Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sloooow computer [Closed]


  • This topic is locked This topic is locked

#1
reliable1pro1

reliable1pro1

    Member

  • Member
  • PipPip
  • 21 posts

Hello guys! Yall have helped me in the past and had me fixed right up both times. I need your help again. My computer has become extremely slow. It doesn't matter if I am browsing the internet or working in an office program. I am even having a hard time typing this. Virus maybe? Any help would be appreciated! Thank you! 


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

  • 0

#3
reliable1pro1

reliable1pro1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by Owner (administrator) on OWNER-PC (14-04-2016 12:20:17)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{2FE8C84E-679B-4AAA-B237-33AFB7FB7B42}\49.0.2623.112_chrome_installer.exe
(Google Inc.) C:\Windows\Temp\CR_4B585.tmp\setup.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\mcsync.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(Microsoft Corporation) C:\Windows\Temp\4791898D-B6DC-41F4-8B80-D37BB5836A95\DismHost.exe
Failed to access process -> McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-02] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1617920 2011-03-01] (Intel® Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-05-22] (Lenovo)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-05-22] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-12-06] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [873072 2016-02-29] (Webroot)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518456 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-09-13] (Citrix Systems, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\800\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-03] (Google Inc.)
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [241280 2013-09-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [Run] "C:\Users\Owner\AppData\Roaming\Microsoft\Windows\IEUpdate\certreq.exe"
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\MountPoints2: {01c4bb17-057c-11e3-a230-f0def1608c0e} - E:\KODAK_Camera_Setup_App.exe
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\MountPoints2: {46696002-a0a9-11e2-b564-f0def1608c0e} - E:\setup.exe -a
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\MountPoints2: {a4d624df-1c47-11e3-8381-f0def1608c0e} - G:\KODAK_Camera_Setup_App.exe
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2011-05-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-05-13]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-05-13]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-05-13]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-01-18]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-01-18]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-01-18]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk [2013-04-23]
ShortcutTarget: Windows Home Server.lnk -> C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-05-22]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-05-22]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-12-10]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 192.168.1.12  RELIABLESERVER  #Windows Home Server#
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C118721C-5867-4DFA-A9C3-5D7FB6D9521E}: [DhcpNameServer] 172.18.202.215 172.18.202.215
Tcpip\..\Interfaces\{D304EF73-4E91-448F-9774-546DC447B435}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-3258126484-446658152-3535686326-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3258126484-446658152-3535686326-1000 -> {5BC1AD09-818E-4EC5-817A-8EC48CBBEE9C} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=F1406DE1-33DF-458A-B144-95703F2F0703&apn_sauid=27BD68C9-03F1-4D84-BC1B-30EDB1E494ED
SearchScopes: HKU\S-1-5-21-3258126484-446658152-3535686326-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADRA_en
SearchScopes: HKU\S-1-5-21-3258126484-446658152-3535686326-1000 -> {7562F76B-5C4E-4B92-9C44-A24C1DAE1BF1} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-3258126484-446658152-3535686326-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-21] (Microsoft Corporation)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll [2010-12-13] (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: BrowserHelper Class -> {9A065C65-4EE7-4DDD-9918-F129089A894A} -> C:\Program Files\Windows Home Server\WHSDeskBands.dll [2011-01-10] (Microsoft Corporation)
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-05-13] (McAfee)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-21] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-05-13] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-06-02] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-21] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-11] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-05-13] (McAfee)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-21] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-05-13] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-02] (Webroot)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-03-31] (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-11] (Oracle Corporation)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll [2011-01-10] (Microsoft Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-05-13] (Webroot)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-05-13] (McAfee)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-03-31] (Ask)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-05-13] (Webroot)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-05-13] (McAfee)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-3258126484-446658152-3535686326-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-3258126484-446658152-3535686326-1000 -> No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} -  No File
Toolbar: HKU\S-1-5-21-3258126484-446658152-3535686326-1000 -> Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll [2011-01-10] (Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2014-12-06] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-13] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-12-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-12-03] (McAfee, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-02-25] (Best Buy)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-02-25] (Best Buy)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-09-13] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-06-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-06-11] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3258126484-446658152-3535686326-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-08-01] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension:  Online Accounts Extension  - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011-05-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-16] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.searchnu.com/406
CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406","hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\gcswf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\pdf.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Owner\AppData\Local\Roblox\Versions\version-7a404405e6f944e5\\NPRobloxProxy.dll => No File
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2013-06-11] [UpdateUrl: hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php] <==== ATTENTION
CHR Extension: (Give Me CRX) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\acpimoebmfjpfnbhjgdgiacjfebmmmci [2015-10-25]
CHR Extension: (McAfee SafeKey) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2015-10-25]
CHR Extension: (Rapport) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-10-25]
CHR Extension: (Chrome extension source viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpbeccnghkjeaalbbjmodiffmgedin [2015-10-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-07]
CHR Extension: (Webroot Password Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-04-13]
CHR HKU\S-1-5-21-3258126484-446658152-3535686326-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Owner\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2013-03-31]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2015-05-11]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.1.0.57.crx [2015-05-13]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-05-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
S2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2011-02-27] (Red Bend Ltd.) [File not signed]
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe [1709096 2016-03-14] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1037048 2016-03-15] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-06] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-12-06] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-12-06] (Intuit Inc.) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2266160 2016-03-03] (IBM Corp.)
S2 svcboot_vjuhbfbrr; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 svcboot_vjuhbfbrr; C:\windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
S2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [885248 2011-02-27] (Intel® Corporation) [File not signed]
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [873072 2016-02-29] (Webroot)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
S3 cricutexpression2; C:\Windows\System32\DRIVERS\cricutexpression2_x64.sys [70672 2011-12-16] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R1 RapportCerberus_1507082; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507082.sys [972896 2016-03-21] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [514336 2016-03-03] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [152320 2016-03-03] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [407168 2016-03-03] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [507424 2016-03-03] (IBM Corp.)
S2 RPakIO; no ImagePath
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot)
S3 wrUrlFlt; C:\windows\system32\DRIVERS\wrUrlFlt.sys [41040 2015-06-02] (Webroot)
U3 BcmSqlStartupSvc; no ImagePath
U2 CLKMSVC10_3A60B698; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 IAStorDataMgrSvc; no ImagePath
U2 iATAgentService; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
U2 nvUpdatusService; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerService; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SoftwareService; no ImagePath
U3 SQLWriter; no ImagePath
U0 SR; no ImagePath
U2 srservice; no ImagePath
U2 Stereo Service; no ImagePath
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-14 12:20 - 2016-04-14 12:31 - 00050222 _____ C:\Users\Owner\Desktop\FRST.txt
2016-04-14 12:19 - 2016-04-14 12:20 - 00000000 ____D C:\FRST
2016-04-14 12:19 - 2016-04-14 12:19 - 02375168 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-04-14 11:52 - 2016-04-14 11:52 - 00287136 _____ C:\windows\Minidump\041416-64022-01.dmp
2016-04-13 12:36 - 2016-04-13 12:36 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-04-13 12:32 - 2016-04-14 12:08 - 00003846 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-04-13 12:32 - 2016-04-13 12:32 - 00004020 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-03-21 10:55 - 2016-03-21 11:02 - 00003064 _____ C:\windows\System32\Tasks\McAfeeLogon

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-14 12:31 - 2013-03-01 23:20 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-04-14 12:21 - 2015-01-19 19:45 - 00000000 ____D C:\ProgramData\WRData
2016-04-14 12:20 - 2009-07-14 00:45 - 00028928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-14 12:20 - 2009-07-14 00:45 - 00028928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-14 12:11 - 2011-05-22 21:50 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-14 12:08 - 2011-05-22 21:50 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-14 12:07 - 2009-07-14 01:13 - 00786662 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-14 12:06 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-04-14 12:03 - 2011-05-22 21:40 - 00000000 ____D C:\ProgramData\VeriFace
2016-04-14 12:00 - 2009-07-14 01:32 - 00000000 ____D C:\windows\system32\FxsTmp
2016-04-14 11:57 - 2011-05-22 21:54 - 03392965 _____ C:\windows\system32\fastboot.set
2016-04-14 11:55 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-14 11:52 - 2011-08-16 14:16 - 00000000 ____D C:\windows\Minidump
2016-04-14 11:51 - 2011-08-16 14:16 - 1072553277 _____ C:\windows\MEMORY.DMP
2016-04-13 18:24 - 2011-05-22 21:36 - 00000000 ____D C:\ProgramData\McAfee
2016-04-13 12:37 - 2015-05-13 12:38 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-04-13 12:24 - 2015-07-27 13:31 - 00003344 _____ C:\windows\System32\Tasks\McAfee Remediation (Prepare)
2016-04-08 12:27 - 2013-03-01 23:20 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-04-08 12:26 - 2013-03-01 23:20 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 12:26 - 2011-12-22 11:07 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-29 03:01 - 2015-04-07 03:00 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-03-29 03:01 - 2015-04-07 03:00 - 00000000 ___SD C:\windows\system32\GWX
2016-03-28 21:16 - 2015-04-06 13:05 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-28 21:16 - 2011-05-22 21:51 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-28 16:37 - 2016-01-02 16:31 - 00000000 ____D C:\Users\Owner\Desktop\Hall 2016
2016-03-21 11:07 - 2015-05-13 12:51 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-21 10:52 - 2015-05-13 12:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-21 10:34 - 2013-09-13 03:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-03-21 10:26 - 2009-07-14 01:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2016-03-21 10:26 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-21 10:22 - 2009-07-14 00:45 - 00446392 _____ C:\windows\system32\FNTCACHE.DAT
2016-03-15 04:15 - 2014-12-10 04:29 - 00000000 ____D C:\windows\system32\appraiser
2016-03-15 03:42 - 2013-07-31 03:00 - 00000000 ____D C:\windows\system32\MRT
2016-03-15 03:04 - 2011-06-25 10:37 - 143659408 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2013-04-22 07:55 - 2013-04-22 07:55 - 0000464 _____ () C:\Program Files (x86)\Local Disk © - Shortcut.lnk
2015-05-11 17:45 - 2015-05-13 12:45 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-05-13 03:56 - 2015-05-13 03:56 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2013-11-19 12:45 - 2014-03-13 12:51 - 0002186 _____ () C:\Users\Owner\AppData\Roaming\FileDrTool.log
2011-07-22 18:20 - 2011-07-22 18:20 - 0033134 ____H () C:\Users\Owner\AppData\Roaming\UserTile.png
2012-07-05 21:37 - 2012-12-10 20:09 - 0064400 ____H () C:\ProgramData\sys001.log
2012-07-05 21:37 - 2012-12-10 20:09 - 0457560 ____H () C:\ProgramData\sys002.log
2012-07-12 20:07 - 2012-12-10 20:09 - 0022944 ____H () C:\ProgramData\sys003.log
2012-07-05 21:32 - 2012-12-10 20:09 - 0020845 ____H () C:\ProgramData\sys004.log
2012-10-18 14:45 - 2012-11-06 13:42 - 0013812 ____H () C:\ProgramData\sys005.log
2012-07-12 20:07 - 2012-12-10 20:09 - 0000088 ____H () C:\ProgramData\sys006.log
2012-07-05 21:57 - 2012-12-10 20:09 - 0004666 ____H () C:\ProgramData\sys007.log
2012-07-14 15:45 - 2012-12-10 20:09 - 0020899 ____H () C:\ProgramData\sys008.log
2012-07-05 21:37 - 2012-12-10 20:09 - 39713026 ____H () C:\ProgramData\sys011.log
2012-07-06 13:09 - 2012-12-10 20:09 - 0003932 ____H () C:\ProgramData\sys012.log
2012-07-05 21:37 - 2012-12-10 20:09 - 93646077 ____H () C:\ProgramData\sys013.log
2012-07-05 21:41 - 2012-12-10 20:09 - 0012483 ____H () C:\ProgramData\sys014.log
2012-07-05 21:37 - 2012-12-10 20:09 - 0000741 ____H () C:\ProgramData\sys016.log

