDB44A}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8E315BB7-9C93-4274-A8D1-6E52CF8D45C0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{460881AB-82C2-4D13-BAAA-43D57FC5E54D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{6C2DC881-DADF-4BAD-A637-54EDE1074549}C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe
FirewallRules: [TCP Query User{6BA9EB06-57D4-4BFF-862D-589CF2FDEC3C}C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe
FirewallRules: [{C4DC38EE-9021-40EE-B8D0-9155423CCFB5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3634A9C3-08ED-4FAA-9542-E3C153A144B9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8D6EB568-407E-48F3-B4DD-5E0950519240}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{EB539982-52A6-4B41-BD0C-5363F14A3517}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9161BE96-A0E6-4D43-BABC-54C75704B6DF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [{1A30B252-6A2C-466F-A1C3-1ADCE1536955}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [UDP Query User{CD25C93F-B8AE-44AE-B56A-DDA9E433E4E9}C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe] => (Block) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [TCP Query User{8363C6F6-1070-4ED2-B81D-741A24C81347}C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe] => (Block) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [{ED42A00A-8151-401A-903E-7A5AEABDDA0A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warface\live\nw.exe
FirewallRules: [{C397D4DA-DD95-4B82-8ECC-AE8E073438E9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warface\live\nw.exe
FirewallRules: [{3193B546-1FB6-4756-BC67-C93BF403153B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{6476078D-9818-4ECA-A4BC-0389926A8F3C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{3769C594-BA7B-4956-9A77-7F674916CD15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{24C0F560-A4F4-41A1-8CBB-592603D001DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [UDP Query User{0CD04D01-E891-4DF8-9BAE-DD2D2B9DFD83}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [TCP Query User{AAD464BB-0E7C-4165-8376-EA1661A972ED}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{89DBCF2B-1E81-4557-A4CB-3D78DE261542}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{4C113CF8-0AE7-44DC-9A29-291331AEC2BF}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{67D4EE8F-F0C1-43E0-AE6E-3FDE0B54FCE3}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{5C343CA9-B3EB-478A-8B59-0E6FA0A0F598}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{B7EE1936-3D61-4C6D-BD91-19156FF153D1}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{B12E95BF-CC42-4B44-8509-878498960DF7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{6A72F8E1-3120-4482-9D29-C58AC4A820FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EF49B5AF-FBC0-4786-9677-14D3C0451FE5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [UDP Query User{2B3AFB43-CA23-45D6-B499-AE80C093765A}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{6E460A85-7762-4407-BFFB-F67D322021AE}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{C2799129-8477-4DC6-AD10-50644508E764}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{32810646-8849-4007-9221-994DB533AF30}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{575BE75E-0D76-4F79-8A2D-126E24F9C69E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{82BCF471-2A9B-4CE8-B94E-81AA11B030CD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8D185FEB-E2B3-4324-946B-F3782210DF6C}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 400 M401\bin\EWSProxy.exe
FirewallRules: [{3A0B1C01-843E-4D94-BCA3-528BBE6B9395}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 400 M401\Bin\HPNetworkCommunicator.exe
FirewallRules: [{74F2EB42-6619-4F66-99CE-9751A5CD57E4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{8CB136FE-BD63-4649-988A-674F86AFE55B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{2983434F-50EB-4198-84C2-5621909E63DD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{928749D2-101E-4545-9277-CE28382D4FD4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{B28C3420-6DF7-4639-999B-D65BA3A4E0BC}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{42B5E5D6-1DC8-4FFE-9FC9-9D765E6509C3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{A836A59B-391E-4BEB-925F-98D378B5A05E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{FA193243-8AE9-454D-8708-0A8F157BBDAC}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{39F5B2C6-0294-4DB0-AFAB-03A3AD6F28EA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{2F1FA5E9-DD70-4470-8AD9-8D14DD254D92}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{0684A871-9360-4CE5-A265-3E5BADE8F71D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{B64EC5D4-11F8-469C-9BE5-F4BDFB3B76F5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{795C2325-7AEE-42F6-B883-8B38B9971767}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{FFE82DF3-B90E-4859-B00D-B6C8856B892D}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{589FC7B9-F2DF-4434-8245-7A3FEE2EC257}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi64.exe
FirewallRules: [{3AA152B5-F5B4-4553-82C9-58A080D83FF7}] => (Allow) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
FirewallRules: [{D6A3F08C-E599-4342-8F6E-1B5521314B75}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{C78617C3-4E29-472C-AF7B-2543597CD3D0}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{6E0E1874-9AF2-4BB9-ADF0-7ECF2B1A4BE6}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{58EC11DF-D227-46B7-A4B7-7D471A2FDE30}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{826F587B-D1B7-4130-ADE4-2BF5FED89831}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{886A32B9-AEAA-4427-94C4-BE2AFCCDE9F1}] => (Allow) LPort=1900
FirewallRules: [{D0C888EC-DA28-4050-B1A7-014F340DDB60}] => (Allow) LPort=2869
FirewallRules: [{69C70696-D0F6-4E7D-8380-3121BDD47854}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ADDB579D-F9F7-41D4-A2C0-7D5696586510}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{3E78C168-42C0-4675-94F9-0B8CDC621997}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{28654235-BB82-4AEF-94EF-B683DD8DAF48}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{AB326821-C77A-4F02-888B-4C73EDFBDD84}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{BF4DC84C-01D9-4294-A00F-B6491F3B7E96}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{7EB0547D-654A-4B5D-8835-D3DEADAB7090}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{254F09A7-AE6E-44B6-93AC-04BE2A13180E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\Win32\AAGame.exe
FirewallRules: [{6DFFD199-E773-4DD0-B3E6-0B4BE01B243B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\Win32\AAGame.exe
FirewallRules: [{8FB0FB5D-7FF8-41C6-A6EB-A6AC790E87CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\Win32\AALauncher32.exe
FirewallRules: [{2D21623B-BCBA-447B-BEEE-B3794D6293CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\Win32\AALauncher32.exe
FirewallRules: [{289AC246-6D63-45CE-BA4D-5EEF222D255E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\theHunter\launcher\launcher.exe
FirewallRules: [{8E780724-E392-41A6-9694-463C4550841F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\theHunter\launcher\launcher.exe
FirewallRules: [TCP Query User{9C8AE4BB-0C98-4E99-BD5D-6D03A7E4A152}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{66AB957E-878C-46A1-9154-D8BCE93DDFA0}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [{C23EB0AF-DDF3-4A3C-88B3-F3B7F108F9F4}] => (Block) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [{B3D1A06E-7E0E-4A0F-9341-937787691E51}] => (Block) C:\users\admin\appdata\local\akamai\netsession_win.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2016 11:37:52 PM) (Source: Automatic LiveUpdate Scheduler) (EventID: 101) (User: UNIVERSE)
Description: Event-ID 101

Error: (09/07/2016 10:05:54 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDFileScanHelper.exe".Error in manifest or policy file "C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDFileScanHelper.exe" on line 2.
The manifest file root element must be assembly.

Error: (09/07/2016 07:01:37 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (09/07/2016 07:01:36 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/29/2016 01:50:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vCars.exe version 2016.8.24.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 340c

Start Time: 01d1fe6f089f69b1

Termination Time: 248

Application Path: C:\Program Files (x86)\WRCS\vCarsNet\Main\vCars.exe

Report Id: f49e1f3f-6e10-11e6-a926-60d819ba86d6

Faulting package full name:

Faulting package-relative application ID:

Error: (08/25/2016 10:00:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 10.0.10586.122, time stamp: 0x56cc1211
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc000041d
Fault offset: 0x00000000000369ac
Faulting process id: 0x9ac
Faulting application start time: 0x01d1fe6759cd1e41
Faulting application path: C:\WINDOWS\System32\spoolsv.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: a906728a-8d0c-4b93-b59a-ef77d1f4d048
Faulting package full name:
Faulting package-relative application ID:

Error: (08/24/2016 08:28:08 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (08/24/2016 08:27:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/23/2016 09:20:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: UNIVERSE)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/22/2016 09:19:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: UNIVERSE)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (09/08/2016 06:56:34 AM) (Source: DCOM) (EventID: 10016) (User: UNIVERSE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user UNIVERSE\Admin SID (S-1-5-21-758200000-2134975689-3807630707-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2016 06:56:34 AM) (Source: DCOM) (EventID: 10016) (User: UNIVERSE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user UNIVERSE\Admin SID (S-1-5-21-758200000-2134975689-3807630707-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2016 01:23:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Neat Startup Service service to connect.

Error: (09/08/2016 01:23:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/08/2016 01:21:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_321c45 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/08/2016 01:21:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_321c45 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/08/2016 01:21:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_321c45 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/08/2016 01:21:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_321c45 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/07/2016 10:09:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_6c595 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/07/2016 10:05:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{3185A766-B338-11E4-A71E-12E3F512A338}
and APPID
{7006698D-2974-4091-A424-85DD0B909E23}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2016-09-07 10:04:46.469
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-07 10:04:46.456
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-07 10:04:46.443
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-07 10:04:46.369
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-07 10:04:46.119
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-02 23:54:18.594
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-01 21:23:45.079
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-01 20:47:24.884
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-13 03:41:38.760
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-06 13:08:21.575
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2720QM CPU @ 2.20GHz
Percentage of memory in use: 28%
Total physical RAM: 16267.23 MB
Available physical RAM: 11639.97 MB
Total Virtual: 32651.23 MB
Available Virtual: 27787.96 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:447.9 GB) (Free:326.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Virtual Files) (Fixed) (Total:238.47 GB) (Free:98.36 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 97162091)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=786 MB) - (Type=27)
Partition 4: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 9E95215A)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

dealmaker
2016-09-13, 18:50
I followed the instructions of downloading and running the following applications: Adwcleaner, Junkware removal tool, Malwarebytes Anti-Malware. However, in the last section of Malwarebytes Anit-Malware, all went as instructed except for the part to click the "Scan Log" to export and to copy to clickboard to paste. I saw the Scan Log but there was no option to export. The only option after I check the Scan Log was to delete it. I am still having the pop-up pages. I have attached the pop up pages.