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\0107491431535288mcinst.exe
C:\Users\Owner\AppData\Local\Temp\0296851431380537mcinst.exe
C:\Users\Owner\AppData\Local\Temp\dbfhide.exe
C:\Users\Owner\AppData\Local\Temp\dblgen11.dll
C:\Users\Owner\AppData\Local\Temp\dblib11.dll
C:\Users\Owner\AppData\Local\Temp\dbtool11.dll
C:\Users\Owner\AppData\Local\Temp\FsdRegistration.dll
C:\Users\Owner\AppData\Local\Temp\GDSBLMgr.dll
C:\Users\Owner\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Api.dll
C:\Users\Owner\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Common.dll
C:\Users\Owner\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
C:\Users\Owner\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\kuzvpp6d.dll
C:\Users\Owner\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Owner\AppData\Local\Temp\msvcp90.dll
C:\Users\Owner\AppData\Local\Temp\msvcr90.dll
C:\Users\Owner\AppData\Local\Temp\QBFirwal.dll
C:\Users\Owner\AppData\Local\Temp\qbinstal.dll
C:\Users\Owner\AppData\Local\Temp\QBNGEN.dll
C:\Users\Owner\AppData\Local\Temp\SMUnInstaller.dll
C:\Users\Owner\AppData\Local\Temp\StopQBServer.dll
C:\Users\Owner\AppData\Local\Temp\UtilDBSetup.dll
C:\Users\Owner\AppData\Local\Temp\WRupdate1735747214.exe
C:\Users\Owner\AppData\Local\Temp\WRupdate415071563.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-07 22:05

==================== End of FRST.txt ============================


  • 0

#4
reliable1pro1

reliable1pro1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Owner (2016-04-14 12:32:41)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-06-25 09:23:11)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3258126484-446658152-3535686326-500 - Administrator - Disabled)
Guest (S-1-5-21-3258126484-446658152-3535686326-501 - Limited - Enabled)
Owner (S-1-5-21-3258126484-446658152-3535686326-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Disabled - Out of date) {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Anti-Virus (Disabled) {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACH Origination Application (x32 Version: 19.41.0.3 - Fiserv) Hidden
Active Protection System (HKLM-x32\...\{F493761C-E465-4B9E-9FC1-A312F161DE0A}) (Version: 1.70.11 - Lenovo)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.23.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.36191 - Ask.com) <==== ATTENTION
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BioExcess (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 7.0.67.0 - Egis Technology Inc.)
BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.100.10 - Citrix Systems, Inc.)
Convergence Training Viewer (HKLM-x32\...\ConvergenceTrainingViewer) (Version:  - Capstone Technology)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3623 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DataLinkII (x32 Version: 3.8.6 - CSI) Hidden
DataLinkII (x32 Version: 4.1.1 - CSI) Hidden
DebugMode Wax 2.0 (HKLM-x32\...\DebugMode Wax 2.0) (Version:  - )
EgisTec ES603 WDM Driver (HKLM-x32\...\InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}) (Version: 3.0.10.4 - Egis Technology Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
ES603 WDM Driver (x32 Version: 3.0.10.4 - Egis Technology Inc.) Hidden
FinalData Premium 2.0 Demo (HKLM-x32\...\FinalData Premium 2.0 Demo) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.0.0.800 - Citrix Online, a division of Citrix Systems, Inc.)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{D5510D28-D0E4-433E-A0F3-EE3FCECA60D2}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{AF162E20-417F-4946-A06D-65734984957F}) (Version: 14.00.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{18A6B663-A646-457B-A314-5CF58AECB06A}) (Version: 6.02.1000 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
join.me (HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\JoinMe) (Version: 1.12.3.173 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0209.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo Security Suite (HKLM-x32\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.11.0 - Lenovo)
Lenovo Security Suite (x32 Version: 2.0.11.0 - Lenovo) Hidden
LogWorks3 (HKLM-x32\...\LogWorks3) (Version: 3.07 - Innovate! Technologies)
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 14.0.6136 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\safekey) (Version: 2.2.3 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSD GraphView 3.19 (HKLM-x32\...\MSD GraphView 3.19) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MTS SDK (HKLM-x32\...\MTS SDK) (Version: 1.1 - Innovate! Technologies)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.3.100.10 - Citrix Systems, Inc.) Hidden
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
Port Locker (HKLM-x32\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.24 - Egis Technology Inc.)
Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickBooks (x32 Version: 25.0.4005.2506 - Intuit Inc.) Hidden
QuickBooks File Doctor (HKLM-x32\...\{45780E89-7B52-4E92-A9DC-1172EF556708}) (Version: 3.6 - Intuit)
QuickBooks Pro 2015 (HKLM-x32\...\{8F02EFA1-8F5E-4E47-A6B5-D99E4FE90271}) (Version: 25.0.4005.2506 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RacePak DataLinkII (HKLM-x32\...\{BF6221DC-9AC0-453E-A9EA-3D97AD11C6DE}) (Version: 3.0.3 - CSI)
Rapport (x32 Version: 3.5.1507.113 - Trusteer) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
Self-service Plug-in (x32 Version: 4.3.100.10167 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 29.6.93090 - Sonos, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
Tax Forms Helper 2011 10.0 (HKLM-x32\...\Tax Forms Helper 2011_is1) (Version:  - )
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.113 - Trusteer)
Unity Web Player (HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.8.72 - Webroot)
Windows Driver Package - Innovate Motorsports Innovate USB Driver (10/12/2009 1.4.1.0) (HKLM\...\73FC7E42C8F05A3B5235FB18804B1F5C84709230) (Version: 10/12/2009 1.4.1.0 - Innovate Motorsports)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Driver Package - Racepak CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\A0F2BE8E586483B9E7911A129ACB17C643150F9F) (Version: 10/22/2009 2.06.00 - Racepak)
Windows Driver Package - Racepak CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\E6F01C490193611E782324742497511F9FDFB132) (Version: 10/22/2009 2.06.00 - Racepak)
Windows Home Server Connector (HKLM\...\{21E49794-7C13-4E84-8659-55BD378267D5}) (Version: 6.0.3436.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2B214541-3B3E-4CAD-BE89-F73FB3864F95} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {2F973D0D-0DE8-4051-8DC1-1A392A1F0EA3} - System32\Tasks\HP Officejet 6500 E710n-z.exe => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HP Officejet 6500 E710n-z.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {4A1B41B8-EDFD-4982-AD68-ED9049D27449} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTION
Task: {73D2146E-5FC4-4D58-8021-02A232A9DC0D} - System32\Tasks\{E67D6CD9-927A-4502-93F7-653F879D2C52} => C:\Program Files (x86)\Spytech Software\Spytech SpyAgent\sysdiag.exe
Task: {7CDA1C7B-92B5-4FBD-87EE-A633CF9EB32F} - System32\Tasks\{066572FC-0399-4A4B-B715-316820603994} => C:\Program Files (x86)\Spytech Software\Spytech SpyAgent\sysdiag.exe
Task: {7F964070-56BC-4B8B-9339-60846F336AB7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {854CE8BE-DD47-4937-98B5-B7E62538E92E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {8B79E0C1-8B5D-4F86-9208-9913BED91F07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {93E5AAC9-4E6E-4334-8438-96F476C45F6F} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {9573D74C-0705-4128-A8D7-5AD90C0B22B5} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-24] (McAfee, Inc.)
Task: {9682EC5A-855B-4D50-9A05-D41FF465CB0C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {B1B2B0C7-F580-4D5D-84EA-AEA78419D030} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24] (CyberLink)
Task: {BBBA515F-0BA9-444B-A6BF-EFBFBBE78003} - System32\Tasks\{C92C2563-CCD4-4BD8-A6C2-955C372168C5} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {BF5CFB87-A634-4EA7-9E99-1B35A50CD96F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-21] (Microsoft Corporation)
Task: {C364E95A-3EFC-470B-B73F-2A199CE71650} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.)
Task: {C3E2D9EC-8151-440C-97FD-3B20E2A9E2C3} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {CB47C5B2-CEEA-4F78-B24A-EF74C03752B6} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-24] (McAfee, Inc.)
Task: {DF63AFEB-6917-476D-B5CD-7D2655F29694} - System32\Tasks\{4BBB96A6-A46B-40B9-B2D0-382C7CC05105} => C:\Program Files (x86)\Spytech Software\Spytech SpyAgent\sysdiag.exe
Task: {E7BF9850-CD55-4312-8970-9A197CC67DB6} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)
Task: {E9DFE395-79BE-4330-9375-41CCCAEC2EB2} - System32\Tasks\{F24DC5A5-BF72-4A79-990B-791709378DA1} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8A63Q02Z\Setup_QuickBooksPro2015.exe" -d C:\Users\Owner\Desktop
Task: {ED09AF51-E803-4E62-A87A-7E7FF2E48612} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F8425395-6BBA-4A8C-A467-CD7FFB1D65E5} - System32\Tasks\{7940684C-4B37-4B6F-BC9B-693035A77ECC} => C:\Program Files (x86)\Spytech Software\Spytech SpyAgent\sysdiag.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-12-17 15:19 - 2011-02-28 18:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll
2015-10-30 03:28 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-05-22 21:40 - 2011-05-22 21:40 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2011-05-22 21:40 - 2011-05-22 21:40 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2009-01-21 12:45 - 2009-01-21 12:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec BioExcess\x64\LIBEAY32.dll
2015-05-13 12:48 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-11-02 08:58 - 2010-11-02 08:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-11-02 08:58 - 2010-11-02 08:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-04-15 01:28 - 2011-03-25 05:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-21 16:02 - 2015-07-21 16:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2011-05-22 21:40 - 2011-05-22 21:40 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2014-12-06 20:12 - 2014-12-06 20:12 - 00630784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\boost_regex-vc120-mt-1_55.dll
2014-12-06 23:32 - 2014-12-06 23:32 - 00031560 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QBCompressor.dll
2014-12-06 20:14 - 2014-12-06 20:14 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\zlib1.dll
2014-12-06 23:32 - 2014-12-06 23:32 - 00099144 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QBMAPILibrary.dll
2014-12-06 23:31 - 2014-12-06 23:31 - 00245576 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\boost_serialization-vc120-mt-1_55.dll
2014-12-06 23:32 - 2014-12-06 23:32 - 00655688 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\FtuEngine.dll
2014-12-06 23:31 - 2014-12-06 23:31 - 00687432 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\BackupLib.dll
2014-12-06 23:33 - 2014-12-06 23:33 - 00085832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QBProActiveCore.dll
2014-12-06 20:11 - 2014-12-06 20:11 - 38715904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\libcef.dll
2014-12-06 23:32 - 2014-12-06 23:32 - 00890184 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\FeaturesBridge.dll
2014-12-06 23:32 - 2014-12-06 23:32 - 00067400 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\mbpopup.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:6A3BA499 [144]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\cbtonline.com -> hxxps://www.cbtonline.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-01-19 18:52 - 00000875 ____A C:\windows\system32\Drivers\etc\hosts

192.168.1.12  RELIABLESERVER  #Windows Home Server#

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3258126484-446658152-3535686326-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Energy Management => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
MSCONFIG\startupreg: EnergyUtility => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D6D00F76-471A-48F7-9DB4-993866299D49}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F4F7E888-4078-47B0-8097-8AFA399A8D84}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{C28CB9A1-0654-4CEF-9D02-CB3D5587BF6E}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{9B665793-5F42-411C-B0D6-4526ACAAD576}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{90CA949A-142E-454C-8666-2F43B3BF4903}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{F9C2565E-A35F-4FCB-8AED-227C374358DB}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{4373FED3-FBC4-4E4E-B40E-9A98B505032A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1579BB9F-A227-4F3B-B278-797A43ECEE83}] => (Allow) LPort=2869
FirewallRules: [{501987DF-D2E9-4674-AA46-87EED573FD08}] => (Allow) LPort=1900
FirewallRules: [{97E38C1D-4316-4703-8A10-9113EF158AB5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{20786F77-2EA6-41F0-93C8-0D5CF145369F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{F829E28C-6110-4FAC-831C-2BB0D97164F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{27822FD8-66D1-471E-B866-F9194C96CE7E}C:\program files (x86)\java\jre1.6.0_03\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_03\bin\javaw.exe
FirewallRules: [UDP Query User{0B55A5F2-5A79-4843-A17F-69FEF3427558}C:\program files (x86)\java\jre1.6.0_03\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_03\bin\javaw.exe
FirewallRules: [TCP Query User{F324DC55-73D7-4E22-BDC3-23F80F7A43AD}C:\program files (x86)\java\jre1.6.0_03\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_03\bin\javaw.exe
FirewallRules: [UDP Query User{34F5DEBB-8474-4CE0-88DF-FE96349DB2C7}C:\program files (x86)\java\jre1.6.0_03\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_03\bin\javaw.exe
FirewallRules: [{56CB2EDD-EE51-45DB-8BEC-33AF2F52F837}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{71C0AA73-25CF-41AB-B3A3-8883928C6550}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C82F8B36-621A-4F0A-B535-DCBEAE81095A}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{66DC8271-F619-49FA-A91F-DAEC477A50F1}] => (Allow) C:\Users\Owner\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{3F1952B3-4856-4B8A-A10B-F4584456A119}C:\program files (x86)\cricut-craftroom\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craftroom\ccrbridge.exe
FirewallRules: [UDP Query User{CEEA7A27-9824-4150-B8A3-1A59CBEEEFB2}C:\program files (x86)\cricut-craftroom\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craftroom\ccrbridge.exe
FirewallRules: [TCP Query User{60DA304D-6DA3-4077-A6EF-7C295CCE17A4}C:\program files (x86)\cricut-craftroom\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craftroom\ccrbridge.exe
FirewallRules: [UDP Query User{D29F6660-C339-45DE-8841-E07146B2F542}C:\program files (x86)\cricut-craftroom\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craftroom\ccrbridge.exe
FirewallRules: [TCP Query User{7B8918ED-DACE-4C25-966F-6B92F080A406}C:\program files (x86)\cricutsync\bridge.exe] => (Allow) C:\program files (x86)\cricutsync\bridge.exe
FirewallRules: [UDP Query User{3CE5862E-2D1F-44EA-9F45-02049A60D717}C:\program files (x86)\cricutsync\bridge.exe] => (Allow) C:\program files (x86)\cricutsync\bridge.exe
FirewallRules: [{2F1FFFEE-3C5B-467F-9E2D-C21B7B4E844E}] => (Allow) C:\Program Files (x86)\CricutSync\CricutSync.exe
FirewallRules: [{718834CD-D4DF-4AE9-B75E-25780F7E18E5}] => (Allow) C:\Program Files (x86)\CricutSync\CricutSync.exe
FirewallRules: [{37A3CC69-99BA-4BE8-B3D8-C9DCA58BC159}] => (Allow) C:\Program Files (x86)\CricutSync\CricutSync.exe
FirewallRules: [{DA70A036-4045-4538-BC53-A05F81994F0A}] => (Allow) C:\Program Files (x86)\CricutSync\CricutSync.exe

==================== Restore Points =========================

27-02-2016 04:32:06 Installed Rapport
08-03-2016 12:10:10 Scheduled Checkpoint
15-03-2016 03:01:35 Windows Update
21-03-2016 10:27:03 Installed Rapport
29-03-2016 03:00:37 Windows Update
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2016 12:00:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2016 12:38:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15616

Error: (04/13/2016 12:38:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15616

Error: (04/13/2016 12:38:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/13/2016 12:29:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 5.0.6060.0, time stamp: 0x563809af
Faulting module name: msksrvr.dll_unloaded, version: 0.0.0.0, time stamp: 0x56209655
Exception code: 0xc0000005
Fault offset: 0x000007fef545576b
Faulting process id: 0x4ac
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (04/13/2016 11:43:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SoftwareUpdate.exe version 2.1.3.127 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 21a4

Start Time: 01d18e0bcf686ea7

Termination Time: 3854

Application Path: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

Report Id: 65510c32-018e-11e6-8b9b-f0def1608c0e

Error: (04/10/2016 04:02:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6396

Error: (04/10/2016 04:02:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6396

Error: (04/10/2016 04:02:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/08/2016 12:28:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7239

System errors:
=============
Error: (04/14/2016 12:28:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee CSP Service service failed to start due to the following error:
%%1053

Error: (04/14/2016 12:28:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee CSP Service service to connect.

Error: (04/14/2016 12:28:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee CSP Service service failed to start due to the following error:
%%1053

Error: (04/14/2016 12:28:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee CSP Service service to connect.

Error: (04/14/2016 12:27:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee CSP Service service failed to start due to the following error:
%%1053

Error: (04/14/2016 12:27:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee CSP Service service to connect.

Error: (04/14/2016 12:27:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee CSP Service service failed to start due to the following error:
%%1053

Error: (04/14/2016 12:27:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee CSP Service service to connect.

Error: (04/14/2016 12:26:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee CSP Service service failed to start due to the following error:
%%1053

Error: (04/14/2016 12:26:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee CSP Service service to connect.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 56%
Total physical RAM: 6058.17 MB
Available physical RAM: 2647.61 MB
Total Virtual: 12114.55 MB
Available Virtual: 8952.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:552.22 GB) (Free:433.31 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: C1AF6DC7)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=552.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End of Addition.txt ============================


  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello, let's get started. :)


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls and Chrome Extension Removals

Please uninstall the following programs from your machine as they are adware/malware related. If one of the programs fails to uninstall, please move on to the next one in the list.
  • Ask Toolbar
  • Ask Toolbar Updater
Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Ask.com
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\MountPoints2: {01c4bb17-057c-11e3-a230-f0def1608c0e} - E:\KODAK_Camera_Setup_App.exe
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\MountPoints2: {46696002-a0a9-11e2-b564-f0def1608c0e} - E:\setup.exe -a
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\MountPoints2: {a4d624df-1c47-11e3-8381-f0def1608c0e} - G:\KODAK_Camera_Setup_App.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-3258126484-446658152-3535686326-1000 -> {5BC1AD09-818E-4EC5-817A-8EC48CBBEE9C} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=F1406DE1-33DF-458A-B144-95703F2F0703&apn_sauid=27BD68C9-03F1-4D84-BC1B-30EDB1E494ED
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-03-31] (Ask)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-03-31] (Ask)
Toolbar: HKU\S-1-5-21-3258126484-446658152-3535686326-1000 -> No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] => not found
CHR HomePage: Default -> hxxp://www.searchnu.com/406
CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406","hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\gcswf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\pdf.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll => No File
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Owner\AppData\Local\Roblox\Versions\version-7a404405e6f944e5\\NPRobloxProxy.dll => No File
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Owner\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2013-03-31]
S2 RPakIO; no ImagePath
U3 BcmSqlStartupSvc; no ImagePath
U2 CLKMSVC10_3A60B698; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 IAStorDataMgrSvc; no ImagePath
U2 iATAgentService; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
U2 nvUpdatusService; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerService; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SoftwareService; no ImagePath
U3 SQLWriter; no ImagePath
U0 SR; no ImagePath
U2 srservice; no ImagePath
U2 Stereo Service; no ImagePath
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]
Task: {4A1B41B8-EDFD-4982-AD68-ED9049D27449} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

junkware-removal-tool_zpspjolgpuh.png Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\Adwcleaner
Step 5: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