Juliet
2016-09-13, 19:19
This should help

These items should be uninstalled or deleted from your add/remove programs list
Catalina Savings Printer
CouponBar
CouponPrinterPlugin
PrintMyCouponAnywhere
RevTraxPrintMyCoupon

~~~

Running from C:\Users\Admin\Downloads

It's best we move Farbar's to desktop.

Please go to your C:\Users\Admin\Downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.

~~
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL =
SearchScopes: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D081616-A0A14E5293D1943C986F&form=CONBDF&conlogo=CT3330954&q={searchTerms}
SearchScopes: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D081616-A0A14E5293D1943C986F&form=CONBDF&conlogo=CT3330954&q={searchTerms}
SearchScopes: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M6FD35AB2-EC60-4C0E-B7B8-26E0A74D56D3&SearchSource=58&CUI=&UM=6&UP=SPDE4422C2-9288-4216-A28C-B450C1FE1C92&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> {5709AA32-C414-4E22-B24E-4B9E96692EF3} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
Task: {00077E09-894C-4B98-A627-D3F08EBF64CF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {01A3FF97-C460-4B94-AA69-8CED217C0BFA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {05D0356A-2746-4ACF-97DB-605711F9861E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0F710060-00D2-4BA2-AF7C-6A5802D89731} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {408D8D13-CFB1-4F67-9459-4BF34CA868EC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4ADBF9D5-101F-4E08-9670-3D4CA54CC055} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {5DA599DE-1C9B-47FF-BBF2-8FA4DFE28F19} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {5EFA385E-8A85-4B23-9F7F-D67C082A8530} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {758B0F09-E5D2-4CD6-975A-93DABA92018A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {82BBD302-AE17-4BD9-99D8-B8C53B1697B2} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {8823462B-14F6-4AED-B87A-DF0FD4C5F7AD} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {8C112146-A9E3-4233-AF42-AAA83BFEDD07} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {A486E167-9479-4663-B5A0-4629162D27B2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BB1F7CE4-D2C8-4408-9B72-9D5B2E041C98} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {BCEA2A88-6122-4C82-AC8F-A4E6143E96EE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BE5148A6-AC12-4D7B-900D-9B3A8C3AA0E3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C02FD36C-2D39-4CEE-B32B-09155945BF64} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {CF3F434F-4CF4-45D3-BAA5-51F4E32EA7FB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E7FC5682-30AD-4D7C-BF7B-C22AECA3893B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Admin:Heroes & Generals [38]
U3 wpcsvc; no ImagePath
C:\Users\Admin\AppData\Local\Temp\rscagent.exe
C:\Users\Admin\AppData\Local\Temp\WebCompanionInstaller.exe
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~

What we can do now is run an online scan with Eset, a good trusted scanner, reliable and thorough.
The settings I suggest will also show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Ensure your external and/or USB drives are inserted during the scan.

Please disable your Antivirus as shown in the following topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/)

Please download Emsisoft Emergency Kit (http://dl.emsisoft.com/EmsisoftEmergencyKit.exe) and save it to your desktop.
Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop.

Leave all settings as they are and click the Extract button at the bottom.
A folder named EEK will be created in the root of the drive (usually c:\).

After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates.
Please click Yes so that it downloads the latest database updates.
When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
Click on Scan to be taken to the scan options.
If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
Click on the Malware Scan button to start the scan.
When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
Please save the log in Notepad on your desktop, and copy it to your next reply.
When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please post these 2 logs when finished.

dealmaker
2016-09-13, 21:12
Hi Juliet,
Per you request and instructions, I was only able to locate and remove the following file: CouponPrinterPlugin, PrintMyCouponAnywhere, RevTraxPrintMyCoupon. However, I was unable to find or locate Catalina Savings Printer and CouponBar. You next instruction was regarding the Farbar. I was able to locate the file and cut and paste on my desktop. I think I followed and did what was instructed. However, when I got to this step, "Open *FRST/FRST64* and press the *> Fix <* button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply", I was not able to complete the process. Instead I got an error code and the box was closed as seen in the attachment. I am not able to attach the Addition or Fixlist and therefore, I am going to copy and paste here as follow:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016
Ran by Admin (13-09-2016 13:19:05)
Running from C:\Users\Admin\Desktop
Windows 10 Pro Version 1511 (X64) (2016-07-29 13:11:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-758200000-2134975689-3807630707-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-758200000-2134975689-3807630707-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-758200000-2134975689-3807630707-503 - Limited - Disabled)
Guest (S-1-5-21-758200000-2134975689-3807630707-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-758200000-2134975689-3807630707-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.6.0.248 - Adobe Systems Incorporated)
Adobe Reader 9.4.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.07059 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.07059 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.0 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DisplayLink Core Software (HKLM\...\{08E79B2B-6479-4483-A0CB-86692D31F209}) (Version: 7.0.41409.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{7CF15243-E71F-47A1-B1A0-87AC0FC9BEDE}) (Version: 7.0.41419.0 - DisplayLink Corp.)
DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.39.1 - Dropbox, Inc.) Hidden
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.22.1.5530 (HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\GoToMeeting) (Version: 7.22.1.5530 - CitrixOnline)
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
HP LaserJet 400 M401 (HKLM-x32\...\{8989F6D9-550C-4178-A8CB-75B82A06621F}) (Version: 5.0.13198.1083 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM401DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.1 - HP) Hidden
HPLaserJet400-M401_HelpLearnCenter_SI (HKLM-x32\...\{4989DD05-86FB-4CA2-96C5-923DFAD89DA3}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM401 (x32 Version: 3.00.0003 - HP) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM401LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM401 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
IIS 7.5 Express (HKLM-x32\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
IsoBuster 3.1 (HKLM-x32\...\IsoBuster_is1) (Version: 3.1 - Smart Projects)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manager (x32 Version: 8.1.4.29179 - LULU Software Limited) Hidden
McAfee Agent (HKLM-x32\...\{A638557B-1F13-40A0-9627-C892FBCA6960}) (Version: 4.0.0.1180 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}) (Version: 8.7.0 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Microsoft ASP.NET Web Pages 2 (HKLM-x32\...\{cb29be6c-39c4-493e-9da7-d585d5353714}) (Version: 2.0.20715.0 - Microsoft Corporation)
Microsoft Easy Assist v2 (HKLM-x32\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{11849FBC-C416-4742-8279-17C3A2C85F72}) (Version: 4.0.7577.4510 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1 (HKLM-x32\...\{82284382-30E3-4DED-980B-746278DA6CC2}) (Version: 4.0.8854.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1 (HKLM\...\{FAF57A91-58B3-490C-9D0C-66337DAD3F11}) (Version: 4.0.8854.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 Web Tools ENU (HKLM-x32\...\{A51500FE-6408-4305-B071-B961F691A4CE}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Platform Installer 4.5 (HKLM\...\{458707CD-9D7A-477F-B925-02242A29673B}) (Version: 4.0.1863 - Microsoft Corporation)
Microsoft WebMatrix 2 (HKLM-x32\...\{FCBF1750-6A2D-4A4E-AAE2-DDAEA0744DAE}) (Version: 2.0.1692 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Connector Net 6.5.4 (HKLM-x32\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)
Neat (HKLM-x32\...\Neat) (Version: 5.7.1.474 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.5 - The Neat Company)
Neat Core Files (x32 Version: 5.7.1.474 - The Neat Company) Hidden
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
NeatConnect Scanner Driver (HKLM\...\{6895EF47-6BD8-468E-BA09-B33636C65B7C}) (Version: 2.0.2.26 - The Neat Company)
NVIDIA nView 135.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.64 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.50.00 - )
Oracle VM VirtualBox 4.2.6 (HKLM\...\{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}) (Version: 4.2.6 - Oracle Corporation)
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Remote Desktop Connection Manager (HKLM-x32\...\{173A2B7F-535A-4403-A454-B41531EF0D7F}) (Version: 2.2.0423 - Microsoft Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.06.00.04(1/29/2016) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.18.0 - Samsung Electronics Co., Ltd.)
Samsung M283x Series (HKLM-x32\...\Samsung M283x Series) (Version: 1.16 (2/12/2016) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Soda PDF 8 (HKLM-x32\...\Soda8) (Version: 8.0.51.26536 - LULU Software Limited)
Soda PDF 8 Asian Fonts Pack (Version: 8.1.8.29211 - LULU Software Limited) Hidden
Soda PDF 8 Create Module (Version: 8.1.8.29211 - LULU Software Limited) Hidden
Soda PDF 8 Edit Module (Version: 8.1.8.29211 - LULU Software Limited) Hidden
Soda PDF 8 Forms Module (Version: 8.1.8.29211 - LULU Software Limited) Hidden
Soda PDF 8 Insert Module (Version: 8.1.8.29211 - LULU Software Limited) Hidden
Soda PDF 8 Review Module (Version: 8.1.8.29211 - LULU Software Limited) Hidden
Soda PDF 8 Secure Module (Version: 8.1.8.29211 - LULU Software Limited) Hidden
Soda PDF 8 View Module (Version: 8.1.8.29211 - LULU Software Limited) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.85 - Synaptics Incorporated)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20202 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
USB-Ethernet Adapter Device (HKLM\...\USB-Ethernet Adapter Device) (Version: - )
vCarsNet (HKLM-x32\...\{B8E8AB90-7729-11E0-6784-0F44122918BE}) (Version: 1.00.000 - Wayne Reaves Computer System)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.3.64 - VeriSign)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 9.0.2 - VMware, Inc)
VMware Workstation (Version: 9.0.2 - VMware, Inc.) Hidden
Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-758200000-2134975689-3807630707-1003_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-758200000-2134975689-3807630707-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\5102\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-758200000-2134975689-3807630707-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00077E09-894C-4B98-A627-D3F08EBF64CF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {01A3FF97-C460-4B94-AA69-8CED217C0BFA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {032D3562-5B52-4BCD-85E5-F19716558E5F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {05D0356A-2746-4ACF-97DB-605711F9861E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0CEB39A4-E2EE-404A-89D1-64ADBEEA8C5C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {0D12E138-D7F3-4DE3-851F-896D8297FD0E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0D4013CA-F602-49EE-8F61-3DB69316A646} - System32\Tasks\G2MUploadTask-S-1-5-21-758200000-2134975689-3807630707-1003 => C:\Program Files (x86)\Citrix\GoToMeeting\5530\g2mupload.exe [2016-09-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {0F3D2144-5143-4334-B51F-E209ADA72B68} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {0F710060-00D2-4BA2-AF7C-6A5802D89731} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1538F3EA-5A10-4804-A8B5-4935DB7BA499} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-22] (Dropbox, Inc.)
Task: {1ACCD2BC-ECAA-421E-92C4-7CC916C91DA6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-22] (Lenovo)
Task: {1B435872-DB8A-426A-9475-624CCE485D18} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {1CAAA471-219E-470D-A32B-BBDE5CCDA028} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {1E7F1F74-D5DD-44B6-B800-24AC8795F467} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {1E896E5C-18AD-4481-A02B-10AC19EBF08C} - System32\Tasks\G2MUpdateTask-S-1-5-21-758200000-2134975689-3807630707-1003 => C:\Program Files (x86)\Citrix\GoToMeeting\5530\g2mupdate.exe [2016-09-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {27D588D4-A691-47A7-A414-3D7164176EED} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {33F166BA-37C9-418D-8AA8-58D5F6F45B3D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {37647D1E-48E9-42A3-919C-C5303D73D655} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe
Task: {408D8D13-CFB1-4F67-9459-4BF34CA868EC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4ADBF9D5-101F-4E08-9670-3D4CA54CC055} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {4CB00FE0-BAAF-46A8-A3C2-F73C69316F1C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {51376539-ABC9-4D03-BA8C-B8967D76978B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {5364D6A4-6437-446D-807B-91CAFB0D1F26} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)
Task: {55241966-A525-483A-80B3-912957AB1D5B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {5BA07DE9-AFE8-4F78-BA8C-DD084C955095} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {5CB64ADC-CA99-4963-924B-A0700ADC4919} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {5DA599DE-1C9B-47FF-BBF2-8FA4DFE28F19} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {5EFA385E-8A85-4B23-9F7F-D67C082A8530} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {6620AE60-7FD9-4C82-852A-4C59BE211304} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6A5F17F4-D73F-474B-9222-4C3C2D3E2938} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {6D8247F1-2793-44EA-8594-F74737F2A75E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {6F474FD9-80A1-4693-8E21-971B91441F93} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {758B0F09-E5D2-4CD6-975A-93DABA92018A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {763E4ACC-AB81-44DA-8CF7-7120F2E84741} - System32\Tasks\{88D04C5A-08F1-46BF-BE6D-826FD3C5A573} => pcalua.exe -a C:\Users\Admin\Downloads\VirtualBox-4.2.6-82870-Win.exe -d C:\Users\Admin\Downloads
Task: {7FFFE23D-335B-4084-97CE-55FF7D8C2834} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {81B9AE31-23E3-4E62-BCFF-F4E245BF02F6} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {82BBD302-AE17-4BD9-99D8-B8C53B1697B2} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {856BE864-1CCC-49B9-9DE6-04FB26F1F2EA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {87915378-07E9-48BD-8E52-0983EC07D993} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {8823462B-14F6-4AED-B87A-DF0FD4C5F7AD} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {8A6F6665-22CB-4A09-87C6-E04B977D0151} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8C112146-A9E3-4233-AF42-AAA83BFEDD07} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {93777627-6E00-4392-808E-62DB858DE629} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {A0F4723E-16B2-4F55-9D13-AFA91B86D228} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe
Task: {A1B491D2-3F94-4DA5-950F-B488DE727980} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {A486E167-9479-4663-B5A0-4629162D27B2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A57CDDA4-929F-4106-A334-0367875C4063} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {A6A1DA33-B334-42B8-8A65-5BE22E4F52CA} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited)
Task: {A9959A3D-9107-4696-B525-2F3DBFC0B2C3} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {ACED52AB-140E-4311-8871-5D26079A766F} - System32\Tasks\{D25ABC7A-9004-4677-9F22-37E167700B15} => pcalua.exe -a E:\USBDocking.exe -d E:\
Task: {B5248C95-8BC1-4A3B-B146-01B7E17BC201} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {BB1F7CE4-D2C8-4408-9B72-9D5B2E041C98} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {BBDBB8D4-4614-461F-8B1F-A90F3F4BDFC0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {BCEA2A88-6122-4C82-AC8F-A4E6143E96EE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BD13DE06-B699-47D0-9469-B0D784E0E16C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BE450A59-BC54-4A8C-8819-8AE478CE56CD} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-22] (Microsoft Corporation)
Task: {BE5148A6-AC12-4D7B-900D-9B3A8C3AA0E3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C02FD36C-2D39-4CEE-B32B-09155945BF64} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {C421AFD3-E9F2-44A7-BEC8-03ACB2E8E28C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {CBF5BBC6-8397-42A6-8C88-968311A3945A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {CE47A082-0881-4AA7-A508-83DDCD3488D0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {CF3F434F-4CF4-45D3-BAA5-51F4E32EA7FB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D3952292-994E-4714-8078-DC727C525D6C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-22] (Dropbox, Inc.)
Task: {D70034E5-A372-41C3-92F3-C9C09B932853} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {D8D937D2-8E84-4F41-AA15-368D19A4AD0A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D98C6D61-054B-41BE-BF91-67CCD7846385} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {E666A94E-EDA9-4B43-A290-92E65A9F14FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {E7FC5682-30AD-4D7C-BF7B-C22AECA3893B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EF19F11F-F341-48CA-B4EF-EE727F3EC5D8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {F030A6A8-E074-454D-B7A5-A6AB8E738883} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-758200000-2134975689-3807630707-1003.job => C:\Program Files (x86)\Citrix\GoToMeeting\5530\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-758200000-2134975689-3807630707-1003.job => C:\Program Files (x86)\Citrix\GoToMeeting\5530\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-28 18:12 - 2015-07-22 21:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-14 12:31 - 2014-05-20 15:01 - 00054784 _____ () C:\WINDOWS\System32\sdtnpm.dll
2015-07-17 07:31 - 2015-07-17 07:31 - 00022528 _____ () C:\WINDOWS\System32\ssk5mlm.dll
2015-07-17 07:31 - 2015-07-17 07:31 - 01604096 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\ssk5mdu.dll
2015-05-19 16:33 - 2015-09-18 22:39 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-06-20 18:08 - 2016-06-18 07:43 - 00499000 _____ () C:\WINDOWS\SysWOW64\spdsvc.exe
2008-09-29 08:07 - 2008-09-29 08:07 - 00140288 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\VsEvntUI.dll
2013-02-26 01:54 - 2013-02-26 01:54 - 13242960 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2015-04-14 12:31 - 2014-05-20 15:01 - 00018944 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\sdtnui.dll
2016-07-28 22:01 - 2016-07-28 22:01 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2011-11-11 11:01 - 2011-08-31 14:03 - 00045568 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2016-07-28 22:01 - 2016-07-28 22:01 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-01 23:18 - 2016-04-01 23:18 - 00426160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-22 21:15 - 2016-08-22 21:15 - 01864384 _____ () C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-04-24 14:59 - 2011-01-26 12:31 - 00615016 _____ () C:\Program Files\NVIDIA Corporation\nView\nvshell.dll
2016-04-27 02:10 - 2016-04-27 02:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-28 22:02 - 2016-07-28 22:02 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2011-11-11 10:54 - 2010-10-26 00:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 13:38 - 2014-09-08 13:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2016-04-01 23:17 - 2016-04-01 23:17 - 31679664 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2009-05-28 02:09 - 2009-05-28 02:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2016-08-16 12:42 - 2016-08-16 12:43 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-16 12:42 - 2016-08-16 12:43 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-08-02 20:52 - 2016-08-02 20:53 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-08-02 20:45 - 2016-08-02 20:47 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-07-17 07:31 - 2015-07-17 07:31 - 01845760 _____ () C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\X64\3\SSK5MUM.DLL
2016-07-28 22:02 - 2016-07-28 22:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-28 22:02 - 2016-07-28 22:02 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-28 22:02 - 2016-07-28 22:02 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-28 22:02 - 2016-07-28 22:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2005-08-22 15:38 - 2005-08-22 15:38 - 03264512 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2008-03-14 04:00 - 2008-03-14 04:00 - 00057344 _____ () C:\Program Files (x86)\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
2013-02-26 02:28 - 2013-02-26 02:28 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2011-11-11 11:01 - 2011-08-31 14:03 - 00081920 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMROV.DLL
2011-11-11 11:02 - 2010-04-06 13:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-11-11 11:02 - 2010-04-06 13:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2016-08-22 21:15 - 2016-08-22 21:15 - 01383616 _____ () C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-22 21:15 - 2016-08-22 21:15 - 00118976 _____ () C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-08-06 12:58 - 2016-08-05 23:21 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-09-02 19:38 - 2016-08-05 23:21 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-09-02 19:38 - 2016-08-05 23:22 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-09-02 19:38 - 2016-08-05 23:21 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-08-06 12:58 - 2016-08-05 23:21 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-08-06 12:58 - 2016-08-05 23:21 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-08-06 12:58 - 2016-08-05 23:21 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-08-06 12:58 - 2016-08-05 23:22 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-09-02 19:38 - 2016-08-05 23:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-09-02 19:38 - 2016-08-05 23:24 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-06 12:58 - 2016-08-05 23:25 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-08-06 12:58 - 2016-08-05 23:21 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-08-06 12:58 - 2016-08-05 23:22 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-08-06 12:58 - 2016-08-05 23:25 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-09-02 19:38 - 2016-08-05 23:18 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-09-02 19:38 - 2016-08-30 17:38 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-09-02 19:38 - 2016-08-30 17:13 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-09-02 19:38 - 2016-08-30 17:38 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-09-02 19:38 - 2016-08-30 17:38 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-08-06 12:58 - 2016-08-05 23:22 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-06 12:58 - 2016-08-05 23:24 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-06 12:58 - 2016-08-30 17:38 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-09-02 19:38 - 2016-08-30 17:38 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-04-07 11:44 - 2016-04-07 11:44 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-03-29 17:19 - 2016-03-29 17:19 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-03-29 17:19 - 2016-03-29 17:19 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-03-29 17:19 - 2016-03-29 17:19 - 00121856 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-03-29 17:19 - 2016-03-29 17:19 - 00126464 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-04-07 11:35 - 2016-04-07 11:35 - 00090304 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-03-29 17:19 - 2016-03-29 17:19 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-08-08 15:38 - 2016-08-02 20:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 15:38 - 2016-08-02 20:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-08-08 15:38 - 2016-08-02 19:54 - 17602240 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Admin:Heroes & Generals [38]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\sony.com -> sony.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-08-18 20:46 - 00000950 ____A C:\WINDOWS\system32\Drivers\etc\hosts

192.168.100.10 barnes53-dev barnes53-dev.stibo.corp
0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-758200000-2134975689-3807630707-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Thailand\DesktopBackground\thailand1.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C37041D2-63DF-4B46-A548-9DCD7BF07B32}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{05DA691F-FB6C-44D6-B407-9CE8114C5739}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{49909F58-5E28-4683-ABB7-FDD17B2BE9DA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{659B669E-A162-4BB9-9447-948A38C03ADB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{A088AD6F-B938-499A-821B-BC7211BF2101}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{C34D7FDA-E9C5-4B0F-94DF-AFDA9460E120}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{9718F1CD-7DC1-4FD3-9265-EB00EC01D938}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{4E83D652-80B2-45CE-BCD4-2426FF32D22A}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{7ACF01CB-1449-40B1-9468-358EC37CC1C3}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{11F152FA-E864-4719-BC84-50BD06D2D24A}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D0CF6008-23DA-4892-B677-C75034EDB44A}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8E315BB7-9C93-4274-A8D1-6E52CF8D45C0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{460881AB-82C2-4D13-BAAA-43D57FC5E54D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{6C2DC881-DADF-4BAD-A637-54EDE1074549}C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe
FirewallRules: [TCP Query User{6BA9EB06-57D4-4BFF-862D-589CF2FDEC3C}C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe
FirewallRules: [{C4DC38EE-9021-40EE-B8D0-9155423CCFB5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3634A9C3-08ED-4FAA-9542-E3C153A144B9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8D6EB568-407E-48F3-B4DD-5E0950519240}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{EB539982-52A6-4B41-BD0C-5363F14A3517}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9161BE96-A0E6-4D43-BABC-54C75704B6DF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [{1A30B252-6A2C-466F-A1C3-1ADCE1536955}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [UDP Query User{CD25C93F-B8AE-44AE-B56A-DDA9E433E4E9}C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe] => (Block) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [TCP Query User{8363C6F6-1070-4ED2-B81D-741A24C81347}C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe] => (Block) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [{ED42A00A-8151-401A-903E-7A5AEABDDA0A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warface\live\nw.exe
FirewallRules: [{C397D4DA-DD95-4B82-8ECC-AE8E073438E9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warface\live\nw.exe
FirewallRules: [{3193B546-1FB6-4756-BC67-C93BF403153B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{6476078D-9818-4ECA-A4BC-0389926A8F3C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{3769C594-BA7B-4956-9A77-7F674916CD15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{24C0F560-A4F4-41A1-8CBB-592603D001DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [UDP Query User{0CD04D01-E891-4DF8-9BAE-DD2D2B9DFD83}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [TCP Query User{AAD464BB-0E7C-4165-8376-EA1661A972ED}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{89DBCF2B-1E81-4557-A4CB-3D78DE261542}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{4C113CF8-0AE7-44DC-9A29-291331AEC2BF}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{67D4EE8F-F0C1-43E0-AE6E-3FDE0B54FCE3}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{5C343CA9-B3EB-478A-8B59-0E6FA0A0F598}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{B7EE1936-3D61-4C6D-BD91-19156FF153D1}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{B12E95BF-CC42-4B44-8509-878498960DF7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{6A72F8E1-3120-4482-9D29-C58AC4A820FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EF49B5AF-FBC0-4786-9677-14D3C0451FE5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [UDP Query User{2B3AFB43-CA23-45D6-B499-AE80C093765A}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{6E460A85-7762-4407-BFFB-F67D322021AE}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{C2799129-8477-4DC6-AD10-50644508E764}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{32810646-8849-4007-9221-994DB533AF30}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{575BE75E-0D76-4F79-8A2D-126E24F9C69E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{82BCF471-2A9B-4CE8-B94E-81AA11B030CD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8D185FEB-E2B3-4324-946B-F3782210DF6C}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 400 M401\bin\EWSProxy.exe
FirewallRules: [{3A0B1C01-843E-4D94-BCA3-528BBE6B9395}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 400 M401\Bin\HPNetworkCommunicator.exe
FirewallRules: [{74F2EB42-6619-4F66-99CE-9751A5CD57E4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{8CB136FE-BD63-4649-988A-674F86AFE55B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{2983434F-50EB-4198-84C2-5621909E63DD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{928749D2-101E-4545-9277-CE28382D4FD4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{B28C3420-6DF7-4639-999B-D65BA3A4E0BC}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{42B5E5D6-1DC8-4FFE-9FC9-9D765E6509C3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{A836A59B-391E-4BEB-925F-98D378B5A05E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{FA193243-8AE9-454D-8708-0A8F157BBDAC}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{39F5B2C6-0294-4DB0-AFAB-03A3AD6F28EA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{2F1FA5E9-DD70-4470-8AD9-8D14DD254D92}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{0684A871-9360-4CE5-A265-3E5BADE8F71D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{B64EC5D4-11F8-469C-9BE5-F4BDFB3B76F5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{795C2325-7AEE-42F6-B883-8B38B9971767}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{FFE82DF3-B90E-4859-B00D-B6C8856B892D}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{589FC7B9-F2DF-4434-8245-7A3FEE2EC257}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi64.exe
FirewallRules: [{3AA152B5-F5B4-4553-82C9-58A080D83FF7}] => (Allow) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
FirewallRules: [{D6A3F08C-E599-4342-8F6E-1B5521314B75}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{C78617C3-4E29-472C-AF7B-2543597CD3D0}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{6E0E1874-9AF2-4BB9-ADF0-7ECF2B1A4BE6}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{58EC11DF-D227-46B7-A4B7-7D471A2FDE30}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{826F587B-D1B7-4130-ADE4-2BF5FED89831}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{886A32B9-AEAA-4427-94C4-BE2AFCCDE9F1}] => (Allow) LPort=1900
FirewallRules: [{D0C888EC-DA28-4050-B1A7-014F340DDB60}] => (Allow) LPort=2869
FirewallRules: [{69C70696-D0F6-4E7D-8380-3121BDD47854}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ADDB579D-F9F7-41D4-A2C0-7D5696586510}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{3E78C168-42C0-4675-94F9-0B8CDC621997}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{28654235-BB82-4AEF-94EF-B683DD8DAF48}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{AB326821-C77A-4F02-888B-4C73EDFBDD84}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{BF4DC84C-01D9-4294-A00F-B6491F3B7E96}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{7EB0547D-654A-4B5D-8835-D3DEADAB7090}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{254F09A7-AE6E-44B6-93AC-04BE2A13180E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\Win32\AAGame.exe
FirewallRules: [{6DFFD199-E773-4DD0-B3E6-0B4BE01B243B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\Win32\AAGame.exe
FirewallRules: [{8FB0FB5D-7FF8-41C6-A6EB-A6AC790E87CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\Win32\AALauncher32.exe
FirewallRules: [{2D21623B-BCBA-447B-BEEE-B3794D6293CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\Win32\AALauncher32.exe
FirewallRules: [{289AC246-6D63-45CE-BA4D-5EEF222D255E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\theHunter\launcher\launcher.exe
FirewallRules: [{8E780724-E392-41A6-9694-463C4550841F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\theHunter\launcher\launcher.exe
FirewallRules: [TCP Query User{9C8AE4BB-0C98-4E99-BD5D-6D03A7E4A152}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{66AB957E-878C-46A1-9154-D8BCE93DDFA0}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [{C23EB0AF-DDF3-4A3C-88B3-F3B7F108F9F4}] => (Block) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [{B3D1A06E-7E0E-4A0F-9341-937787691E51}] => (Block) C:\users\admin\appdata\local\akamai\netsession_win.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

13-09-2016 10:12:09 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2016 10:59:18 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (09/13/2016 10:32:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.

Error: (09/13/2016 10:19:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.36, time stamp: 0x56eb679c
Faulting module name: KERNELBASE.dll, version: 10.0.10586.494, time stamp: 0x5775e78b
Exception code: 0xe06d7363
Fault offset: 0x000bdae8
Faulting process id: 0x17d0
Faulting application start time: 0x01d20dc7d9f9b65c
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
Report Id: 7eaccd5e-548c-4029-8f64-31a694ae61e6
Faulting package full name: Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/13/2016 10:12:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/13/2016 10:06:17 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (09/13/2016 10:02:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe CEF Helper.exe, version: 3.6.0.248, time stamp: 0x5706a3f2
Faulting module name: libcef.dll, version: 3.2171.2069.0, time stamp: 0x551bdc44
Exception code: 0xc0000005
Fault offset: 0x00444106
Faulting process id: 0x2570
Faulting application start time: 0x01d20a4bf7b95772
Faulting application path: C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
Faulting module path: C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
Report Id: d46b2570-591e-4204-9324-79a728b007c7
Faulting package full name:
Faulting package-relative application ID:

Error: (09/08/2016 11:39:28 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (09/08/2016 10:55:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.

Error: (09/08/2016 10:28:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.

Error: (09/07/2016 11:37:52 PM) (Source: Automatic LiveUpdate Scheduler) (EventID: 101) (User: UNIVERSE)
Description: Event-ID 101


System errors:
=============
Error: (09/13/2016 11:01:05 AM) (Source: DCOM) (EventID: 10016) (User: UNIVERSE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user UNIVERSE\Admin SID (S-1-5-21-758200000-2134975689-3807630707-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/13/2016 11:01:05 AM) (Source: DCOM) (EventID: 10016) (User: UNIVERSE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user UNIVERSE\Admin SID (S-1-5-21-758200000-2134975689-3807630707-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/13/2016 11:01:05 AM) (Source: DCOM) (EventID: 10016) (User: UNIVERSE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user UNIVERSE\Admin SID (S-1-5-21-758200000-2134975689-3807630707-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/13/2016 11:01:05 AM) (Source: DCOM) (EventID: 10016) (User: UNIVERSE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user UNIVERSE\Admin SID (S-1-5-21-758200000-2134975689-3807630707-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/13/2016 11:01:05 AM) (Source: DCOM) (EventID: 10016) (User: UNIVERSE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user UNIVERSE\Admin SID (S-1-5-21-758200000-2134975689-3807630707-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/13/2016 11:01:05 AM) (Source: DCOM) (EventID: 10016) (User: UNIVERSE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user UNIVERSE\Admin SID (S-1-5-21-758200000-2134975689-3807630707-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/13/2016 11:00:53 AM) (Source: DCOM) (EventID: 10016) (User: UNIVERSE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user UNIVERSE\Admin SID (S-1-5-21-758200000-2134975689-3807630707-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/13/2016 11:00:53 AM) (Source: DCOM) (EventID: 10016) (User: UNIVERSE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user UNIVERSE\Admin SID (S-1-5-21-758200000-2134975689-3807630707-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/13/2016 10:58:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Neat Startup Service service to connect.

Error: (09/13/2016 10:58:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MsDepSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
Date: 2016-09-07 10:04:46.469
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-07 10:04:46.456
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-07 10:04:46.443
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-07 10:04:46.369
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-07 10:04:46.119
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-02 23:54:18.594
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-01 21:23:45.079
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-01 20:47:24.884
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-13 03:41:38.760
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-06 13:08:21.575
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2720QM CPU @ 2.20GHz
Percentage of memory in use: 27%
Total physical RAM: 16267.23 MB
Available physical RAM: 11796.5 MB
Total Virtual: 32651.23 MB
Available Virtual: 28091.75 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:447.9 GB) (Free:324.69 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Virtual Files) (Fixed) (Total:238.47 GB) (Free:98.36 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 97162091)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=786 MB) - (Type=27)
Partition 4: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 9E95215A)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

And here is the Fixlist (I think)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Ran by Admin (administrator) on UNIVERSE (13-09-2016 13:00:54)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Two Pilots) C:\WINDOWS\VPDAgent_x64.exe
(Lenovo.) C:\WINDOWS\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
() C:\WINDOWS\SysWOW64\spdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(LULU SOFTWARE LIMITED) C:\Program Files\Soda PDF 8\creator-ws.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Conexant Systems Inc.) C:\WINDOWS\System32\CxAudMsg64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(LULU Software Limited) C:\ProgramData\LULU Software\Soda PDF 8 Manager\Soda PDF 8\Soda Manager.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE
(Lenovo.) C:\WINDOWS\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WRCS) C:\Program Files (x86)\WRCS\vCarsNet\Main\vCars.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-03-22] (Adobe Systems Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-16] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo Group Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [136512 2008-03-14] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124240 2008-09-29] (McAfee, Inc.)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12120616 2016-07-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522704 2012-04-23] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104528 2013-02-26] (VMware, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25197248 2016-08-30] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2313408 2016-04-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-11] (Google Inc.)
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\Run: [Ad-Aware Search Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\BrowserDock.exe
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\Run: [Akamai NetSession Interface] => "C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\RunOnce: [Uninstall C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_5\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_5\amd64"
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-06-10]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2011-11-11]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{33049c0e-d7c7-47c3-a0aa-7ae8ddcbec90}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b8f29825-ff1d-45f4-ad37-3e74059fec3b}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.cnn.com/
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL =
SearchScopes: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> {5709AA32-C414-4E22-B24E-4B9E96692EF3} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS479
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll [2008-09-29] (McAfee, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2011-12-05] (Symantec Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-26] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll [2008-09-29] (McAfee, Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2011-12-05] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-26] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP13EP100-10026/webex/ieatgpc1.cab

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: Soda PDF 8 -> C:\Program Files (x86)\Soda PDF 8\np-previewer.dll [2016-08-12] (LULU SOFTWARE LIMITED)
FF Plugin HKU\S-1-5-21-758200000-2134975689-3807630707-1003: @citrixonline.com/appdetectorplugin -> C:\Users\Admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-758200000-2134975689-3807630707-1003: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Admin\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-11] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-04-25] (Cisco WebEx LLC)
FF HKLM\...\Firefox\Extensions: [soda_pdf_8_conv@sodapdf.com] - C:\Program Files\Soda PDF 8\resources\sodapdf8firefoxextension
FF Extension: (Soda PDF 8 Creator) - C:\Program Files\Soda PDF 8\resources\sodapdf8firefoxextension [2016-08-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2014-01-14] [not signed]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
CHR Extension: (Video Downloader professional) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-08-15]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-07]
CHR Extension: (Yahoo Partner) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol [2016-08-21]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-04-25]
CHR Extension: (Grammarly for Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14]
CHR Extension: (Yahoo Partner) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-08-21]
CHR Extension: (Game Tube Now Advertising) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odgnpeandakimjdonmjgepbapjbhadgb [2016-09-04]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-05]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2014-05-20] (Two Pilots) [File not signed]
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-22] (Dropbox, Inc.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [17920 2008-09-29] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2008-03-14] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [175072 2008-09-29] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [62800 2008-09-29] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [75656 2008-09-29] (McAfee, Inc.)
S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
S2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [26624 2015-07-14] (The Neat Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-09-18] ()
R2 Samsung Printer Dianostics Service; C:\Windows\SysWOW64\\spdsvc.exe [499000 2016-06-18] ()
S3 Soda PDF 8; C:\Program Files\Soda PDF 8\ws.exe [2263504 2016-08-12] (LULU SOFTWARE LIMITED)
S3 Soda PDF 8 CrashHandler; C:\Program Files\Soda PDF 8\crash-handler-ws.exe [920016 2016-08-12] (LULU SOFTWARE LIMITED)
R2 Soda PDF 8 Creator; C:\Program Files\Soda PDF 8\creator-ws.exe [733136 2016-08-12] (LULU SOFTWARE LIMITED)
R2 Soda PDF 8 Manager; C:\ProgramData\LULU Software\Soda PDF 8 Manager\Soda PDF 8\Soda Manager.exe [900120 2016-08-11] (LULU Software Limited)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255608 2016-04-21] (Synaptics Incorporated)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2011-12-05] (Symantec Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13242960 2013-02-26] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-06-27] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [96016 2008-09-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [118688 2008-09-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [465792 2008-09-29] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [75800 2008-09-29] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [82504 2008-09-29] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42664 2016-01-07] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 Tvti2c; C:\Windows\system32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [33360 2013-02-26] (VMware, Inc.)
R1 vrvd5; C:\Windows\system32\DRIVERS\vrvd5.sys [13344 2016-08-21] (Rsupport Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssas64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-13 12:57 - 2016-09-13 12:57 - 00001663 _____ C:\Users\Admin\Desktop\FRST64 - Shortcut.lnk
2016-09-13 12:57 - 2016-09-13 12:57 - 00000000 ____D C:\Users\Admin\Downloads\FRST-OlderVersion
2016-09-13 10:23 - 2016-09-13 10:23 - 22851472 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-09-13 10:14 - 2016-09-13 10:14 - 00001913 _____ C:\Users\Admin\Desktop\JRT.txt
2016-09-13 10:11 - 2016-09-13 10:11 - 01610560 _____ (Malwarebytes) C:\Users\Admin\Downloads\JRT.exe
2016-09-13 09:58 - 2016-09-13 10:03 - 00000000 ____D C:\AdwCleaner
2016-09-13 09:58 - 2016-09-13 09:58 - 03826240 _____ C:\Users\Admin\Downloads\AdwCleaner.exe
2016-09-08 22:26 - 2016-09-13 10:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-08 22:26 - 2016-09-13 10:24 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-08 22:26 - 2016-09-13 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-08 22:26 - 2016-09-13 10:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-08 22:26 - 2016-09-08 22:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-08 22:26 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-08 22:26 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-08 22:26 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-08 22:25 - 2016-09-08 22:25 - 22851472 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-08 18:58 - 2016-09-08 18:58 - 05198336 _____ (AVAST Software) C:\Users\Admin\Downloads\aswMBR.exe
2016-09-08 18:57 - 2016-09-13 10:21 - 00000000 ____D C:\Users\Admin\Desktop\ERRORS
2016-09-08 18:54 - 2016-09-08 18:55 - 00082960 _____ C:\Users\Admin\Downloads\Addition.txt
2016-09-08 18:53 - 2016-09-13 13:00 - 00036711 _____ C:\Users\Admin\Downloads\FRST.txt
2016-09-08 18:50 - 2016-09-13 13:00 - 00000000 ____D C:\FRST
2016-09-08 18:50 - 2016-09-13 12:57 - 02398720 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2016-09-08 07:01 - 2016-09-08 07:01 - 00151040 _____ C:\Users\Admin\Downloads\project-plan1-1.ppt
2016-09-08 01:14 - 2016-09-08 22:51 - 00000000 ____D C:\Users\Admin\Desktop\Popup virus
2016-09-08 00:26 - 2016-09-08 00:26 - 00001007 _____ C:\Users\Admin\Desktop\SpybotPortable - Shortcut.lnk
2016-09-07 23:42 - 2016-09-08 00:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-07 23:42 - 2016-09-07 23:42 - 00000000 ____D C:\Users\Admin\Documents\ProcAlyzer Dumps
2016-09-07 23:28 - 2016-09-07 23:28 - 00000000 ____D C:\ProgramData\Symantec Shared
2016-09-07 23:28 - 2012-05-18 19:56 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capicom.dll
2016-09-07 23:28 - 2007-03-21 20:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71.DLL
2016-09-07 23:28 - 2007-03-21 20:33 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCP71.DLL
2016-09-07 23:28 - 2007-03-21 20:33 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCR71.DLL
2016-09-07 23:26 - 2016-09-07 23:36 - 00000000 ____D C:\ProgramData\Symantec
2016-09-07 23:25 - 2016-09-07 23:26 - 00000000 ____D C:\Users\Admin\Desktop\Symantec_Endpoint_Protection_12.1.6_MP5_Part1_Trialware_EN
2016-09-07 23:23 - 2016-09-07 23:23 - 10467568 _____ (Akamai Technologies, Inc.) C:\Users\Admin\Downloads\installer.exe
2016-09-07 23:12 - 2016-09-07 23:13 - 119710544 _____ (PortableApps.com) C:\Users\Admin\Downloads\SpybotPortable_2.5.paf (2).exe
2016-09-07 23:08 - 2016-09-07 23:08 - 119710544 _____ (PortableApps.com) C:\Users\Admin\Downloads\SpybotPortable_2.5.paf (1).exe
2016-09-07 22:57 - 2016-09-07 22:57 - 00020375 _____ C:\Users\Admin\Downloads\Calendar-triumph09.ics
2016-09-07 10:06 - 2016-09-07 10:06 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-07 10:03 - 2016-09-07 23:42 - 00000000 ____D C:\Users\Admin\Downloads\SpybotPortable
2016-09-07 10:02 - 2016-09-07 10:03 - 119710544 _____ (PortableApps.com) C:\Users\Admin\Downloads\SpybotPortable_2.5.paf.exe
2016-09-07 09:11 - 2016-09-07 09:10 - 00349270 _____ C:\Users\Admin\Downloads\adblock.zip
2016-09-07 08:44 - 2016-09-07 08:44 - 00087105 _____ C:\Users\Admin\Desktop\ID.pdf
2016-09-07 08:40 - 2016-09-07 08:40 - 00797077 _____ C:\Users\Admin\Desktop\Marriage LICENSE.pdf
2016-09-06 21:33 - 2016-09-06 21:33 - 06832128 _____ C:\Users\Admin\Downloads\protists-and-fungi.ppt
2016-09-02 19:38 - 2016-09-02 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-31 21:46 - 2016-08-31 21:46 - 00336272 _____ C:\Users\Admin\Downloads\Radians and Reference Angles.pdf
2016-08-29 13:52 - 2016-09-05 17:06 - 00000000 ____D C:\Users\Admin\Desktop\Auto Karma Buyers
2016-08-22 21:16 - 2016-08-22 21:16 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-22 21:15 - 2016-08-22 21:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2016-08-21 21:10 - 2016-08-21 21:27 - 00000000 ____D C:\Program Files (x86)\Rsupport
2016-08-21 21:10 - 2016-08-21 21:10 - 00070688 _____ (Rsupport Corporation) C:\WINDOWS\system32\vrvd5.dll
2016-08-21 21:10 - 2016-08-21 21:10 - 00013344 _____ (Rsupport Corporation) C:\WINDOWS\system32\Drivers\vrvd5.sys
2016-08-19 22:38 - 2016-08-19 22:38 - 00000000 ____D C:\Users\Admin\AppData\Local\DeadByDaylight
2016-08-19 22:37 - 2016-08-19 22:37 - 00332024 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-08-19 22:37 - 2016-08-19 22:37 - 00000000 ____D C:\Users\Admin\AppData\Local\UnrealEngine
2016-08-19 16:24 - 2016-08-19 16:24 - 00629892 _____ C:\Users\Admin\Downloads\BIOL1111 syllabus - Fall 2016PACEJuly272016.pdf
2016-08-19 16:17 - 2016-08-19 16:17 - 00194545 _____ C:\Users\Admin\Downloads\Bio1111labonlinesyllabusFa2016.pdf
2016-08-18 20:46 - 2016-08-18 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-08-18 19:28 - 2016-08-18 19:28 - 03536384 _____ C:\Users\Admin\Downloads\scientificmethodpowerpointreviewlesson.ppt
2016-08-18 06:55 - 2016-08-18 06:55 - 00363145 _____ C:\Users\Admin\Desktop\Employee Withholding.pdf
2016-08-17 18:20 - 2016-08-17 18:20 - 00069169 _____ C:\Users\Admin\Downloads\104082 Cover Sheet .pdf
2016-08-17 18:12 - 2016-08-17 18:12 - 00101124 _____ C:\Users\Admin\Downloads\104082 POA 2 pages .pdf
2016-08-16 13:00 - 2016-08-16 13:00 - 01391610 _____ C:\Users\Admin\Downloads\152955.pdf
2016-08-16 13:00 - 2016-08-16 13:00 - 01391610 _____ C:\Users\Admin\Desktop\3183 Nectarine.pdf
2016-08-16 12:47 - 2016-08-16 12:47 - 01335136 _____ C:\Users\Admin\Downloads\SharpBuckhead@meetatroam.com_20160812_152955 (1).pdf
2016-08-16 12:24 - 2016-08-16 12:24 - 01335136 _____ C:\Users\Admin\Downloads\SharpBuckhead@meetatroam.com_20160812_152955.pdf
2016-08-16 11:58 - 2016-08-16 11:58 - 01982056 _____ C:\Users\Admin\Desktop\LLC Operating Agreement.pdf
2016-08-16 11:12 - 2016-08-16 11:12 - 00259738 _____ C:\Users\Admin\Downloads\operating-agreement1.pdf
2016-08-16 10:27 - 2016-08-16 10:27 - 01253927 _____ C:\Users\Admin\Desktop\ATC business license.pdf
2016-08-16 10:17 - 2016-08-16 10:17 - 01031841 _____ C:\Users\Admin\Desktop\Business License.pdf
2016-08-16 09:40 - 2016-08-16 09:40 - 00424156 _____ C:\Users\Admin\Desktop\Aj business license.pdf
2016-08-16 09:23 - 2016-08-16 09:23 - 00000000 ____D C:\ProgramData\LULU Software
2016-08-16 09:22 - 2016-08-16 10:26 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Soda PDF 8
2016-08-16 09:22 - 2016-08-16 09:55 - 00000000 ____D C:\Users\Admin\Documents\Soda PDF Files
2016-08-16 09:22 - 2016-08-16 09:45 - 00000000 ____D C:\ProgramData\Soda PDF 8
2016-08-16 09:22 - 2016-08-16 09:23 - 00000000 ____D C:\Program Files\Soda PDF 8
2016-08-16 09:22 - 2016-08-16 09:22 - 09576200 _____ (LULU Software Limited) C:\Users\Admin\Downloads\Soda_PDF_8_wc_Installer.exe
2016-08-16 09:22 - 2016-08-16 09:22 - 00000798 _____ C:\Users\Public\Desktop\Soda PDF 8.lnk
2016-08-16 09:22 - 2016-08-16 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF 8
2016-08-16 09:22 - 2016-08-16 09:22 - 00000000 ____D C:\Program Files (x86)\Soda PDF 8
2016-08-16 07:59 - 2016-08-16 09:47 - 00002553 _____ C:\Users\Admin\Desktop\AJ.pdf
2016-08-15 17:10 - 2016-08-15 17:10 - 03853176 _____ C:\Users\Admin\Downloads\Instagram (2).mp4
2016-08-15 17:10 - 2016-08-15 17:10 - 03853176 _____ C:\Users\Admin\Downloads\Instagram (1).mp4
2016-08-15 17:08 - 2016-08-15 17:08 - 03853176 _____ C:\Users\Admin\Downloads\Instagram.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-13 13:01 - 2012-04-10 10:03 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2016-09-13 12:35 - 2012-04-10 15:29 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-09-13 12:35 - 2011-11-11 11:10 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-13 12:33 - 2013-08-16 12:46 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-13 12:20 - 2015-04-22 12:01 - 00000556 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-758200000-2134975689-3807630707-1003.job
2016-09-13 12:14 - 2016-04-22 13:09 - 00000906 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-09-13 11:22 - 2015-06-29 22:10 - 00000652 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-758200000-2134975689-3807630707-1003.job
2016-09-13 11:05 - 2016-07-28 18:15 - 01019136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-13 11:05 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-13 11:01 - 2016-04-22 13:12 - 00000000 ___RD C:\Users\Admin\Dropbox
2016-09-13 11:00 - 2016-04-22 13:09 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-09-13 11:00 - 2011-11-11 11:10 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-13 10:58 - 2016-04-27 02:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-13 10:58 - 2013-02-13 16:05 - 00000000 ____D C:\ProgramData\VMware
2016-09-13 10:57 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-09-13 10:02 - 2015-07-19 08:18 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-09-12 17:36 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-12 17:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-09 19:49 - 2016-07-29 09:14 - 00000000 ____D C:\Users\Admin\AppData\Local\Packages
2016-09-08 23:37 - 2016-08-02 19:53 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2016-09-08 23:37 - 2016-08-02 19:53 - 00000000 ____D C:\WINDOWS\system32\NV
2016-09-08 01:22 - 2016-04-27 02:29 - 00366136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-08 00:30 - 2015-04-14 12:30 - 00000000 ____D C:\Users\Public\Documents\Neat ADF Scanner
2016-09-07 23:58 - 2015-04-14 19:22 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-09-07 23:38 - 2011-11-11 11:17 - 00000000 ____D C:\Program Files (x86)\Symantec
2016-09-07 10:09 - 2016-07-28 18:18 - 00000000 ____D C:\Users\Admin
2016-09-07 09:32 - 2014-10-11 19:29 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-09-03 11:28 - 2015-04-22 17:07 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Heroes and Generals
2016-09-03 11:07 - 2016-07-28 18:42 - 00003810 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-758200000-2134975689-3807630707-1003
2016-09-03 11:07 - 2016-07-28 18:42 - 00003714 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-758200000-2134975689-3807630707-1003
2016-09-02 20:06 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-09-02 20:06 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-02 19:38 - 2016-04-22 13:09 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-31 21:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-29 14:03 - 2016-04-25 09:04 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Temp
2016-08-28 08:29 - 2016-06-20 18:07 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Samsung
2016-08-28 08:29 - 2016-06-19 14:32 - 00000000 ____D C:\ProgramData\Samsung
2016-08-22 21:16 - 2016-08-02 19:50 - 00002413 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-22 21:16 - 2016-08-02 19:50 - 00000000 ___RD C:\Users\Admin\OneDrive
2016-08-21 21:27 - 2016-06-20 18:00 - 00000000 ____D C:\Users\Public\Documents\RSupport
2016-08-18 20:46 - 2015-11-17 20:04 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-08-18 20:46 - 2014-09-29 12:01 - 00002020 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

==================== Files in the root of some directories =======

2015-09-04 17:02 - 2015-09-04 17:02 - 0000098 _____ () C:\Users\Admin\AppData\Roaming\LauncherSettings_live.cfg
2015-09-04 17:03 - 2015-09-04 17:03 - 0000039 _____ () C:\Users\Admin\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-09-02 08:19 - 2014-09-02 08:19 - 0893239 _____ () C:\Users\Admin\AppData\Local\a.zip
2014-09-02 08:19 - 2014-09-02 08:19 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Admin\AppData\Local\BcsKtYcHW.dll
2015-02-10 20:37 - 2015-02-10 20:44 - 0000356 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\libeay32.dll
C:\Users\Admin\AppData\Local\Temp\msvcr120.dll
C:\Users\Admin\AppData\Local\Temp\rscagent.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Admin\AppData\Local\Temp\WebCompanionInstaller.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-11 22:20

==================== End of FRST.txt ============================

Here is the FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Ran by Admin (administrator) on UNIVERSE (13-09-2016 13:00:54)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Two Pilots) C:\WINDOWS\VPDAgent_x64.exe
(Lenovo.) C:\WINDOWS\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
() C:\WINDOWS\SysWOW64\spdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(LULU SOFTWARE LIMITED) C:\Program Files\Soda PDF 8\creator-ws.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Conexant Systems Inc.) C:\WINDOWS\System32\CxAudMsg64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(LULU Software Limited) C:\ProgramData\LULU Software\Soda PDF 8 Manager\Soda PDF 8\Soda Manager.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE
(Lenovo.) C:\WINDOWS\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WRCS) C:\Program Files (x86)\WRCS\vCarsNet\Main\vCars.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-03-22] (Adobe Systems Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-16] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo Group Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [136512 2008-03-14] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124240 2008-09-29] (McAfee, Inc.)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12120616 2016-07-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522704 2012-04-23] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104528 2013-02-26] (VMware, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25197248 2016-08-30] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2313408 2016-04-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-11] (Google Inc.)
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\Run: [Ad-Aware Search Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\BrowserDock.exe
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\Run: [Akamai NetSession Interface] => "C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\...\RunOnce: [Uninstall C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_5\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_5\amd64"
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-06-10]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2011-11-11]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{33049c0e-d7c7-47c3-a0aa-7ae8ddcbec90}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b8f29825-ff1d-45f4-ad37-3e74059fec3b}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.cnn.com/
HKU\S-1-5-21-758200000-2134975689-3807630707-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL =
SearchScopes: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> {5709AA32-C414-4E22-B24E-4B9E96692EF3} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS479
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll [2008-09-29] (McAfee, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2011-12-05] (Symantec Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-26] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll [2008-09-29] (McAfee, Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2011-12-05] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-26] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-758200000-2134975689-3807630707-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP13EP100-10026/webex/ieatgpc1.cab

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: Soda PDF 8 -> C:\Program Files (x86)\Soda PDF 8\np-previewer.dll [2016-08-12] (LULU SOFTWARE LIMITED)
FF Plugin HKU\S-1-5-21-758200000-2134975689-3807630707-1003: @citrixonline.com/appdetectorplugin -> C:\Users\Admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-758200000-2134975689-3807630707-1003: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Admin\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-11] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-04-25] (Cisco WebEx LLC)
FF HKLM\...\Firefox\Extensions: [soda_pdf_8_conv@sodapdf.com] - C:\Program Files\Soda PDF 8\resources\sodapdf8firefoxextension
FF Extension: (Soda PDF 8 Creator) - C:\Program Files\Soda PDF 8\resources\sodapdf8firefoxextension [2016-08-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2014-01-14] [not signed]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
CHR Extension: (Video Downloader professional) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-08-15]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-07]
CHR Extension: (Yahoo Partner) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol [2016-08-21]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-04-25]
CHR Extension: (Grammarly for Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14]
CHR Extension: (Yahoo Partner) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-08-21]
CHR Extension: (Game Tube Now Advertising) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odgnpeandakimjdonmjgepbapjbhadgb [2016-09-04]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-05]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2014-05-20] (Two Pilots) [File not signed]
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-22] (Dropbox, Inc.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [17920 2008-09-29] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2008-03-14] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [175072 2008-09-29] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [62800 2008-09-29] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [75656 2008-09-29] (McAfee, Inc.)
S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
S2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [26624 2015-07-14] (The Neat Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-09-18] ()
R2 Samsung Printer Dianostics Service; C:\Windows\SysWOW64\\spdsvc.exe [499000 2016-06-18] ()
S3 Soda PDF 8; C:\Program Files\Soda PDF 8\ws.exe [2263504 2016-08-12] (LULU SOFTWARE LIMITED)
S3 Soda PDF 8 CrashHandler; C:\Program Files\Soda PDF 8\crash-handler-ws.exe [920016 2016-08-12] (LULU SOFTWARE LIMITED)
R2 Soda PDF 8 Creator; C:\Program Files\Soda PDF 8\creator-ws.exe [733136 2016-08-12] (LULU SOFTWARE LIMITED)
R2 Soda PDF 8 Manager; C:\ProgramData\LULU Software\Soda PDF 8 Manager\Soda PDF 8\Soda Manager.exe [900120 2016-08-11] (LULU Software Limited)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255608 2016-04-21] (Synaptics Incorporated)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2011-12-05] (Symantec Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13242960 2013-02-26] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-06-27] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [96016 2008-09-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [118688 2008-09-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [465792 2008-09-29] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [75800 2008-09-29] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [82504 2008-09-29] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42664 2016-01-07] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 Tvti2c; C:\Windows\system32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [33360 2013-02-26] (VMware, Inc.)
R1 vrvd5; C:\Windows\system32\DRIVERS\vrvd5.sys [13344 2016-08-21] (Rsupport Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssas64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-13 12:57 - 2016-09-13 12:57 - 00001663 _____ C:\Users\Admin\Desktop\FRST64 - Shortcut.lnk
2016-09-13 12:57 - 2016-09-13 12:57 - 00000000 ____D C:\Users\Admin\Downloads\FRST-OlderVersion
2016-09-13 10:23 - 2016-09-13 10:23 - 22851472 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-09-13 10:14 - 2016-09-13 10:14 - 00001913 _____ C:\Users\Admin\Desktop\JRT.txt
2016-09-13 10:11 - 2016-09-13 10:11 - 01610560 _____ (Malwarebytes) C:\Users\Admin\Downloads\JRT.exe
2016-09-13 09:58 - 2016-09-13 10:03 - 00000000 ____D C:\AdwCleaner
2016-09-13 09:58 - 2016-09-13 09:58 - 03826240 _____ C:\Users\Admin\Downloads\AdwCleaner.exe
2016-09-08 22:26 - 2016-09-13 10:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-08 22:26 - 2016-09-13 10:24 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-08 22:26 - 2016-09-13 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-08 22:26 - 2016-09-13 10:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-08 22:26 - 2016-09-08 22:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-08 22:26 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-08 22:26 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-08 22:26 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-08 22:25 - 2016-09-08 22:25 - 22851472 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-08 18:58 - 2016-09-08 18:58 - 05198336 _____ (AVAST Software) C:\Users\Admin\Downloads\aswMBR.exe