  • 0

#6
reliable1pro1

reliable1pro1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Owner (2016-04-14 20:32:22) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Ask.com
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\MountPoints2: {01c4bb17-057c-11e3-a230-f0def1608c0e} - E:\KODAK_Camera_Setup_App.exe
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\MountPoints2: {46696002-a0a9-11e2-b564-f0def1608c0e} - E:\setup.exe -a
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\MountPoints2: {a4d624df-1c47-11e3-8381-f0def1608c0e} - G:\KODAK_Camera_Setup_App.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-3258126484-446658152-3535686326-1000 -> {5BC1AD09-818E-4EC5-817A-8EC48CBBEE9C} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=F1406DE1-33DF-458A-B144-95703F2F0703&apn_sauid=27BD68C9-03F1-4D84-BC1B-30EDB1E494ED
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-03-31] (Ask)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-03-31] (Ask)
Toolbar: HKU\S-1-5-21-3258126484-446658152-3535686326-1000 -> No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] => not found
CHR HomePage: Default -> hxxp://www.searchnu.com/406
CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406","hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\gcswf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\pdf.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll => No File
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Owner\AppData\Local\Roblox\Versions\version-7a404405e6f944e5\\NPRobloxProxy.dll => No File
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Owner\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2013-03-31]
S2 RPakIO; no ImagePath
U3 BcmSqlStartupSvc; no ImagePath
U2 CLKMSVC10_3A60B698; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 IAStorDataMgrSvc; no ImagePath
U2 iATAgentService; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
U2 nvUpdatusService; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerService; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SoftwareService; no ImagePath
U3 SQLWriter; no ImagePath
U0 SR; no ImagePath
U2 srservice; no ImagePath
U2 Stereo Service; no ImagePath
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]
Task: {4A1B41B8-EDFD-4982-AD68-ED9049D27449} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe => No running process found
"C:\Program Files (x86)\Ask.com" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => value not found.
"HKU\S-1-5-21-3258126484-446658152-3535686326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01c4bb17-057c-11e3-a230-f0def1608c0e}" => key removed successfully
HKCR\CLSID\{01c4bb17-057c-11e3-a230-f0def1608c0e} => key not found.
"HKU\S-1-5-21-3258126484-446658152-3535686326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46696002-a0a9-11e2-b564-f0def1608c0e}" => key removed successfully
HKCR\CLSID\{46696002-a0a9-11e2-b564-f0def1608c0e} => key not found.
"HKU\S-1-5-21-3258126484-446658152-3535686326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d624df-1c47-11e3-8381-f0def1608c0e}" => key removed successfully
HKCR\CLSID\{a4d624df-1c47-11e3-8381-f0def1608c0e} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.
"HKU\S-1-5-21-3258126484-446658152-3535686326-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BC1AD09-818E-4EC5-817A-8EC48CBBEE9C}" => key removed successfully
HKCR\CLSID\{5BC1AD09-818E-4EC5-817A-8EC48CBBEE9C} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value not found.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F92A9FE4-2850-4198-B9D5-279880E49B16} => value removed successfully
HKCR\CLSID\{F92A9FE4-2850-4198-B9D5-279880E49B16} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\gcswf32.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\pdf.dll => not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll => not found.
C:\Users\Owner\AppData\Local\Roblox\Versions\version-7a404405e6f944e5\\NPRobloxProxy.dll => not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo => key not found.
"C:\Users\Owner\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx" => not found.
RPakIO => service removed successfully
BcmSqlStartupSvc => service removed successfully
CLKMSVC10_3A60B698 => service removed successfully
CLKMSVC10_C3B3B687 => service removed successfully
DriverService => service removed successfully
IAStorDataMgrSvc => service removed successfully
iATAgentService => service removed successfully
idealife Update Service => service removed successfully
IGRS => service removed successfully
IviRegMgr => service removed successfully
nvUpdatusService => service removed successfully
Oasis2Service => service removed successfully
PCCarerService => service removed successfully
ReadyComm.DirectRouter => service removed successfully
RichVideo => service removed successfully
RtLedService => service removed successfully
SoftwareService => service removed successfully
SQLWriter => service removed successfully
SR => service removed successfully
srservice => service removed successfully
Stereo Service => service removed successfully
X5XSEx => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A1B41B8-EDFD-4982-AD68-ED9049D27449} => key not found.
C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => key not found.
"HKU\.DEFAULT\Software\Classes\exefile" => key removed successfully
"HKU\.DEFAULT\Software\Classes\.exe" => key removed successfully
HKU\.DEFAULT\Software\Classes\exefile => key not found.
"HKU\S-1-5-19\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-19\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-19\Software\Classes\exefile => key not found.
"HKU\S-1-5-20\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-20\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-20\Software\Classes\exefile => key not found.
"HKU\S-1-5-21-3258126484-446658152-3535686326-1000\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-3258126484-446658152-3535686326-1000\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\Software\Classes\exefile => key not found.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {A70DBD8B-9224-4554-933E-556B76D3810A}.
Unable to cancel {A68B3449-BB77-4BE4-8FF6-04886C209BBC}.
Unable to cancel {793BEBF6-B598-44C3-AB64-CC4255D2B26E}.
Unable to cancel {F85237C9-1640-470A-93F3-6DBA41A7E959}.
Unable to cancel {A6120510-4965-4661-BE7F-1C53DCD72A75}.
Unable to cancel {D588DBB6-3115-46BB-8238-6ED67B9DF981}.
Unable to cancel {8B1C7E45-1A26-4AEC-A297-31E890ECB9D2}.
Unable to cancel {E10B5D2E-E020-4FA9-B4EE-1A80379C52BD}.
Unable to cancel {052D5032-B103-4DFD-AACF-28B9AC32C7E6}.
Unable to cancel {89F4A428-85C5-4292-BD0B-0DD16BC49EA9}.
Unable to cancel {8342AFFE-B721-431B-8FF5-986AEEE0E409}.
Unable to cancel {A97AAFBA-D491-4EB1-A292-E103B3E24649}.
0 out of 12 jobs canceled.

========= End of CMD: =========

=========  netsh advfirewall reset =========

An error occurred while attempting to contact the  Windows Firewall service. Make sure that the service is running and try your request again.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

An error occurred while attempting to contact the  Windows Firewall service. Make sure that the service is running and try your request again.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 3 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 21:35:35 ====


  • 0

#7
reliable1pro1

reliable1pro1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Home Premium x64
Ran by Owner (Administrator) on Thu 04/14/2016 at 21:50:19.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 306