2016-09-08 18:57 - 2016-09-13 10:21 - 00000000 ____D C:\Users\Admin\Desktop\ERRORS
2016-09-08 18:54 - 2016-09-08 18:55 - 00082960 _____ C:\Users\Admin\Downloads\Addition.txt
2016-09-08 18:53 - 2016-09-13 13:00 - 00036711 _____ C:\Users\Admin\Downloads\FRST.txt
2016-09-08 18:50 - 2016-09-13 13:00 - 00000000 ____D C:\FRST
2016-09-08 18:50 - 2016-09-13 12:57 - 02398720 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2016-09-08 07:01 - 2016-09-08 07:01 - 00151040 _____ C:\Users\Admin\Downloads\project-plan1-1.ppt
2016-09-08 01:14 - 2016-09-08 22:51 - 00000000 ____D C:\Users\Admin\Desktop\Popup virus
2016-09-08 00:26 - 2016-09-08 00:26 - 00001007 _____ C:\Users\Admin\Desktop\SpybotPortable - Shortcut.lnk
2016-09-07 23:42 - 2016-09-08 00:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-07 23:42 - 2016-09-07 23:42 - 00000000 ____D C:\Users\Admin\Documents\ProcAlyzer Dumps
2016-09-07 23:28 - 2016-09-07 23:28 - 00000000 ____D C:\ProgramData\Symantec Shared
2016-09-07 23:28 - 2012-05-18 19:56 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capicom.dll
2016-09-07 23:28 - 2007-03-21 20:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71.DLL
2016-09-07 23:28 - 2007-03-21 20:33 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCP71.DLL
2016-09-07 23:28 - 2007-03-21 20:33 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCR71.DLL
2016-09-07 23:26 - 2016-09-07 23:36 - 00000000 ____D C:\ProgramData\Symantec
2016-09-07 23:25 - 2016-09-07 23:26 - 00000000 ____D C:\Users\Admin\Desktop\Symantec_Endpoint_Protection_12.1.6_MP5_Part1_Trialware_EN
2016-09-07 23:23 - 2016-09-07 23:23 - 10467568 _____ (Akamai Technologies, Inc.) C:\Users\Admin\Downloads\installer.exe
2016-09-07 23:12 - 2016-09-07 23:13 - 119710544 _____ (PortableApps.com) C:\Users\Admin\Downloads\SpybotPortable_2.5.paf (2).exe
2016-09-07 23:08 - 2016-09-07 23:08 - 119710544 _____ (PortableApps.com) C:\Users\Admin\Downloads\SpybotPortable_2.5.paf (1).exe
2016-09-07 22:57 - 2016-09-07 22:57 - 00020375 _____ C:\Users\Admin\Downloads\Calendar-triumph09.ics
2016-09-07 10:06 - 2016-09-07 10:06 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-07 10:03 - 2016-09-07 23:42 - 00000000 ____D C:\Users\Admin\Downloads\SpybotPortable
2016-09-07 10:02 - 2016-09-07 10:03 - 119710544 _____ (PortableApps.com) C:\Users\Admin\Downloads\SpybotPortable_2.5.paf.exe
2016-09-07 09:11 - 2016-09-07 09:10 - 00349270 _____ C:\Users\Admin\Downloads\adblock.zip
2016-09-07 08:44 - 2016-09-07 08:44 - 00087105 _____ C:\Users\Admin\Desktop\ID.pdf
2016-09-07 08:40 - 2016-09-07 08:40 - 00797077 _____ C:\Users\Admin\Desktop\Marriage LICENSE.pdf
2016-09-06 21:33 - 2016-09-06 21:33 - 06832128 _____ C:\Users\Admin\Downloads\protists-and-fungi.ppt
2016-09-02 19:38 - 2016-09-02 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-31 21:46 - 2016-08-31 21:46 - 00336272 _____ C:\Users\Admin\Downloads\Radians and Reference Angles.pdf
2016-08-29 13:52 - 2016-09-05 17:06 - 00000000 ____D C:\Users\Admin\Desktop\Auto Karma Buyers
2016-08-22 21:16 - 2016-08-22 21:16 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-22 21:15 - 2016-08-22 21:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2016-08-21 21:10 - 2016-08-21 21:27 - 00000000 ____D C:\Program Files (x86)\Rsupport
2016-08-21 21:10 - 2016-08-21 21:10 - 00070688 _____ (Rsupport Corporation) C:\WINDOWS\system32\vrvd5.dll
2016-08-21 21:10 - 2016-08-21 21:10 - 00013344 _____ (Rsupport Corporation) C:\WINDOWS\system32\Drivers\vrvd5.sys
2016-08-19 22:38 - 2016-08-19 22:38 - 00000000 ____D C:\Users\Admin\AppData\Local\DeadByDaylight
2016-08-19 22:37 - 2016-08-19 22:37 - 00332024 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-08-19 22:37 - 2016-08-19 22:37 - 00000000 ____D C:\Users\Admin\AppData\Local\UnrealEngine
2016-08-19 16:24 - 2016-08-19 16:24 - 00629892 _____ C:\Users\Admin\Downloads\BIOL1111 syllabus - Fall 2016PACEJuly272016.pdf
2016-08-19 16:17 - 2016-08-19 16:17 - 00194545 _____ C:\Users\Admin\Downloads\Bio1111labonlinesyllabusFa2016.pdf
2016-08-18 20:46 - 2016-08-18 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-08-18 19:28 - 2016-08-18 19:28 - 03536384 _____ C:\Users\Admin\Downloads\scientificmethodpowerpointreviewlesson.ppt
2016-08-18 06:55 - 2016-08-18 06:55 - 00363145 _____ C:\Users\Admin\Desktop\Employee Withholding.pdf
2016-08-17 18:20 - 2016-08-17 18:20 - 00069169 _____ C:\Users\Admin\Downloads\104082 Cover Sheet .pdf
2016-08-17 18:12 - 2016-08-17 18:12 - 00101124 _____ C:\Users\Admin\Downloads\104082 POA 2 pages .pdf
2016-08-16 13:00 - 2016-08-16 13:00 - 01391610 _____ C:\Users\Admin\Downloads\152955.pdf
2016-08-16 13:00 - 2016-08-16 13:00 - 01391610 _____ C:\Users\Admin\Desktop\3183 Nectarine.pdf
2016-08-16 12:47 - 2016-08-16 12:47 - 01335136 _____ C:\Users\Admin\Downloads\SharpBuckhead@meetatroam.com_20160812_152955 (1).pdf
2016-08-16 12:24 - 2016-08-16 12:24 - 01335136 _____ C:\Users\Admin\Downloads\SharpBuckhead@meetatroam.com_20160812_152955.pdf
2016-08-16 11:58 - 2016-08-16 11:58 - 01982056 _____ C:\Users\Admin\Desktop\LLC Operating Agreement.pdf
2016-08-16 11:12 - 2016-08-16 11:12 - 00259738 _____ C:\Users\Admin\Downloads\operating-agreement1.pdf
2016-08-16 10:27 - 2016-08-16 10:27 - 01253927 _____ C:\Users\Admin\Desktop\ATC business license.pdf
2016-08-16 10:17 - 2016-08-16 10:17 - 01031841 _____ C:\Users\Admin\Desktop\Business License.pdf
2016-08-16 09:40 - 2016-08-16 09:40 - 00424156 _____ C:\Users\Admin\Desktop\Aj business license.pdf
2016-08-16 09:23 - 2016-08-16 09:23 - 00000000 ____D C:\ProgramData\LULU Software
2016-08-16 09:22 - 2016-08-16 10:26 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Soda PDF 8
2016-08-16 09:22 - 2016-08-16 09:55 - 00000000 ____D C:\Users\Admin\Documents\Soda PDF Files
2016-08-16 09:22 - 2016-08-16 09:45 - 00000000 ____D C:\ProgramData\Soda PDF 8
2016-08-16 09:22 - 2016-08-16 09:23 - 00000000 ____D C:\Program Files\Soda PDF 8
2016-08-16 09:22 - 2016-08-16 09:22 - 09576200 _____ (LULU Software Limited) C:\Users\Admin\Downloads\Soda_PDF_8_wc_Installer.exe
2016-08-16 09:22 - 2016-08-16 09:22 - 00000798 _____ C:\Users\Public\Desktop\Soda PDF 8.lnk
2016-08-16 09:22 - 2016-08-16 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF 8
2016-08-16 09:22 - 2016-08-16 09:22 - 00000000 ____D C:\Program Files (x86)\Soda PDF 8
2016-08-16 07:59 - 2016-08-16 09:47 - 00002553 _____ C:\Users\Admin\Desktop\AJ.pdf
2016-08-15 17:10 - 2016-08-15 17:10 - 03853176 _____ C:\Users\Admin\Downloads\Instagram (2).mp4
2016-08-15 17:10 - 2016-08-15 17:10 - 03853176 _____ C:\Users\Admin\Downloads\Instagram (1).mp4
2016-08-15 17:08 - 2016-08-15 17:08 - 03853176 _____ C:\Users\Admin\Downloads\Instagram.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-13 13:01 - 2012-04-10 10:03 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2016-09-13 12:35 - 2012-04-10 15:29 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-09-13 12:35 - 2011-11-11 11:10 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-13 12:33 - 2013-08-16 12:46 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-13 12:20 - 2015-04-22 12:01 - 00000556 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-758200000-2134975689-3807630707-1003.job
2016-09-13 12:14 - 2016-04-22 13:09 - 00000906 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-09-13 11:22 - 2015-06-29 22:10 - 00000652 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-758200000-2134975689-3807630707-1003.job
2016-09-13 11:05 - 2016-07-28 18:15 - 01019136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-13 11:05 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-13 11:01 - 2016-04-22 13:12 - 00000000 ___RD C:\Users\Admin\Dropbox
2016-09-13 11:00 - 2016-04-22 13:09 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-09-13 11:00 - 2011-11-11 11:10 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-13 10:58 - 2016-04-27 02:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-13 10:58 - 2013-02-13 16:05 - 00000000 ____D C:\ProgramData\VMware
2016-09-13 10:57 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-09-13 10:02 - 2015-07-19 08:18 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-09-12 17:36 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-12 17:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-09 19:49 - 2016-07-29 09:14 - 00000000 ____D C:\Users\Admin\AppData\Local\Packages
2016-09-08 23:37 - 2016-08-02 19:53 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2016-09-08 23:37 - 2016-08-02 19:53 - 00000000 ____D C:\WINDOWS\system32\NV
2016-09-08 01:22 - 2016-04-27 02:29 - 00366136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-08 00:30 - 2015-04-14 12:30 - 00000000 ____D C:\Users\Public\Documents\Neat ADF Scanner
2016-09-07 23:58 - 2015-04-14 19:22 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-09-07 23:38 - 2011-11-11 11:17 - 00000000 ____D C:\Program Files (x86)\Symantec
2016-09-07 10:09 - 2016-07-28 18:18 - 00000000 ____D C:\Users\Admin
2016-09-07 09:32 - 2014-10-11 19:29 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-09-03 11:28 - 2015-04-22 17:07 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Heroes and Generals
2016-09-03 11:07 - 2016-07-28 18:42 - 00003810 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-758200000-2134975689-3807630707-1003
2016-09-03 11:07 - 2016-07-28 18:42 - 00003714 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-758200000-2134975689-3807630707-1003
2016-09-02 20:06 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-09-02 20:06 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-02 19:38 - 2016-04-22 13:09 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-31 21:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-29 14:03 - 2016-04-25 09:04 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Temp
2016-08-28 08:29 - 2016-06-20 18:07 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Samsung
2016-08-28 08:29 - 2016-06-19 14:32 - 00000000 ____D C:\ProgramData\Samsung
2016-08-22 21:16 - 2016-08-02 19:50 - 00002413 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-22 21:16 - 2016-08-02 19:50 - 00000000 ___RD C:\Users\Admin\OneDrive
2016-08-21 21:27 - 2016-06-20 18:00 - 00000000 ____D C:\Users\Public\Documents\RSupport
2016-08-18 20:46 - 2015-11-17 20:04 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-08-18 20:46 - 2014-09-29 12:01 - 00002020 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

==================== Files in the root of some directories =======

2015-09-04 17:02 - 2015-09-04 17:02 - 0000098 _____ () C:\Users\Admin\AppData\Roaming\LauncherSettings_live.cfg
2015-09-04 17:03 - 2015-09-04 17:03 - 0000039 _____ () C:\Users\Admin\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-09-02 08:19 - 2014-09-02 08:19 - 0893239 _____ () C:\Users\Admin\AppData\Local\a.zip
2014-09-02 08:19 - 2014-09-02 08:19 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Admin\AppData\Local\BcsKtYcHW.dll
2015-02-10 20:37 - 2015-02-10 20:44 - 0000356 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\libeay32.dll
C:\Users\Admin\AppData\Local\Temp\msvcr120.dll
C:\Users\Admin\AppData\Local\Temp\rscagent.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Admin\AppData\Local\Temp\WebCompanionInstaller.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-11 22:20

==================== End of FRST.txt ============================



I then proceeded to the next instruction to download Emsisoft Emergency Kit. I didn't see the file EEK but I everything went as instructed and got the review report that is also attached. I hope these reports will help you to help me.

Kim

Juliet
2016-09-14, 00:05
I was only able to locate and remove the following file: CouponPrinterPlugin, PrintMyCouponAnywhere, RevTraxPrintMyCoupon. However, I was unable to find or locate Catalina Savings Printer and CouponBar.
At this time what didn't appear to be uninstalled looks to be gone.


You next instruction was regarding the Farbar. I was able to locate the file and cut and paste on my desktop. I think I followed and did what was instructed. However, when I got to this step, "Open *FRST/FRST64* and press the *> Fix <* button just once and wait.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply", I was not able to complete the process. Instead I got an error code and the box was closed as seen in the attachment.
A couple of things could had happened here.
1.) McAfee interfered. We can temporarily disable McAfee and run the same script again.
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

2.) We could attempt to run the same script in safe mode so that no other applications can interfere
https://support.microsoft.com/en-us/help/12376/windows-10-start-your-pc-in-safe-mode

3.) delete your current version of FRST, download one again with specific directions to be located on desktop, and attempt to run the script once more.
Right click on the Farbar Recovery Scan Tool icon on your desktop, select Delete.

- Save ALL Tools to your Desktop-

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Chrome/Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Firefox/Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Icons/IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/IE/Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

The above is to just run the previous script created.