Failed to delete: C:\ProgramData\best buy pc app (Folder)
Successfully deleted: C:\ProgramData\ask (Folder)
Successfully deleted: C:\ProgramData\partner (Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{01D53A82-78B6-4603-A881-AC5B8AD54AF8} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{02957582-1236-49E3-8887-C11115E00B4B} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{04A7B164-581C-4CE6-94D1-45CB446196A3} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{04ABFAEB-4D0E-491C-9126-9576F1B67BB4} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{04E5C590-AB50-428F-9B15-1E477256CF9F} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{05FDEC23-086C-4416-9D92-DD1D972C164C} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{06114543-E38F-457F-A16A-662BE84532EA} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{073FAA0E-E451-4A7D-AB43-7FA4D6F69AE2} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{0A0B1C18-51F3-4A17-84DD-486836CE6CD1} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{0A905A67-CC56-4687-A011-2C8DE373C81A} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{0B5F1EB7-C4A2-42E7-81CF-0387A0E8CE8B} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{0E317139-8241-406F-8419-6758A7C53FDF} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{0F864686-C7DC-4C43-8EB4-819A90B242AE} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{0FA20534-2D5F-405C-BB43-4451BE93151F} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{1073B5EC-B0A3-4855-8C3D-C2EE05B496A6} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{136AD86A-C517-4892-9317-537D349AAD46} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{13E41B6D-DBF4-4D60-8E13-558514FC17B9} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{13E61E92-B17E-41E9-86A6-75C19EC4A7F7} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{13EB2245-A73B-457F-96F0-FBD5EAE32A0B} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{1572BE71-558D-4BFE-8913-B1D921B0599F} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{15B978A3-D2BA-43B8-8E24-FF82E57CA79A} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{1601E5EA-F95A-4D93-965C-E00CED04ABAB} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{179734EC-40F1-4379-B0D3-F1BD23B032AC} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{19362CAF-854C-486F-929E-92CC96753AFF} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{19EAD7CC-F1DA-4D09-B93A-15BDC7CA8F87} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{1A88767F-CB3D-4F7E-BF08-A4881BCA6DB9} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{1C85BC8C-25F6-4B76-A6F3-9692EB19704C} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{1D6C8F26-DBFA-436B-B781-D0F845EFA1B1} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{1F4ED22B-D354-45B5-A7DD-70D63BA651BD} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{1F822661-659B-421D-9AC1-821ED4EF1FA4} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{20C6FE84-9640-42E3-9739-C6BF660701B7} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{213E154E-2B30-47EE-A5F2-D522B27DF432} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{218DF244-6402-4DA8-B067-C8BB4AE37C23} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{21C2A31C-59B0-47C4-8800-1BEEC4B7E390} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{23853FE1-DA8E-4693-A8F8-677F061C791C} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{23F38EA4-8DAC-4F2B-9024-73B2346FAA40} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{25E32EEB-AA47-431A-8EDE-112FD6A3E0C8} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{25ED62EE-AC7C-484B-9FD0-C4716C21A64C} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{2646EAA9-5419-4495-9A10-F6127F6A586D} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{269D0D79-574E-406C-9D2B-38D7B6FD8F2F} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{26ACCB6F-ABA9-4D8B-82A1-DD8C4367D90E} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{26B27B33-3763-4902-8995-FD2400358590} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{26CA9711-A621-4D63-8DC7-E3B7C8250E66} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{286D8C81-A9FC-48FD-870F-4927B71D5A8F} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{28BC79E2-8965-4DC4-ADF3-82720DDE477E} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{2BE057C8-8225-4925-A1F4-DA54FC6EE476} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{2C2F3D71-9A1B-4390-B679-A6FE3A17868D} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{2C980660-AF3B-47A0-AEE6-C3035D7FBDFB} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{2F06E102-9994-4D55-83E0-3DC746AB7DC2} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{3017479C-7B26-4F15-BB1E-77887C6197E9} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{3209FD34-15F4-4C7A-B434-DDCF3AF52A06} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{3343EE9D-9FF8-4C6F-B7ED-CD6B6AB77312} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{3426E8BC-3B38-4CF5-BCB8-F278D89667CB} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{35472E80-9674-45F5-81F0-0B4AE5E54CD0} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{387A7864-0DCD-45AF-AEE3-66D4A12F6783} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{39FC9380-4ED4-44D3-BCEE-89DC8D919AE9} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{3B0DB598-1BDD-444E-961D-B79DF3EF9257} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{3B595624-BB28-40A5-A781-644CD243ECFB} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{3B9942C5-4998-4644-A0BA-F628697AB5A0} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{3C39641D-985D-450E-9FF9-E29166D0D3CF} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{41135B04-8E35-48A3-B54F-B05C125B7EBE} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{417293D0-3B9E-4D8A-A638-AD15FD623284} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{41939A68-8864-44E9-9876-88209CC447E6} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{4274FC83-1AF7-4573-B809-C488431F7649} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{430741AC-A202-4AF5-9C02-C0AACCD5836B} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{430B33CC-84AF-4A4C-ACBF-847CB197CCAE} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{4554FB59-C424-4CD3-9F2C-8CAF9E2A18DB} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{45C21846-FFCC-460F-87E6-032E968BD257} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{47481DD6-D710-4A74-9F96-58CE3374B474} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{47627124-465A-488B-B8ED-BB2A7386119C} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{476947E0-0493-4A8B-AF18-6C17EB8AADE3} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{48CBAF89-97C9-42C9-9122-EB6E75E219AA} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{4BA1CE45-09CA-4AE5-9058-8AC97D361E44} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{4BE91FE3-D049-47B3-A1A5-A7657188CDDA} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{4EE74B07-6207-491D-B2FE-7ECB02ED1688} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{50A684B2-FA5E-4F1A-85A1-C7BE0FF63070} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{5156ACFC-CA68-49E5-BBB5-9A24194107FD} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{51B59A02-02B4-4C53-BE37-D18CA028AD28} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{5261CA20-09B8-4BC0-8562-A4821D6DC867} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{52BBCC4E-7630-4453-A3E4-074B40E9CE2B} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{53660216-321C-49A6-9EFB-2CE47162EAFA} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{53B9050A-9A4B-4C2E-B165-1E4F559122BC} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{55126DC5-788A-4E72-8B1B-1BB53C6EF954} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{567C4884-90D2-4F9C-8AE7-7C8798FBF19D} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{57A6FA4D-FF90-4EF2-8CFB-CCE78BEB60CF} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{5810E6B1-2A08-467F-B404-0B9D43BFA1A4} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{5939D1AD-A107-41EA-ADF4-1AC40CB47DEA} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{5A7F3A3A-8BCF-43C3-848E-947ED8EA96BD} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{5AE43CBE-5AE3-4FCA-AB9F-AE33FA633B19} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{5B0D91B7-8BFA-40A4-9BEB-8391FB0E0ACD} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{5BC4BDBD-6CDE-4BCC-AF91-3A6902825F4C} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{5C353A47-F517-43B6-9BAA-C4503CB162D2} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{5C7D8185-FEFE-45E2-BAC6-C381B8326EB1} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{5CF7E6DD-7B5F-4845-A34A-E1C6E4EFAE54} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{5D17BDB3-10C0-465C-B0FF-55B80B213B79} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{5D6E901F-8187-480A-ACD4-FC68E87EE590} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{5D951120-A4A8-410A-9980-827870F95110} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{5DEE2D93-C3ED-4B0A-8304-7EF0D860B818} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{5E4C28E1-4CFE-47A0-98A3-C96A2C1CE9A3} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{5E576DB4-AB9F-48D3-B02A-FA299959A8B7} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{60DA15E0-4A56-4068-8B0A-9A9D704549EC} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{6204D9EA-CC8C-4A74-BB55-1413CDB020E4} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{643469EF-51EB-4375-A176-1F289800266D} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{653FF8E9-CDE5-48DA-9EAE-AE3F00D98066} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{6618D620-D8C9-4BAB-8602-79A50887926A} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{684D2602-F257-4660-8B95-08EEA03A706E} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{6A5D186B-4E2F-4597-92B9-E624B5E7DD10} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{6ABB7995-BC7A-480D-8BB4-868917A132A9} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{6AC3BE17-E01B-49D5-B8CB-756A8C502030} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{6C0D402A-582B-4A38-B770-6E82ED44847D} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{6CC3053C-7977-4D6D-AA35-F0FED11EE45D} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{6D8A5EB5-E3E7-4A61-B0DA-1DCBE928B901} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{6E18D2B4-8F81-43AB-AF6E-CF991A548EAA} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{6E48F830-698E-4D3E-BE94-3EA5DDCE77DF} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{701CEF55-98E2-4338-9F56-BF77F5ABA07D} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{71BD1783-F731-4244-A66B-854160FD5201} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{72166847-30D7-4A07-9DA1-A3C3F995493B} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{72F32C14-ABA8-48DA-9332-DE3A75383324} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{7322AF2F-E03E-475E-BED0-F347DBFA6345} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{7410FD3F-67EF-4CE0-8815-8504609BBC1E} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{74845B8C-5B90-4F17-85FF-A2B1C7BA300E} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{74A4B4F4-90D3-48E8-ABCA-A2F19EE94BA2} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{7521C76B-CD55-4BDE-BC3C-C0AD2119379C} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{7538A4FE-EBE9-4A30-8CD7-875AB08092B5} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{75AAA521-AF0B-463B-B694-9BB341670442} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{7605E149-AD4A-4C29-9777-A69A589CA596} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{772750DE-39A2-4F6C-933B-63CD648ABFB6} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{780A43B0-3888-4910-B04E-3650E9AF256C} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{7A63FB7B-C943-429A-B9E9-C37A27401C57} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{7B4D2F60-97D9-46E1-B907-0BDA68C4594E} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{7C844D50-E0BD-43EE-B5B2-33D9685D6F0A} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{7D8216F2-2A63-49C0-8ACE-DB1B21577AF9} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{7EBE2B13-47FA-4381-94A0-3E77F7F05540} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{7F266F1A-2317-4719-AF4A-7A8916924128} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{7F4A5BF1-8764-4297-9FFF-029FED38CC28} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{7F60E02B-C36F-48F7-AE65-6315147CEC86} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{80EF0CBB-B30F-406C-BF02-07E084C7E780} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{811EDC14-696E-41F8-AC94-A73C6FF99F30} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{82E5A355-D74E-4760-9ED7-D1473AF72730} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{831A14A5-5A63-4B76-922C-FD0BC91C7841} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{83AAD63F-7844-45DF-B9A5-03CD8C880EEF} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{84B67951-CA29-42E3-BE16-6E2ED4F45231} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{857660ED-2470-4426-A3E8-E2E3AF0105F1} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{85C198E0-FCD3-4123-BE9F-A6C55CF1E48D} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{8667C285-6240-47B9-8C48-44D183F32212} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{870658FE-BA66-4F32-BA98-5F78A48DA4E9} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{88F6C9EA-0BF6-427D-AFD8-7E0B5B86CD13} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{8993EC91-B9C0-402D-8B9D-14748FA5EC17} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{8A0AB88A-EAD7-43F3-99A5-6D571059BAB6} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{8A34340C-9C2F-417C-B57C-C6F9DAB4004D} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{8ABF59CF-D720-4283-963D-128B9F43110A} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{8B6A9B61-0EAB-4A60-87F7-466AAFE869D9} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{8B946CD1-1167-4A8D-8BF9-6EBB79F969A5} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{8E06003E-8B5C-4F2D-8E9D-8C683BAA7B60} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{91BC7F47-005A-4380-B346-1C6DCE9FBF81} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{92BF504D-FA35-4889-B710-CDE893B494E8} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{92F6D98F-1233-4685-B087-F345B61598DB} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{93B708C3-B41E-4853-973B-82B9883FC20E} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{93DA6EC8-6C1E-4B6B-B043-0169A376FABD} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{944EF68B-4D77-47E6-8DDA-AD835A78C042} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{9492AD6C-EC1C-476C-8E3B-53E74B419502} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{94EBF835-539A-42B5-B81D-BC95E7C31C92} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{95CFBED1-ACA9-437C-A89A-74E9CD2633D7} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{96FAA524-D369-4BAF-9B30-277F0429614B} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{97879527-446D-4BA3-9A15-328CCFE3F86A} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{99337881-9459-443E-A0FD-776FDEEC80AD} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{9988F456-C85F-4FF6-AC22-B414574FC723} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{9A0C878B-D284-4B1E-B9F0-CA44A25D44E8} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{9A8DF408-AAEB-4AB0-9D2C-68C426D928BA} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{9B69033E-E378-4BFB-B3D3-EC1E3FBDBE6B} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{9BDBEDF1-B886-4C65-B524-C8C8AFA122DB} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{9C1E915F-D381-47F1-939E-052C92160F2D} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{9C8E8ABC-0095-4E8C-9EE8-8CBB3F3B04EB} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{9DD545EF-0704-448B-8B82-33292A07A54D} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{9DFF5EA1-64EA-4E0D-BA96-992D6C565346} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{9F4B54DC-2283-4919-9ECD-0F6D0351F121} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{9FAF0313-0054-487A-8375-F13447F30692} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{9FF34F83-9E41-4782-8B43-D5ACC830831E} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{A19956F2-EE78-4F24-9732-4750F13AC89F} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{A2881DD9-6139-4F0D-9C17-E6D4B98C0404} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{A442540E-37C5-4835-9A8A-AA8C6DC444F4} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{A6AEDD20-E448-4710-B35B-661F41F351FC} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{A6E36944-EFC1-4FF2-8372-0FEDF751264F} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{A98AAF99-9725-429B-90C8-22702DC7B073} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{A9D41EF5-4784-471B-8143-F39EECA57B23} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{A9EAFECE-25CA-4985-B8E1-6C58621AE401} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{AA4C5B5A-1154-4260-A788-368E6BCEDDF3} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{AABD83AC-2BA8-444A-8F45-6EA8604A0138} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{AB773FD7-E19D-48C6-BB48-E25AB1476FBB} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{AB8E8E65-7264-46CC-8009-64FCEB904BBB} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{AD180590-D41C-47EA-958B-4015F843F282} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{ADF1BF57-2CCC-4339-9AA0-8CE5E7C9AB56} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{AECD844D-2A46-437A-9BD6-921821E4D598} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{AF40451C-C69B-4879-BED8-62CFFDE5A27C} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{B008DA73-1021-4892-8BF5-7A692E6897EB} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{B1B33B61-7FE4-4380-B32C-4C6554EB7028} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{B1C2C607-30B0-482F-B2B1-224FFA52E673} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{B1FD2241-2BEA-4DC2-95AD-60684B498203} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{B29CEED6-9FBA-411E-8B14-07453D1B5F62} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{B3CFA7D5-DDAB-4477-A3B0-CB6D010F1785} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{B4FDA884-9E1F-48D6-B1E0-D8434F4BA000} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{B55F0910-95D1-4373-8C64-D6929991280E} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{B73AD793-5730-4239-AC12-E92BC9681C38} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{BA2B1C80-6306-4BAA-ACE7-3611A50FE8BC} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{BB6E9A79-71E7-4FD5-BB77-CC31A9195E36} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{BB909B90-DB07-428F-B8EE-F83977A42D18} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{BC404B1A-B12F-4A79-905E-C26B7B8F9B58} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{BC7391FB-5129-4A28-9227-A89825D5C25F} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{BD47F64F-2CF1-4B4C-A5AD-12F98FCFF517} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{BD88048D-C77D-4AE8-935F-8DFA62140BD5} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{BDAF3C9E-C95D-42C6-9CCA-314FA98B9C66} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{BDC6200D-9CFD-4DD5-BC25-12720A732E71} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{BEA91AFD-8FAA-4074-8A10-1EF4A7CBCC44} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{BEB1B213-C0DF-48B4-94C9-41FCC154840A} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{C071DED8-3B5D-4C4D-87C0-CFD64D56B4C6} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{C1AD979B-A25C-486C-BC4C-D89FD1062497} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{C20079B5-1F12-493C-BE04-E63D4D05BD6F} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{C25DB03B-9A12-453A-B00B-08E7BCD83278} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{C26355C9-B909-48B9-883C-D9B0C7404B81} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{C3EB49DE-1075-487C-8832-5157E4922BC7} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{C59E1D96-78AA-48E0-BF3C-E264450080FF} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{C6832401-FA2C-4174-A940-ECD488B1EA89} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{C6B6C4B9-728A-402C-96AB-60CEAFBABB09} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{C6FDC1DE-EB2D-4E92-BFBC-313C44C68381} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{C86560BB-D092-4487-8F27-6FABD124A796} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{C9637299-8226-4A8F-A0D5-2FEA2AD0BB07} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{C9834856-A05F-423D-B60F-D58CEBD8E4E6} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{CA67A576-3A7F-404F-B098-1B09A2FD61E4} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{CB14A364-7CFD-41AB-BDB6-753B9EE4E32B} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{CB1A90F3-8554-4DBE-A20C-EB6EB72ED770} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{CB68E3BA-E5AC-4364-9F47-86BD42C85D4C} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{CD257E9F-9E25-4ABC-BFBD-DC6785CE1169} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{CEC54693-FDF6-491F-8ECD-63729A2241B7} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{CF18CCC0-80A0-4F74-9C08-92F97193BAF9} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{CF5576F5-10B1-4059-B224-D11256F33295} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{CF579F34-E561-4DF7-B69C-37133B4577FE} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{D0218DDC-250F-4FC0-B381-B1C9D1A87A5D} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{D1A6C99F-7724-4FB8-A9A3-788BC74E85DB} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{D2785596-51A6-4403-8E07-BF32B459A9BF} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{D28FDACE-2BD8-46FE-8C2A-0425120AA3AC} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{D2EF4C51-4548-4643-AFBF-AF55F71A1C4F} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{D4A23F1A-6E1A-4BC2-937B-B4D74FA73C30} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{D5B008C7-4879-45AE-BEC2-71FCC75E28FD} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{D72E5F00-919E-468F-9019-1930A9A9FE50} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{D88C136F-886C-4EE6-91CB-19C8B8B1E2D7} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{D985E369-94FC-4EE5-9A81-4A0AB123EAA0} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{D98F5B76-AC2D-46C8-916D-B706D524C143} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{DA0B4ED7-89AC-4079-9425-1D4A12424C0B} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{DACA4EEA-B315-4029-980F-49130F7898E3} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{DB9D75FC-693F-4A6C-8A7B-C85D2D263492} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{DC5E1A08-B1A9-40BD-912D-B495290E5B1F} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{DCD7CC84-63D5-496B-B52F-D7336230B168} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{DCD8A0EF-368C-40C5-ABF2-1DC9501BB78B} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{DE4A9E3B-6A92-4580-B1FD-2BD8EC01963A} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{DEF81F4D-E45B-457C-87EB-18C39C7C67D7} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{E2A263B3-71BE-4ABC-8706-DCB79F569799} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{E2B70BCF-2864-4584-91D9-08772528CD5C} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{E339F1F0-5641-42D6-ADA6-7FF976377541} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{E3910CE0-FA6D-4E38-8CD8-8FE4284EAD82} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{E52523D6-7555-46EC-8216-F5EA3D750CE3} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{E5356B41-9700-4992-B52D-9CA8FD2DB27F} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{E5B84FC6-483D-403D-AE5B-F60B9BF87E43} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{E66C3D53-A60E-4D0C-85D8-A1F8AB323EDC} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{E6AB9480-CFA9-41D9-A89F-138CFADF904E} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{E6D36540-CEFE-407F-9B35-889D70F40A2B} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{E71F820D-3D6A-4651-A389-60DF0D562EE2} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{E8471C92-DDF1-4E9E-9BDF-0EA4B29B3C57} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{E89C9204-2209-4AE9-9DB8-1B2ECFC7D19D} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{EA643383-988C-45E8-B6BF-8F1BE180D17F} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{EA7A27BE-1223-4F8E-8BF9-0805DD981DEA} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{EAEC4323-1156-465A-BE4E-E7CE4182683D} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{ECB218CD-93FC-46FA-87E3-89A8004CFC33} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{EEF1B4A7-7E47-45DF-98FF-77B72D515C77} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{EFFD71D9-04B6-4266-BAD9-F24CD02A600F} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{F0028C13-F77C-41AA-8A87-7A9C4A7CBA8F} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{F08179D5-CF2B-4EF6-A97A-220B5F74AAC0} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{F0DE07BF-3E04-477F-9398-D25F156D1907} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{F1E14618-0053-4F76-A472-EB26A537D320} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{F1F07139-08DC-42D3-9A8F-DBF36DEFEB94} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{F356013A-A509-4A48-B8A2-653CBA8FCFCF} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{F4A496E6-9000-40AA-8A13-C8F19EBCC034} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{F5C32129-6AA3-4E89-BD6D-2F4CB1B27E2D} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{F60A22A5-9B3B-40C4-97EB-437323757F8A} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{F74452D7-2D0A-49A4-BC05-D37B46DF6EE1} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{FA35915C-7A15-4CBA-A95D-D63CA61CAEDA} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{FA594615-57D0-4185-8121-DFD867E8FAC5} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{FBFD2E97-F89F-4D06-8981-B52816515FA9} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{FCF7D0A5-5397-4046-9DE5-9DA9D2812731} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{FDA1F1FE-A51B-4895-A5C0-C61B35F27092} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{FE78290C-2021-4974-8DB1-8AA3A2D31DEA} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{FEFD8214-537E-42B0-B54E-C42F829E4A61} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{FF4F8F59-DEE5-439F-BBCD-9AF7F52FDB6A} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{FF54E826-3121-451D-8DA0-7D49E2E8AAD2} (Empty Folder)
Successfully deleted: C:\windows\s.bat (File)
Successfully deleted: C:\Program Files (x86)\conduit (Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GG8FZW6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3AU4AKCY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IF32QS6P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLEWB5AK (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GG8FZW6 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3AU4AKCY (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IF32QS6P (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLEWB5AK (Temporary Internet Files Folder)