~~~~~~~

Tell me whats happening on the computer now?

dealmaker
2016-09-15, 03:38
Hi Juliet,
Per your suggestion, I have disabled the Anti-Virus and have deleted the FRST file and have downloaded again. I tried to run the "FIX" again on the FRST application, but I was not able to run it and again got the Error code that I previously had. I am still getting the pop pages. It seems that all the pages that popped up are from an animated or kiddie games with the exception of one from the thersaurus and dictionary sites. I am also having difficulties getting to this site for the support due to the long lag getting to the site. Is there anyway that you or your team can do a teamviewer support and take over my computer and do whatever you need to do to get this problem resolve? It is getting really frustrated to the point of throwing my computer out the window. I think it is also starting to affect my printing. I am also attached the page. If I am printing something online that has 2 pages or more, the first will print out fine but anything after the second page will have the box of block on it but I do not have any other pages open. This only happens in Chrome and not in IE. I would prefer for someone to just take over my computer and see what the problem is....PLEASE PLEASE HELP!!!!

Thank you so much!

Kim

Juliet
2016-09-15, 13:32
At this time I have no idea what the lag would be caused from.

Is there anyway that you or your team can do a teamviewer
I'm sorry but this is something I do not do. By connecting to your computer, whatever infection you could possibly have on your machine might decide to take up residence on mine too.

For the printing problems, we might be able to blame Microsoft updates for this.


FYI...

Print functionality is broken after any of the MS16-098 security updates are installed
- https://support.microsoft.com/en-us/kb/3187022
Last Review: 08/30/2016 16:24:00 - Rev: 3.0
"Prerequisites: To apply this update, you must have April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) installed in Windows 8.1 or Windows Server 2012 R2.
Or, install Service Pack 1 for Windows 7 or Windows Server 2008 R2..."
___

Fix for print bug in MS16-098 for Win7 and 8.1 – not Win10
> http://www.infoworld.com/article/3112567/microsoft-windows/kb-3187022-fixes-ms16-098kb-3177725-but-not-for-windows-10.html
Aug 25, 2016 - "... Microsoft rolled out a fix to the bug and assigned a different KB number, KB 3187022:
'Print functionality is broken after any of the MS16-098 security updates are installed'
If you're running Windows 7, Win8.1, or WinRT, that patch should've appeared last night in your Windows Update queue. But here's the rub. Microsoft didn't release the fix for Windows 10 in any version. Instead, Win10 users are stuck with the bug... Vista users, it seems, aren't in the picture..."


https://forums.whatthetech.com/index.php?showtopic=130810#entry878799

~~~~~
Let's try resetting your browsers

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Backup Internet Explorer Favourites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)
http://i.imgur.com/U5NwUGc.png Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)
http://i.imgur.com/MMFS6Lg.png Backup Opera Bookmarks (http://www.howtogeek.com/136116/how-to-easily-back-up-and-migrate-your-browser-bookmarks/) (scroll down)

~~

Proceed with the reset once done.

http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Firefox: Reset Firefox (https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems)
http://i.imgur.com/U5NwUGc.png Chrome: Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)
http://i.imgur.com/MMFS6Lg.png Opera: How to perform a clean reinstall of Opera (http://my.opera.com/spadija/blog/2011/10/17/how-to-perform-a-really-clean-reinstall-of-opera)

~~~~~

Juliet
2016-09-15, 13:33
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit

Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit1_zps4613be8c.png


Please click by the introduction screen on the Next button to continue.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit2update_zpsf85fca28.png


Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png


When the update has finished, click on the Next button.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan_zps9b346fe7.png


Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png


When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.


There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.

For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.


The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.

Juliet
2016-09-28, 13:10
still need help?

Juliet
2016-10-02, 13:42
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.