 

Registry: 4

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0251051460679468mcinstcleanup (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7562F76B-5C4E-4B92-9C44-A24C1DAE1BF1} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/14/2016 at 22:06:23.53
End of JRT log


  • 0

#8
reliable1pro1

reliable1pro1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
# AdwCleaner v5.111 - Logfile created 14/04/2016 at 22:21:08
# Updated 14/04/2016 by Xplode
# Database : 2016-04-11.4 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\Owner\AppData\Local\Ilivid Player
[-] Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong
[-] Folder Deleted : C:\Users\Owner\AppData\Roaming\download Manager
[-] Folder Deleted : C:\Users\Owner\AppData\Roaming\OpenCandy

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1320680
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\dailylocalguide.dl.tb.ask.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[-] Key Deleted : HKCU\Software\APN
[-] Key Deleted : HKCU\Software\DataMngr
[-] Key Deleted : HKCU\Software\Headlight
[-] Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[-] Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\chatango.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cloudfront.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\craftcrawlers.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d2m2wsoho8qq12.cloudfront.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\dotomi.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\dsms0mj1bbhn4.cloudfront.net

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: Firewall settings cleared
:: IPSec settings cleared
:: BITS queue cleared
:: IE policies deleted
:: Chrome policies deleted
:: Chrome preferences reset : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5261 bytes] - [14/04/2016 22:21:08]
C:\AdwCleaner\AdwCleaner[S1].txt - [5680 bytes] - [14/04/2016 22:17:26]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5407 bytes] ##########
  • 0

#9
reliable1pro1

reliable1pro1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by Owner (administrator) on OWNER-PC (14-04-2016 22:37:32)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcupdate.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-02] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1617920 2011-03-01] (Intel® Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-05-22] (Lenovo)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-05-22] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-12-06] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [873072 2016-02-29] (Webroot)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518456 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-09-13] (Citrix Systems, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\800\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-03] (Google Inc.)
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [241280 2013-09-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [Run] "C:\Users\Owner\AppData\Roaming\Microsoft\Windows\IEUpdate\certreq.exe"
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2011-05-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-05-13]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-05-13]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-05-13]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-01-18]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-01-18]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-01-18]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk [2013-04-23]
ShortcutTarget: Windows Home Server.lnk -> C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-05-22]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-05-22]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-12-10]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224 2014-12-05] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Hosts: 192.168.1.12 RELIABLESERVER #Windows Home Server#
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C118721C-5867-4DFA-A9C3-5D7FB6D9521E}: [DhcpNameServer] 172.18.202.215 172.18.202.215
Tcpip\..\Interfaces\{D304EF73-4E91-448F-9774-546DC447B435}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3258126484-446658152-3535686326-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3258126484-446658152-3535686326-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADRA_en
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-21] (Microsoft Corporation)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll [2010-12-13] (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: BrowserHelper Class -> {9A065C65-4EE7-4DDD-9918-F129089A894A} -> C:\Program Files\Windows Home Server\WHSDeskBands.dll [2011-01-10] (Microsoft Corporation)
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-05-13] (McAfee)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-21] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-05-13] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-06-02] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-21] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-11] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-05-13] (McAfee)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-21] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-05-13] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-02] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-11] (Oracle Corporation)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll [2011-01-10] (Microsoft Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-05-13] (Webroot)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-05-13] (McAfee)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-05-13] (Webroot)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-05-13] (McAfee)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-3258126484-446658152-3535686326-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-3258126484-446658152-3535686326-1000 -> Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll [2011-01-10] (Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2014-12-06] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-13] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-12-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-12-03] (McAfee, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-09-13] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-06-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-06-11] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3258126484-446658152-3535686326-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-08-01] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension: Online Accounts Extension - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011-05-22] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-04-14] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Give Me CRX) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\acpimoebmfjpfnbhjgdgiacjfebmmmci [2015-10-25]
CHR Extension: (McAfee SafeKey) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2015-10-25]
CHR Extension: (Rapport) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-10-25]
CHR Extension: (Chrome extension source viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpbeccnghkjeaalbbjmodiffmgedin [2015-10-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-07]
CHR Extension: (Webroot Password Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-04-13]
CHR HKU\S-1-5-21-3258126484-446658152-3535686326-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2015-05-11]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.1.0.57.crx [2015-05-13]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-05-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
S2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2011-02-27] (Red Bend Ltd.) [File not signed]
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe [1709096 2016-03-14] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [718248 2016-03-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2016-01-25] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-02-19] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1037048 2016-03-15] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-06] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-12-06] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-12-06] (Intuit Inc.) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2372080 2016-03-23] (IBM Corp.)
S2 svcboot_vjuhbfbrr; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 svcboot_vjuhbfbrr; C:\windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
S2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [885248 2011-02-27] (Intel® Corporation) [File not signed]
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [873072 2016-02-29] (Webroot)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2016-01-29] (McAfee, Inc.)
S3 cricutexpression2; C:\Windows\System32\DRIVERS\cricutexpression2_x64.sys [70672 2011-12-16] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2016-01-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R1 RapportCerberus_1609035; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609035.sys [1156456 2016-04-14] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-03-23] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-03-23] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-03-23] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [523432 2016-03-23] (IBM Corp.)
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot)
S3 wrUrlFlt; C:\windows\system32\DRIVERS\wrUrlFlt.sys [41040 2015-06-02] (Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-14 22:14 - 2016-04-14 22:21 - 00000000 ____D C:\AdwCleaner
2016-04-14 22:13 - 2016-04-14 22:13 - 03670016 _____ C:\Users\Owner\Desktop\AdwCleaner.exe
2016-04-14 22:06 - 2016-04-14 22:06 - 00033718 _____ C:\Users\Owner\Desktop\JRT.txt
2016-04-14 21:49 - 2016-04-14 21:49 - 01610352 _____ (Malwarebytes) C:\Users\Owner\Desktop\JRT.exe
2016-04-14 20:50 - 2016-04-14 20:50 - 00001844 _____ C:\Users\Public\Desktop\McAfee LiveSafe.lnk
2016-04-14 20:50 - 2016-04-14 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-04-14 20:32 - 2016-04-14 21:35 - 00013241 _____ C:\Users\Owner\Desktop\Fixlog.txt
2016-04-14 20:11 - 2016-04-14 20:11 - 00003846 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-04-14 12:32 - 2016-04-14 12:36 - 00038408 _____ C:\Users\Owner\Desktop\Addition.txt
2016-04-14 12:20 - 2016-04-14 22:43 - 00043860 _____ C:\Users\Owner\Desktop\FRST.txt
2016-04-14 12:19 - 2016-04-14 22:37 - 00000000 ____D C:\FRST
2016-04-14 12:19 - 2016-04-14 12:19 - 02375168 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-04-14 11:52 - 2016-04-14 11:52 - 00287136 _____ C:\windows\Minidump\041416-64022-01.dmp
2016-04-13 12:36 - 2016-04-13 12:36 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-03-21 10:55 - 2016-04-14 20:17 - 00003064 _____ C:\windows\System32\Tasks\McAfeeLogon

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-14 22:42 - 2009-07-14 00:45 - 00028928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-14 22:42 - 2009-07-14 00:45 - 00028928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-14 22:35 - 2009-07-14 01:13 - 00786662 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-14 22:35 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-04-14 22:31 - 2013-03-01 23:20 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-04-14 22:28 - 2011-05-22 21:54 - 02184209 _____ C:\windows\system32\fastboot.set
2016-04-14 22:28 - 2011-05-22 21:50 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-14 22:28 - 2011-05-22 21:40 - 00000000 ____D C:\ProgramData\VeriFace
2016-04-14 22:27 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-14 22:21 - 2015-01-19 19:45 - 00000000 ____D C:\ProgramData\WRData
2016-04-14 22:08 - 2011-05-22 21:50 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-14 21:54 - 2011-05-22 21:42 - 00000000 ____D C:\ProgramData\Best Buy pc app
2016-04-14 21:46 - 2013-09-13 03:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-04-14 20:47 - 2011-11-20 04:19 - 00000000 ___SD C:\Users\Owner\AppData\LocalLow\Temp
2016-04-14 20:31 - 2015-05-13 12:38 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-04-14 20:23 - 2013-06-11 17:52 - 00000000 ____D C:\Firefox
2016-04-14 20:19 - 2013-04-23 20:20 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-04-14 20:15 - 2012-12-10 17:58 - 00000000 ____D C:\Users\Owner\Desktop\Drag racing
2016-04-14 12:48 - 2015-04-06 13:05 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-14 12:48 - 2011-05-22 21:51 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-14 12:00 - 2009-07-14 01:32 - 00000000 ____D C:\windows\system32\FxsTmp
2016-04-14 11:52 - 2011-08-16 14:16 - 00000000 ____D C:\windows\Minidump
2016-04-14 11:51 - 2011-08-16 14:16 - 1072553277 _____ C:\windows\MEMORY.DMP
2016-04-13 18:24 - 2011-05-22 21:36 - 00000000 ____D C:\ProgramData\McAfee
2016-04-13 12:24 - 2015-07-27 13:31 - 00003344 _____ C:\windows\System32\Tasks\McAfee Remediation (Prepare)
2016-04-08 12:27 - 2013-03-01 23:20 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-04-08 12:26 - 2013-03-01 23:20 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 12:26 - 2011-12-22 11:07 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-29 03:01 - 2015-04-07 03:00 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-03-29 03:01 - 2015-04-07 03:00 - 00000000 ___SD C:\windows\system32\GWX
2016-03-28 16:37 - 2016-01-02 16:31 - 00000000 ____D C:\Users\Owner\Desktop\Hall 2016
2016-03-23 19:18 - 2015-06-10 21:36 - 00215560 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportHades64.sys
2016-03-23 19:18 - 2013-03-24 12:31 - 00470056 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportKE64.sys
2016-03-21 11:07 - 2015-05-13 12:51 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-21 10:52 - 2015-05-13 12:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-21 10:26 - 2009-07-14 01:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2016-03-21 10:26 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-21 10:22 - 2009-07-14 00:45 - 00446392 _____ C:\windows\system32\FNTCACHE.DAT
2016-03-15 04:15 - 2014-12-10 04:29 - 00000000 ____D C:\windows\system32\appraiser
2016-03-15 03:42 - 2013-07-31 03:00 - 00000000 ____D C:\windows\system32\MRT
2016-03-15 03:04 - 2011-06-25 10:37 - 143659408 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2013-04-22 07:55 - 2013-04-22 07:55 - 0000464 _____ () C:\Program Files (x86)\Local Disk © - Shortcut.lnk
2015-05-11 17:45 - 2015-05-13 12:45 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-05-13 03:56 - 2015-05-13 03:56 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2013-11-19 12:45 - 2014-03-13 12:51 - 0002186 _____ () C:\Users\Owner\AppData\Roaming\FileDrTool.log
2011-07-22 18:20 - 2011-07-22 18:20 - 0033134 ____H () C:\Users\Owner\AppData\Roaming\UserTile.png
2012-07-05 21:37 - 2012-12-10 20:09 - 0064400 ____H () C:\ProgramData\sys001.log
2012-07-05 21:37 - 2012-12-10 20:09 - 0457560 ____H () C:\ProgramData\sys002.log
2012-07-12 20:07 - 2012-12-10 20:09 - 0022944 ____H () C:\ProgramData\sys003.log
2012-07-05 21:32 - 2012-12-10 20:09 - 0020845 ____H () C:\ProgramData\sys004.log
2012-10-18 14:45 - 2012-11-06 13:42 - 0013812 ____H () C:\ProgramData\sys005.log
2012-07-12 20:07 - 2012-12-10 20:09 - 0000088 ____H () C:\ProgramData\sys006.log
2012-07-05 21:57 - 2012-12-10 20:09 - 0004666 ____H () C:\ProgramData\sys007.log
2012-07-14 15:45 - 2012-12-10 20:09 - 0020899 ____H () C:\ProgramData\sys008.log
2012-07-05 21:37 - 2012-12-10 20:09 - 39713026 ____H () C:\ProgramData\sys011.log
2012-07-06 13:09 - 2012-12-10 20:09 - 0003932 ____H () C:\ProgramData\sys012.log
2012-07-05 21:37 - 2012-12-10 20:09 - 93646077 ____H () C:\ProgramData\sys013.log
2012-07-05 21:41 - 2012-12-10 20:09 - 0012483 ____H () C:\ProgramData\sys014.log
2012-07-05 21:37 - 2012-12-10 20:09 - 0000741 ____H () C:\ProgramData\sys016.log

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\libeay32.dll
C:\Users\Owner\AppData\Local\Temp\msvcr120.dll
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-07 22:05

==================== End of FRST.txt ============================
  • 0

#10
reliable1pro1

reliable1pro1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Owner (2016-04-14 22:43:52)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-06-25 09:23:11)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3258126484-446658152-3535686326-500 - Administrator - Disabled)
Guest (S-1-5-21-3258126484-446658152-3535686326-501 - Limited - Enabled)
Owner (S-1-5-21-3258126484-446658152-3535686326-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Disabled - Out of date) {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Anti-Virus (Disabled) {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACH Origination Application (x32 Version: 19.41.0.3 - Fiserv) Hidden
Active Protection System (HKLM-x32\...\{F493761C-E465-4B9E-9FC1-A312F161DE0A}) (Version: 1.70.11 - Lenovo)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BioExcess (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 7.0.67.0 - Egis Technology Inc.)
BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.100.10 - Citrix Systems, Inc.)
Convergence Training Viewer (HKLM-x32\...\ConvergenceTrainingViewer) (Version:  - Capstone Technology)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3623 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DataLinkII (x32 Version: 3.8.6 - CSI) Hidden
DataLinkII (x32 Version: 4.1.1 - CSI) Hidden
DebugMode Wax 2.0 (HKLM-x32\...\DebugMode Wax 2.0) (Version:  - )
EgisTec ES603 WDM Driver (HKLM-x32\...\InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}) (Version: 3.0.10.4 - Egis Technology Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
ES603 WDM Driver (x32 Version: 3.0.10.4 - Egis Technology Inc.) Hidden
FinalData Premium 2.0 Demo (HKLM-x32\...\FinalData Premium 2.0 Demo) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.0.0.800 - Citrix Online, a division of Citrix Systems, Inc.)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{D5510D28-D0E4-433E-A0F3-EE3FCECA60D2}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{AF162E20-417F-4946-A06D-65734984957F}) (Version: 14.00.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{18A6B663-A646-457B-A314-5CF58AECB06A}) (Version: 6.02.1000 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
join.me (HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\JoinMe) (Version: 1.12.3.173 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0209.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo Security Suite (HKLM-x32\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.11.0 - Lenovo)
Lenovo Security Suite (x32 Version: 2.0.11.0 - Lenovo) Hidden
LogWorks3 (HKLM-x32\...\LogWorks3) (Version: 3.07 - Innovate! Technologies)
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.6136 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\safekey) (Version: 2.2.3 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSD GraphView 3.19 (HKLM-x32\...\MSD GraphView 3.19) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MTS SDK (HKLM-x32\...\MTS SDK) (Version: 1.1 - Innovate! Technologies)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.3.100.10 - Citrix Systems, Inc.) Hidden
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
Port Locker (HKLM-x32\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.24 - Egis Technology Inc.)
Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickBooks (x32 Version: 25.0.4005.2506 - Intuit Inc.) Hidden
QuickBooks File Doctor (HKLM-x32\...\{45780E89-7B52-4E92-A9DC-1172EF556708}) (Version: 3.6 - Intuit)
QuickBooks Pro 2015 (HKLM-x32\...\{8F02EFA1-8F5E-4E47-A6B5-D99E4FE90271}) (Version: 25.0.4005.2506 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RacePak DataLinkII (HKLM-x32\...\{BF6221DC-9AC0-453E-A9EA-3D97AD11C6DE}) (Version: 3.0.3 - CSI)
Rapport (x32 Version: 3.5.1609.47 - Trusteer) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
Self-service Plug-in (x32 Version: 4.3.100.10167 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 29.6.93090 - Sonos, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
Tax Forms Helper 2011 10.0 (HKLM-x32\...\Tax Forms Helper 2011_is1) (Version:  - )
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.47 - Trusteer)
Unity Web Player (HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.8.72 - Webroot)
Windows Driver Package - Innovate Motorsports Innovate USB Driver (10/12/2009 1.4.1.0) (HKLM\...\73FC7E42C8F05A3B5235FB18804B1F5C84709230) (Version: 10/12/2009 1.4.1.0 - Innovate Motorsports)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Driver Package - Racepak CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\A0F2BE8E586483B9E7911A129ACB17C643150F9F) (Version: 10/22/2009 2.06.00 - Racepak)
Windows Driver Package - Racepak CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\E6F01C490193611E782324742497511F9FDFB132) (Version: 10/22/2009 2.06.00 - Racepak)
Windows Home Server Connector (HKLM\...\{21E49794-7C13-4E84-8659-55BD378267D5}) (Version: 6.0.3436.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26341F4A-C222-42E7-9E6E-E3718E805865} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-03-10] (McAfee, Inc.)
Task: {2B214541-3B3E-4CAD-BE89-F73FB3864F95} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {2F973D0D-0DE8-4051-8DC1-1A392A1F0EA3} - System32\Tasks\HP Officejet 6500 E710n-z.exe => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HP Officejet 6500 E710n-z.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {73D2146E-5FC4-4D58-8021-02A232A9DC0D} - System32\Tasks\{E67D6CD9-927A-4502-93F7-653F879D2C52} => C:\Program Files (x86)\Spytech Software\Spytech SpyAgent\sysdiag.exe
Task: {7CDA1C7B-92B5-4FBD-87EE-A633CF9EB32F} - System32\Tasks\{066572FC-0399-4A4B-B715-316820603994} => C:\Program Files (x86)\Spytech Software\Spytech SpyAgent\sysdiag.exe
Task: {7F964070-56BC-4B8B-9339-60846F336AB7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {854CE8BE-DD47-4937-98B5-B7E62538E92E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {8B79E0C1-8B5D-4F86-9208-9913BED91F07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {93E5AAC9-4E6E-4334-8438-96F476C45F6F} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {9682EC5A-855B-4D50-9A05-D41FF465CB0C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {B1B2B0C7-F580-4D5D-84EA-AEA78419D030} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24] (CyberLink)
Task: {BBBA515F-0BA9-444B-A6BF-EFBFBBE78003} - System32\Tasks\{C92C2563-CCD4-4BD8-A6C2-955C372168C5} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {BF5CFB87-A634-4EA7-9E99-1B35A50CD96F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-21] (Microsoft Corporation)
Task: {C2FCDC14-9464-4344-B18D-BE554F410776} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-24] (McAfee, Inc.)
Task: {C364E95A-3EFC-470B-B73F-2A199CE71650} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.)
Task: {C3E2D9EC-8151-440C-97FD-3B20E2A9E2C3} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {DF63AFEB-6917-476D-B5CD-7D2655F29694} - System32\Tasks\{4BBB96A6-A46B-40B9-B2D0-382C7CC05105} => C:\Program Files (x86)\Spytech Software\Spytech SpyAgent\sysdiag.exe
Task: {E9DFE395-79BE-4330-9375-41CCCAEC2EB2} - System32\Tasks\{F24DC5A5-BF72-4A79-990B-791709378DA1} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8A63Q02Z\Setup_QuickBooksPro2015.exe" -d C:\Users\Owner\Desktop
Task: {ED09AF51-E803-4E62-A87A-7E7FF2E48612} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F8425395-6BBA-4A8C-A467-CD7FFB1D65E5} - System32\Tasks\{7940684C-4B37-4B6F-BC9B-693035A77ECC} => C:\Program Files (x86)\Spytech Software\Spytech SpyAgent\sysdiag.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-12-17 15:19 - 2011-02-28 18:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll
2015-05-13 12:48 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-11-02 08:58 - 2010-11-02 08:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-10-30 03:28 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-05-22 21:40 - 2011-05-22 21:40 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2010-11-02 08:58 - 2010-11-02 08:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-04-15 01:28 - 2011-03-25 05:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2011-05-22 21:40 - 2011-05-22 21:40 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2014-12-06 20:12 - 2014-12-06 20:12 - 00630784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\boost_regex-vc120-mt-1_55.dll
2014-12-06 23:32 - 2014-12-06 23:32 - 00031560 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QBCompressor.dll
2014-12-06 20:14 - 2014-12-06 20:14 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\zlib1.dll
2014-12-06 23:32 - 2014-12-06 23:32 - 00099144 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QBMAPILibrary.dll
2014-12-06 23:31 - 2014-12-06 23:31 - 00245576 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\boost_serialization-vc120-mt-1_55.dll
2014-12-06 23:32 - 2014-12-06 23:32 - 00655688 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\FtuEngine.dll
2014-12-06 23:31 - 2014-12-06 23:31 - 00687432 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\BackupLib.dll
2014-12-06 23:33 - 2014-12-06 23:33 - 00085832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QBProActiveCore.dll
2014-12-06 20:11 - 2014-12-06 20:11 - 38715904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\libcef.dll
2014-12-06 23:32 - 2014-12-06 23:32 - 00890184 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\FeaturesBridge.dll
2014-12-06 23:32 - 2014-12-06 23:32 - 00067400 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\mbpopup.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:6A3BA499 [144]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3258126484-446658152-3535686326-1000\...\cbtonline.com -> hxxps://www.cbtonline.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-01-19 18:52 - 00000875 ____A C:\windows\system32\Drivers\etc\hosts

192.168.1.12  RELIABLESERVER  #Windows Home Server#

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3258126484-446658152-3535686326-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Energy Management => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
MSCONFIG\startupreg: EnergyUtility => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D6D00F76-471A-48F7-9DB4-993866299D49}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F4F7E888-4078-47B0-8097-8AFA399A8D84}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{C28CB9A1-0654-4CEF-9D02-CB3D5587BF6E}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{9B665793-5F42-411C-B0D6-4526ACAAD576}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{90CA949A-142E-454C-8666-2F43B3BF4903}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{F9C2565E-A35F-4FCB-8AED-227C374358DB}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{4373FED3-FBC4-4E4E-B40E-9A98B505032A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1579BB9F-A227-4F3B-B278-797A43ECEE83}] => (Allow) LPort=2869
FirewallRules: [{501987DF-D2E9-4674-AA46-87EED573FD08}] => (Allow) LPort=1900
FirewallRules: [{97E38C1D-4316-4703-8A10-9113EF158AB5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{20786F77-2EA6-41F0-93C8-0D5CF145369F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{F829E28C-6110-4FAC-831C-2BB0D97164F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{27822FD8-66D1-471E-B866-F9194C96CE7E}C:\program files (x86)\java\jre1.6.0_03\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_03\bin\javaw.exe
FirewallRules: [UDP Query User{0B55A5F2-5A79-4843-A17F-69FEF3427558}C:\program files (x86)\java\jre1.6.0_03\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_03\bin\javaw.exe
FirewallRules: [TCP Query User{F324DC55-73D7-4E22-BDC3-23F80F7A43AD}C:\program files (x86)\java\jre1.6.0_03\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_03\bin\javaw.exe
FirewallRules: [UDP Query User{34F5DEBB-8474-4CE0-88DF-FE96349DB2C7}C:\program files (x86)\java\jre1.6.0_03\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_03\bin\javaw.exe
FirewallRules: [{56CB2EDD-EE51-45DB-8BEC-33AF2F52F837}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{71C0AA73-25CF-41AB-B3A3-8883928C6550}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C82F8B36-621A-4F0A-B535-DCBEAE81095A}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{66DC8271-F619-49FA-A91F-DAEC477A50F1}] => (Allow) C:\Users\Owner\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{3F1952B3-4856-4B8A-A10B-F4584456A119}C:\program files (x86)\cricut-craftroom\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craftroom\ccrbridge.exe
FirewallRules: [UDP Query User{CEEA7A27-9824-4150-B8A3-1A59CBEEEFB2}C:\program files (x86)\cricut-craftroom\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craftroom\ccrbridge.exe
FirewallRules: [TCP Query User{60DA304D-6DA3-4077-A6EF-7C295CCE17A4}C:\program files (x86)\cricut-craftroom\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craftroom\ccrbridge.exe
FirewallRules: [UDP Query User{D29F6660-C339-45DE-8841-E07146B2F542}C:\program files (x86)\cricut-craftroom\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craftroom\ccrbridge.exe
FirewallRules: [TCP Query User{7B8918ED-DACE-4C25-966F-6B92F080A406}C:\program files (x86)\cricutsync\bridge.exe] => (Allow) C:\program files (x86)\cricutsync\bridge.exe
FirewallRules: [UDP Query User{3CE5862E-2D1F-44EA-9F45-02049A60D717}C:\program files (x86)\cricutsync\bridge.exe] => (Allow) C:\program files (x86)\cricutsync\bridge.exe
FirewallRules: [{2F1FFFEE-3C5B-467F-9E2D-C21B7B4E844E}] => (Allow) C:\Program Files (x86)\CricutSync\CricutSync.exe
FirewallRules: [{718834CD-D4DF-4AE9-B75E-25780F7E18E5}] => (Allow) C:\Program Files (x86)\CricutSync\CricutSync.exe
FirewallRules: [{37A3CC69-99BA-4BE8-B3D8-C9DCA58BC159}] => (Allow) C:\Program Files (x86)\CricutSync\CricutSync.exe
FirewallRules: [{DA70A036-4045-4538-BC53-A05F81994F0A}] => (Allow) C:\Program Files (x86)\CricutSync\CricutSync.exe

==================== Restore Points =========================

08-03-2016 12:10:10 Scheduled Checkpoint
15-03-2016 03:01:35 Windows Update
21-03-2016 10:27:03 Installed Rapport
29-03-2016 03:00:37 Windows Update
14-04-2016 20:32:36 Restore Point Created by FRST
14-04-2016 21:44:05 Installed Rapport
14-04-2016 21:50:40 JRT Pre-Junkware Removal
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2016 10:28:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2016 09:39:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2016 08:32:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {cf325618-d9cc-4b70-bdf8-1d18dbc32433}

Error: (04/14/2016 08:19:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.19135, time stamp: 0x56a1bbe2
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd74c
Exception code: 0xc0000374
Fault offset: 0x00000000000c0aa2
Faulting process id: 0xa84
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (04/14/2016 12:00:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2016 12:38:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15616

Error: (04/13/2016 12:38:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15616

Error: (04/13/2016 12:38:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/13/2016 12:29:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 5.0.6060.0, time stamp: 0x563809af
Faulting module name: msksrvr.dll_unloaded, version: 0.0.0.0, time stamp: 0x56209655
Exception code: 0xc0000005
Fault offset: 0x000007fef545576b
Faulting process id: 0x4ac
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (04/13/2016 11:43:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SoftwareUpdate.exe version 2.1.3.127 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 21a4

Start Time: 01d18e0bcf686ea7

Termination Time: 3854

Application Path: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

Report Id: 65510c32-018e-11e6-8b9b-f0def1608c0e

System errors:
=============
Error: (04/14/2016 10:36:21 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (04/14/2016 10:35:28 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (04/14/2016 10:31:36 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (04/14/2016 10:28:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error:
%%0

Error: (04/14/2016 10:28:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Center TV Archive Transfer Service service failed to start due to the following error:
%%1053

Error: (04/14/2016 10:28:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Center TV Archive Transfer Service service to connect.

Error: (04/14/2016 10:28:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The svcboot_vjuhbfbrr service terminated with the following error:
%%2

Error: (04/14/2016 10:27:30 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (04/14/2016 10:27:26 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (04/14/2016 10:27:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 50%
Total physical RAM: 6058.17 MB
Available physical RAM: 2996.26 MB
Total Virtual: 12114.55 MB
Available Virtual: 9282.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:552.22 GB) (Free:435.97 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: C1AF6DC7)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=552.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End of Addition.txt ============================


  • 0

#11
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

The logs look good, how is the machine performing now? Also, the log is showing your firewall, both Windows and Kaspersky's, are off. I'd like to check Windows' firewall and get it running again. Let's run some scans for remnants and check the firewall while we're at it. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the program and select Update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: Farbar's Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • FSS.txt Log
  • How is the machine running?

  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP