Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RegSvr32 Error


  • This topic is locked This topic is locked

#1
nicechaibabe

nicechaibabe

    Member

  • Member
  • PipPip
  • 13 posts

I am at my wit's end with this error message, nothing I have tried will get rid of it.  I have run more virus scans than I can count with Malwarebytes, tried cleaning up my registry keys with Piriform CC Cleaner, and even went as far as to try to restore my computer to a previous date (which failed and read a different error message) as well as run several CHKDSK /R through command prompt which also all failed.  I realize there are probably several issues here, but the main one I'd like to tackle in hopes that it may cure some of the others is the error message I get whenever I boot up my computer, it states that the module "C:\Users\Me\AppData\Local\Icrsoft\loader_u.dll" failed to load.  It then tells me to make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files.  The last thing it says is that the specified module could not be found.  

My laptop is a Lenovo Yoga, supposedly operating on Windows 8.1 (I think Windows 10 auto-installed itself on it, even though I've been trying to delay it until I got this resolved), with an Intel® Pentium® CPU N3520 @2.16GHz processor, 4.GB Installed Memory (RAM) and 64 bit OS with x64-based processor.

I stumbled across another user having more or less the same issue, and went ahead to run the FRST thing, but read the noticed that the resolutions were tailored to their computer and could potentially screw up mine, so rather than risk making everything worse, I am reaching out this way instead.  Someone please help!

 

So here is the FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-05-2016
Ran by Me (administrator) on AUDRA (01-05-2016 12:33:00)
Running from C:\Users\Me\Downloads
Loaded Profiles: Me (Available Profiles: Me)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\COSService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Windows\SysWOW64\slpd.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\SynchronizationService.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Farbar) C:\Users\Me\Downloads\FRST64 (2).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-09-06] (Realtek semiconductor)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-04-26] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-04-26] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-04-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-04-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164080 2015-06-27] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119824 2013-12-02] (Lenovo)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23248560 2016-04-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-15] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Run: [Icrsoft] => regsvr32.exe C:\Users\Me\AppData\Local\Icrsoft\loader_u.dll <===== ATTENTION
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2901584 2015-10-14] (Valve Corporation)
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Run: [GoogleChromeAutoLaunch_A1D915EA5DAE753EE11AF3AB6D0C4DBD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-27] (Google Inc.)
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [COSDriveIconOverlay] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemInSyncIconOverlay] -> {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemModifiedIconOverlay] -> {AE67D273-7253-4236-B55E-D40055B305D6} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemNewIconOverlay] -> {022F23E9-DA0F-4A86-A728-CAF6150C0B63} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemUnsynchronizedIconOverlay] -> {4D7EE7CF-E7A1-45FE-8F80-3A37574918D7} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
Startup: C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-10-13]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39D959D5-DF6C-485A-865E-473909CC08EA}: [DhcpNameServer] 150.201.1.2
Tcpip\..\Interfaces\{54A889E4-1F7B-4FE2-BEA0-9DCD20AB262E}: [DhcpNameServer] 192.168.1.1
ManualProxies: 
 
Internet Explorer:
==================
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3877431653-220597728-3785205167-1001 -> DefaultScope {55DB5020-5DB2-4B0E-9D50-EEAFCDDA079F} URL = 
SearchScopes: HKU\S-1-5-21-3877431653-220597728-3785205167-1001 -> {55DB5020-5DB2-4B0E-9D50-EEAFCDDA079F} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Pusnuugapecaceg -> {41590B24-FA55-4D1F-bFF1-18B2F966A124} -> C:\Program Files\Pusnuugapecaceg\Vepreoaj64.dll [2016-04-28] ()
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-06-27] (IvoSoft)
BHO-x32: Pusnuugapecaceg -> {41590B24-FA55-4D1F-bFF1-18B2F966A124} -> C:\Program Files\Pusnuugapecaceg\Vepreoaj.dll [2016-04-28] ()
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-09] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-09] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-06-27] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\36u5pcxw.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://shs.suffield.org/home.aspx
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Bejeweled) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-02-19]
CHR Extension: (Google Docs) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Sheets) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (AdBlock) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-17]
CHR Extension: (Pin It Button) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-24]
CHR Extension: (Asana Extension for Chrome) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\khnpeclbnipcdacdkhejifenadikeghk [2016-01-04]
CHR Extension: (Skype) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-04-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Gmail) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-3877431653-220597728-3785205167-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 A590A28F-964A-4C77-8F34-9843761BE654; C:\Program Files\Pusnuugapecaceg\Peknhr.exe [275296 2016-04-28] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-15] (Windows ® Win 7 DDK provider) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 COSService.exe; C:\Program Files\COMODO\COMMON\COSService.exe [3550400 2014-10-07] (COMODO Security Solutions)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-22] (Dropbox, Inc.)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
R2 hasplms; C:\windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-04-26] (Lenovo)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-11-04] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-04-26] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-04-26] (Lenovo)
S3 Pusnuugapecaceg Updater; C:\Program Files\Pusnuugapecaceg\Acidsaf.exe [273760 2016-04-28] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 slpd; C:\Windows\SysWOW64\slpd.exe [88576 2015-04-09] () [File not signed]
R2 SynchronizationService.exe; C:\Program Files\COMODO\COMMON\SynchronizationService.exe [2575552 2014-10-07] (COMODO Security Solutions)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-04-26] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-04-26] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2013-11-18] ()
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-15] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R0 bdisk; C:\Windows\System32\DRIVERS\bdisk.sys [85488 2014-10-07] (COMODO Security Solutions Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-15] (Qualcomm Atheros)
R0 CBUFS; C:\Windows\System32\DRIVERS\CBUFS.sys [230712 2014-10-07] (COMODO Security Solutions Inc.)
R0 cbvd; C:\Windows\System32\DRIVERS\cbvd.sys [677744 2014-10-07] (COMODO Security Solutions Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [24392 2013-10-16] (ELAN Microelectronic Corp.)
R2 hardlock; C:\windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R0 Reparse; C:\Windows\System32\DRIVERS\CBReparse.sys [674160 2014-10-07] (COMODO Security Solutions Inc.)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8874712 2013-09-06] (Realtek Semiconductor Corp.)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 vdbus; C:\Windows\System32\drivers\vdbus.sys [826040 2014-10-07] (COMODO Security Solutions Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S1 bsdpr64; \??\C:\windows\system32\Drivers\bsdpr64.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-01 12:33 - 2016-05-01 12:34 - 00040035 _____ C:\Users\Me\Downloads\FRST.txt
2016-05-01 12:32 - 2016-05-01 12:33 - 00000000 ____D C:\FRST
2016-05-01 12:32 - 2016-05-01 12:32 - 02377216 _____ (Farbar) C:\Users\Me\Downloads\FRST64 (2).exe
2016-05-01 12:32 - 2016-05-01 12:32 - 02377216 _____ (Farbar) C:\Users\Me\Downloads\FRST64 (1).exe
2016-05-01 12:31 - 2016-05-01 12:31 - 02377216 _____ (Farbar) C:\Users\Me\Downloads\FRST64.exe
2016-04-30 17:07 - 2016-04-30 17:07 - 00006592 ____N C:\bootsqm.dat
2016-04-30 13:51 - 2016-04-30 13:51 - 00000000 ____D C:\Users\Me\Downloads\GoFlex_BundledSW (1)
2016-04-30 13:46 - 2016-04-30 13:48 - 194852403 _____ C:\Users\Me\Downloads\GoFlex_BundledSW (1).zip
2016-04-30 13:37 - 2016-04-30 13:37 - 00000000 ____D C:\Users\Me\AppData\Local\ElevatedDiagnostics
2016-04-30 13:33 - 2016-04-30 13:34 - 00541302 _____ C:\Users\Me\Downloads\DeviceWin8.meta.diagcab
2016-04-29 19:44 - 2016-04-29 19:44 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-29 19:44 - 2016-04-29 19:44 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-29 19:42 - 2016-04-29 19:43 - 00987728 _____ (Google Inc.) C:\Users\Me\Downloads\ChromeSetup.exe
2016-04-29 19:35 - 2016-04-29 19:44 - 00000000 ____D C:\Users\Me\AppData\Local\Mozilla
2016-04-29 19:35 - 2016-04-29 19:38 - 00000000 ____D C:\Users\Me\AppData\Roaming\Mozilla
2016-04-29 19:35 - 2016-04-29 19:35 - 00001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-29 19:35 - 2016-04-29 19:35 - 00001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-29 19:35 - 2016-04-29 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-29 19:35 - 2016-04-29 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-29 19:34 - 2016-04-29 19:34 - 00242160 _____ C:\Users\Me\Downloads\Firefox Setup Stub 46.0.exe
2016-04-29 14:44 - 2016-04-29 14:44 - 00209030 ____T C:\Users\Me\Desktop\Prom Ballot.oxps
2016-04-29 13:18 - 2016-04-29 13:18 - 00003094 _____ C:\windows\System32\Tasks\{6C232F94-5963-423B-B0A9-78786CAB52D0}
2016-04-28 09:45 - 2016-04-29 13:09 - 00000000 ____D C:\Users\Me\AppData\Roaming\Hejij
2016-04-28 09:45 - 2016-04-29 13:09 - 00000000 ____D C:\Users\Me\AppData\Roaming\CebsuPaje
2016-04-28 09:45 - 2016-04-29 13:09 - 00000000 ____D C:\Users\Me\AppData\LocalLow\Company
2016-04-28 09:45 - 2016-04-28 09:45 - 00000000 ____D C:\uninst
2016-04-28 09:44 - 2016-04-29 15:04 - 00000000 ____D C:\Program Files\Pusnuugapecaceg
2016-04-28 09:44 - 2016-04-29 13:10 - 00000000 ____D C:\Users\Me\AppData\Local\Tempfolder
2016-04-28 09:44 - 2016-04-28 21:26 - 00000000 ____D C:\Program Files\PusnuugapecacegUn
2016-04-28 09:44 - 2016-04-28 09:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SrpnFiles
2016-04-28 09:43 - 2016-04-28 09:43 - 04280320 _____ C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf (4).iso
2016-04-28 09:43 - 2016-04-28 09:43 - 04280320 _____ C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf (3).iso
2016-04-28 09:43 - 2016-04-28 09:43 - 04280320 _____ C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf (2).iso
2016-04-28 09:42 - 2016-04-28 09:42 - 04280320 _____ C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf (1).iso
2016-04-28 09:40 - 2016-04-28 09:41 - 04280320 _____ C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf.iso
2016-04-27 17:06 - 2016-04-27 17:06 - 00002300 _____ C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-04-26 08:14 - 2016-04-26 08:14 - 00016182 ____H C:\Users\Me\Desktop\~WRL0549.tmp
2016-04-19 09:52 - 2016-04-19 09:53 - 03054080 _____ C:\Users\Me\Downloads\Cloud 9_s.ppt
2016-04-17 23:26 - 2016-04-05 17:53 - 00829944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-04-17 23:26 - 2016-04-05 17:53 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-17 13:54 - 2016-04-17 13:54 - 119223343 _____ C:\Users\Me\Downloads\Photos.zip
2016-04-16 15:07 - 2016-04-16 15:08 - 12140644 _____ C:\Users\Me\Downloads\Presentation1.pptx
2016-04-15 17:46 - 2016-04-15 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-13 16:54 - 2016-04-13 16:54 - 00273581 _____ C:\Users\Me\Downloads\Cherry O assignment.pdf
2016-04-13 00:22 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rasl2tp.sys
2016-04-13 00:21 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-04-13 00:21 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-04-13 00:21 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-04-13 00:21 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-04-13 00:21 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-04-13 00:21 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-04-13 00:21 - 2016-03-30 19:56 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2016-04-13 00:21 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-04-13 00:21 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-04-13 00:21 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-04-13 00:21 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-04-13 00:21 - 2016-03-30 19:50 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-04-13 00:21 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-04-13 00:21 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-04-13 00:21 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-04-13 00:21 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-04-13 00:21 - 2016-03-30 19:43 - 00379392 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-04-13 00:21 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-04-13 00:21 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-04-13 00:21 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-04-13 00:21 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-04-13 00:21 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-04-13 00:21 - 2016-03-30 19:30 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2016-04-13 00:21 - 2016-03-30 19:27 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-04-13 00:21 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-04-13 00:21 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-04-13 00:21 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-04-13 00:21 - 2016-03-30 19:23 - 00330752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-04-13 00:21 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-04-13 00:21 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-04-13 00:21 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-04-13 00:21 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-04-13 00:21 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-04-13 00:21 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-04-13 00:15 - 2016-03-15 19:00 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-04-13 00:15 - 2016-03-15 10:14 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-04-13 00:15 - 2016-03-11 10:48 - 00833024 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2016-04-13 00:15 - 2016-03-10 14:22 - 00201728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-04-13 00:15 - 2016-03-10 14:21 - 00401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-04-13 00:15 - 2016-03-10 14:20 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-04-13 00:15 - 2016-03-10 13:44 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-04-13 00:15 - 2016-03-10 13:16 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-04-13 00:15 - 2016-03-10 13:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2016-04-13 00:15 - 2016-03-10 12:48 - 00064512 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2016-04-13 00:14 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2016-04-13 00:14 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2016-04-13 00:13 - 2016-04-04 02:35 - 00046768 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-04-13 00:13 - 2016-04-02 09:26 - 01386496 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-04-13 00:13 - 2016-04-02 09:26 - 01169408 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-04-13 00:13 - 2016-03-28 09:21 - 00698368 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-04-13 00:13 - 2016-03-28 09:21 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-04-13 00:13 - 2016-03-28 09:21 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-04-13 00:13 - 2016-03-28 09:21 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-04-13 00:13 - 2016-03-28 09:21 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-04-13 00:12 - 2016-03-02 21:39 - 01661576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-04-13 00:12 - 2016-03-02 21:39 - 01212248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-04-13 00:12 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2016-04-13 00:11 - 2016-01-27 11:18 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2016-04-13 00:10 - 2016-03-03 12:47 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-04-13 00:10 - 2016-03-03 12:33 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-04-13 00:10 - 2016-02-08 21:31 - 22365472 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-04-13 00:10 - 2016-02-08 21:31 - 19794896 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-04-13 00:10 - 2016-02-08 21:31 - 02757616 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-04-13 00:10 - 2016-02-08 21:31 - 02412576 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-04-13 00:10 - 2016-02-08 21:31 - 00273264 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlows.exe
2016-04-13 00:10 - 2016-02-08 16:55 - 02712576 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-04-13 00:10 - 2016-02-08 16:15 - 02551808 _____ (Microsoft Corporation) C:\windows\SysWOW64\themecpl.dll
2016-04-13 00:10 - 2016-02-08 16:02 - 01197056 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2016-04-13 00:10 - 2016-02-08 15:48 - 12879360 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2016-04-13 00:10 - 2016-02-08 15:43 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncHost.exe
2016-04-13 00:10 - 2016-02-08 15:40 - 00539648 _____ (Microsoft Corporation) C:\windows\SysWOW64\hgcpl.dll
2016-04-13 00:10 - 2016-02-08 15:39 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll
2016-04-13 00:10 - 2016-02-08 15:37 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingMonitor.dll
2016-04-13 00:10 - 2016-02-08 15:35 - 00954880 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.appcore.dll
2016-04-13 00:10 - 2016-02-08 15:34 - 00667648 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncCore.dll
2016-04-13 00:10 - 2016-02-08 15:33 - 00520192 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2016-04-13 00:10 - 2016-02-08 14:50 - 03120640 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-04-13 00:10 - 2016-02-08 13:55 - 02592256 _____ (Microsoft Corporation) C:\windows\system32\themecpl.dll
2016-04-13 00:10 - 2016-02-08 13:33 - 01278464 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2016-04-13 00:10 - 2016-02-08 13:12 - 14466560 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2016-04-13 00:10 - 2016-02-08 13:02 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncHost.exe
2016-04-13 00:10 - 2016-02-08 13:00 - 00599552 _____ (Microsoft Corporation) C:\windows\system32\hgcpl.dll
2016-04-13 00:10 - 2016-02-08 12:58 - 00336384 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll
2016-04-13 00:10 - 2016-02-08 12:55 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\SettingMonitor.dll
2016-04-13 00:10 - 2016-02-08 12:53 - 02171904 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlowUI.dll
2016-04-13 00:10 - 2016-02-08 12:53 - 01348096 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2016-04-13 00:10 - 2016-02-08 12:50 - 01220096 _____ (Microsoft Corporation) C:\windows\system32\twinui.appcore.dll
2016-04-13 00:10 - 2016-02-08 12:50 - 00841728 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncCore.dll
2016-04-13 00:10 - 2016-02-08 12:48 - 00655872 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2016-04-13 00:10 - 2016-02-08 12:47 - 02819584 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2016-04-13 00:10 - 2016-02-08 12:44 - 00955392 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.dll
2016-04-13 00:10 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2016-04-13 00:10 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2016-04-13 00:10 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2016-04-13 00:10 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\windows\system32\WsmAgent.dll
2016-04-13 00:10 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2016-04-13 00:10 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2016-04-13 00:10 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAgent.dll
2016-04-13 00:10 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2016-04-13 00:10 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2016-04-13 00:10 - 2014-11-07 22:38 - 00166912 _____ (Microsoft Corporation) C:\windows\system32\AppxAllUserStore.dll
2016-04-13 00:10 - 2014-11-07 22:17 - 00143360 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxAllUserStore.dll
2016-04-13 00:05 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\windows\system32\workfolderssvc.dll
2016-04-13 00:05 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\windows\system32\WorkfoldersControl.dll
2016-04-12 23:59 - 2016-03-10 15:19 - 07452512 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-04-12 23:59 - 2016-03-10 15:17 - 01663192 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-04-12 23:59 - 2016-03-10 15:17 - 01523216 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2016-04-12 23:59 - 2016-03-10 15:17 - 01490128 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-04-12 23:59 - 2016-03-10 15:17 - 01358960 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2016-04-12 23:59 - 2016-03-10 15:17 - 01133752 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-04-12 23:59 - 2016-03-10 13:48 - 00862720 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.d

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

You're running Windows 8.1

Download the enclosed => Attached File  fixlist.txt   10.76KB   103 downloads Save it in the location FRST64 is->(Your downloads folder). Now run FRST and click on the Fix button. Wait until finished.
The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply. After you post the fix log,

Do this below and post both logs.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#3
nicechaibabe

nicechaibabe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Thank you so much for helping! I'm sorry for replying so late, I had just decided that I probably wasn't going to get a reply until the morning, I think, when you responded.  I'm putting my texts in blue to distinguish my words from the log entries since there's so much text, if that is not helpful please let me know!  The first log, when running the "Fix" option is as follows:

Fix result of Farbar Recovery Scan Tool (x64) Version:01-05-2016
Ran by Me (2016-05-02 15:10:22) Run:1
Running from C:\Users\Me\Downloads
Loaded Profiles: Me (Available Profiles: Me)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Run: [Icrsoft] => regsvr32.exe C:\Users\Me\AppData\Local\Icrsoft\loader_u.dll <===== ATTENTION
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2901584 2015-10-14] (Valve Corporation)
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Run: [GoogleChromeAutoLaunch_A1D915EA5DAE753EE11AF3AB6D0C4DBD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-27] (Google Inc.)
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3877431653-220597728-3785205167-1001 -> DefaultScope {55DB5020-5DB2-4B0E-9D50-EEAFCDDA079F} URL = 
SearchScopes: HKU\S-1-5-21-3877431653-220597728-3785205167-1001 -> {55DB5020-5DB2-4B0E-9D50-EEAFCDDA079F} URL = 
S1 bsdpr64; \??\C:\windows\system32\Drivers\bsdpr64.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Run: [Icrsoft] => regsvr32.exe C:\Users\Me\AppData\Local\Icrsoft\loader_u.dll <===== ATTENTION
C:\Users\Me\AppData\Local\Icrsoft
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleDriveSync => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Icrsoft => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A1D915EA5DAE753EE11AF3AB6D0C4DBD => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3877431653-220597728-3785205167-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{55DB5020-5DB2-4B0E-9D50-EEAFCDDA079F}" => key removed successfully
HKCR\CLSID\{55DB5020-5DB2-4B0E-9D50-EEAFCDDA079F} => key not found. 
bsdpr64 => service removed successfully
SR => service removed successfully
srservice => service removed successfully
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Icrsoft => value not found.
"C:\Users\Me\AppData\Local\Icrsoft" => not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {22A66AF9-EB99-45AE-ACBB-41504C4A64E8}.
{400F9D21-2086-4F6B-AAD0-D5BA7C439EFA} canceled.
1 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => 174.1 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 15:12:48 ====
 
The second run of FRST with both logs is:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-05-2016
Ran by Me (administrator) on AUDRA (02-05-2016 15:24:17)
Running from C:\Users\Me\Downloads
Loaded Profiles: Me (Available Profiles: Me)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\COSService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Windows\SysWOW64\slpd.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\SynchronizationService.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-09-06] (Realtek semiconductor)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-04-26] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-04-26] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-04-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-04-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164080 2015-06-27] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119824 2013-12-02] (Lenovo)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23248560 2016-04-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-15] (Qualcomm®Atheros®)
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Run: [GoogleChromeAutoLaunch_A1D915EA5DAE753EE11AF3AB6D0C4DBD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-27] (Google Inc.)
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [COSDriveIconOverlay] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemInSyncIconOverlay] -> {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemModifiedIconOverlay] -> {AE67D273-7253-4236-B55E-D40055B305D6} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemNewIconOverlay] -> {022F23E9-DA0F-4A86-A728-CAF6150C0B63} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemUnsynchronizedIconOverlay] -> {4D7EE7CF-E7A1-45FE-8F80-3A37574918D7} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
Startup: C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-10-13]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39D959D5-DF6C-485A-865E-473909CC08EA}: [DhcpNameServer] 150.201.1.2
Tcpip\..\Interfaces\{54A889E4-1F7B-4FE2-BEA0-9DCD20AB262E}: [DhcpNameServer] 192.168.1.1
ManualProxies: 
 
Internet Explorer:
==================
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Pusnuugapecaceg -> {41590B24-FA55-4D1F-bFF1-18B2F966A124} -> C:\Program Files\Pusnuugapecaceg\Vepreoaj64.dll [2016-04-28] ()
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-06-27] (IvoSoft)
BHO-x32: Pusnuugapecaceg -> {41590B24-FA55-4D1F-bFF1-18B2F966A124} -> C:\Program Files\Pusnuugapecaceg\Vepreoaj.dll [2016-04-28] ()
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-09] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-09] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-06-27] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\36u5pcxw.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://shs.suffield.org/home.aspx
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Bejeweled) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-02-19]
CHR Extension: (Google Docs) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Sheets) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (AdBlock) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-17]
CHR Extension: (Pin It Button) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-24]
CHR Extension: (Asana Extension for Chrome) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\khnpeclbnipcdacdkhejifenadikeghk [2016-05-01]
CHR Extension: (Skype) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-04-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Gmail) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-3877431653-220597728-3785205167-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-15] (Windows ® Win 7 DDK provider) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 COSService.exe; C:\Program Files\COMODO\COMMON\COSService.exe [3550400 2014-10-07] (COMODO Security Solutions)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-22] (Dropbox, Inc.)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
R2 hasplms; C:\windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-04-26] (Lenovo)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-11-04] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-04-26] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-04-26] (Lenovo)
S3 Pusnuugapecaceg Updater; C:\Program Files\Pusnuugapecaceg\Acidsaf.exe [273760 2016-04-28] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 slpd; C:\Windows\SysWOW64\slpd.exe [88576 2015-04-09] () [File not signed]
R2 SynchronizationService.exe; C:\Program Files\COMODO\COMMON\SynchronizationService.exe [2575552 2014-10-07] (COMODO Security Solutions)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-04-26] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-04-26] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2013-11-18] ()
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-15] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R0 bdisk; C:\Windows\System32\DRIVERS\bdisk.sys [85488 2014-10-07] (COMODO Security Solutions Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-15] (Qualcomm Atheros)
R0 CBUFS; C:\Windows\System32\DRIVERS\CBUFS.sys [230712 2014-10-07] (COMODO Security Solutions Inc.)
R0 cbvd; C:\Windows\System32\DRIVERS\cbvd.sys [677744 2014-10-07] (COMODO Security Solutions Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [24392 2013-10-16] (ELAN Microelectronic Corp.)
R2 hardlock; C:\windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-01] (Malwarebytes)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R0 Reparse; C:\Windows\System32\DRIVERS\CBReparse.sys [674160 2014-10-07] (COMODO Security Solutions Inc.)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8874712 2013-09-06] (Realtek Semiconductor Corp.)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 vdbus; C:\Windows\System32\drivers\vdbus.sys [826040 2014-10-07] (COMODO Security Solutions Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-02 15:10 - 2016-05-02 15:12 - 00032952 _____ C:\Users\Me\Downloads\Fixlog.txt
2016-05-01 19:26 - 2016-05-01 19:31 - 00000000 ____D C:\AdwCleaner
2016-05-01 19:25 - 2016-05-01 19:26 - 03615296 _____ C:\Users\Me\Downloads\AdwCleaner.exe
2016-05-01 16:20 - 2016-05-01 16:20 - 00007606 _____ C:\Users\Me\Documents\cc_20160501_162044.reg
2016-05-01 12:35 - 2016-05-01 12:39 - 00042073 _____ C:\Users\Me\Downloads\Addition.txt
2016-05-01 12:33 - 2016-05-02 15:24 - 00029508 _____ C:\Users\Me\Downloads\FRST.txt
2016-05-01 12:32 - 2016-05-02 15:24 - 00000000 ____D C:\FRST
2016-05-01 12:32 - 2016-05-01 12:32 - 02377216 _____ (Farbar) C:\Users\Me\Downloads\FRST64 (2).exe
2016-05-01 12:32 - 2016-05-01 12:32 - 02377216 _____ (Farbar) C:\Users\Me\Downloads\FRST64 (1).exe
2016-05-01 12:31 - 2016-05-01 12:31 - 02377216 _____ (Farbar) C:\Users\Me\Downloads\FRST64.exe
2016-04-30 13:51 - 2016-04-30 13:51 - 00000000 ____D C:\Users\Me\Downloads\GoFlex_BundledSW (1)
2016-04-30 13:46 - 2016-04-30 13:48 - 194852403 _____ C:\Users\Me\Downloads\GoFlex_BundledSW (1).zip
2016-04-30 13:33 - 2016-04-30 13:34 - 00541302 _____ C:\Users\Me\Downloads\DeviceWin8.meta.diagcab
2016-04-29 19:44 - 2016-04-29 19:44 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-29 19:44 - 2016-04-29 19:44 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-29 19:42 - 2016-04-29 19:43 - 00987728 _____ (Google Inc.) C:\Users\Me\Downloads\ChromeSetup.exe
2016-04-29 19:35 - 2016-04-29 19:44 - 00000000 ____D C:\Users\Me\AppData\Local\Mozilla
2016-04-29 19:35 - 2016-04-29 19:38 - 00000000 ____D C:\Users\Me\AppData\Roaming\Mozilla
2016-04-29 19:35 - 2016-04-29 19:35 - 00001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-29 19:35 - 2016-04-29 19:35 - 00001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-29 19:35 - 2016-04-29 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-29 19:35 - 2016-04-29 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-29 19:34 - 2016-04-29 19:34 - 00242160 _____ C:\Users\Me\Downloads\Firefox Setup Stub 46.0.exe
2016-04-29 14:44 - 2016-04-29 14:44 - 00209030 ____T C:\Users\Me\Desktop\Prom Ballot.oxps
2016-04-29 13:18 - 2016-04-29 13:18 - 00003094 _____ C:\windows\System32\Tasks\{6C232F94-5963-423B-B0A9-78786CAB52D0}
2016-04-28 09:45 - 2016-04-29 13:09 - 00000000 ____D C:\Users\Me\AppData\Roaming\Hejij
2016-04-28 09:45 - 2016-04-29 13:09 - 00000000 ____D C:\Users\Me\AppData\Roaming\CebsuPaje
2016-04-28 09:45 - 2016-04-29 13:09 - 00000000 ____D C:\Users\Me\AppData\LocalLow\Company
2016-04-28 09:45 - 2016-04-28 09:45 - 00000000 ____D C:\uninst
2016-04-28 09:44 - 2016-04-29 15:04 - 00000000 ____D C:\Program Files\Pusnuugapecaceg
2016-04-28 09:44 - 2016-04-29 13:10 - 00000000 ____D C:\Users\Me\AppData\Local\Tempfolder
2016-04-28 09:44 - 2016-04-28 21:26 - 00000000 ____D C:\Program Files\PusnuugapecacegUn
2016-04-28 09:43 - 2016-04-28 09:43 - 04280320 _____ C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf (4).iso
2016-04-28 09:43 - 2016-04-28 09:43 - 04280320 _____ C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf (3).iso
2016-04-28 09:43 - 2016-04-28 09:43 - 04280320 _____ C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf (2).iso
2016-04-28 09:42 - 2016-04-28 09:42 - 04280320 _____ C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf (1).iso
2016-04-28 09:40 - 2016-04-28 09:41 - 04280320 _____ C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf.iso
2016-04-27 17:06 - 2016-04-27 17:06 - 00002300 _____ C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-04-26 08:14 - 2016-04-26 08:14 - 00016182 ____H C:\Users\Me\Desktop\~WRL0549.tmp
2016-04-19 09:52 - 2016-04-19 09:53 - 03054080 _____ C:\Users\Me\Downloads\Cloud 9_s.ppt
2016-04-17 23:26 - 2016-04-05 17:53 - 00829944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-04-17 23:26 - 2016-04-05 17:53 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-17 13:54 - 2016-04-17 13:54 - 119223343 _____ C:\Users\Me\Downloads\Photos.zip
2016-04-16 15:07 - 2016-04-16 15:08 - 12140644 _____ C:\Users\Me\Downloads\Presentation1.pptx
2016-04-15 17:46 - 2016-04-15 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-13 16:54 - 2016-04-13 16:54 - 00273581 _____ C:\Users\Me\Downloads\Cherry O assignment.pdf
2016-04-13 00:22 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rasl2tp.sys
2016-04-13 00:21 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-04-13 00:21 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-04-13 00:21 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-04-13 00:21 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-04-13 00:21 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-04-13 00:21 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-04-13 00:21 - 2016-03-30 19:56 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2016-04-13 00:21 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-04-13 00:21 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-04-13 00:21 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-04-13 00:21 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-04-13 00:21 - 2016-03-30 19:50 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-04-13 00:21 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-04-13 00:21 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-04-13 00:21 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-04-13 00:21 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-04-13 00:21 - 2016-03-30 19:43 - 00379392 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-04-13 00:21 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-04-13 00:21 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-04-13 00:21 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-04-13 00:21 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-04-13 00:21 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-04-13 00:21 - 2016-03-30 19:30 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2016-04-13 00:21 - 2016-03-30 19:27 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-04-13 00:21 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-04-13 00:21 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-04-13 00:21 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-04-13 00:21 - 2016-03-30 19:23 - 00330752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-04-13 00:21 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-04-13 00:21 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-04-13 00:21 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-04-13 00:21 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-04-13 00:21 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-04-13 00:21 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-04-13 00:15 - 2016-03-15 19:00 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-04-13 00:15 - 2016-03-15 10:14 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-04-13 00:15 - 2016-03-11 10:48 - 00833024 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2016-04-13 00:15 - 2016-03-10 14:22 - 00201728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-04-13 00:15 - 2016-03-10 14:21 - 00401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-04-13 00:15 - 2016-03-10 14:20 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-04-13 00:15 - 2016-03-10 13:44 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-04-13 00:15 - 2016-03-10 13:16 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-04-13 00:15 - 2016-03-10 13:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2016-04-13 00:15 - 2016-03-10 12:48 - 00064512 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2016-04-13 00:14 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2016-04-13 00:14 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2016-04-13 00:13 - 2016-04-04 02:35 - 00046768 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-04-13 00:13 - 2016-04-02 09:26 - 01386496 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-04-13 00:13 - 2016-04-02 09:26 - 01169408 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-04-13 00:13 - 2016-03-28 09:21 - 00698368 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-04-13 00:13 - 2016-03-28 09:21 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-04-13 00:13 - 2016-03-28 09:21 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-04-13 00:13 - 2016-03-28 09:21 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-04-13 00:13 - 2016-03-28 09:21 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-04-13 00:12 - 2016-03-02 21:39 - 01661576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-04-13 00:12 - 2016-03-02 21:39 - 01212248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-04-13 00:12 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2016-04-13 00:11 - 2016-01-27 11:18 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2016-04-13 00:10 - 2016-03-03 12:47 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-04-13 00:10 - 2016-03-03 12:33 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-04-13 00:10 - 2016-02-08 21:31 - 22365472 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-04-13 00:10 - 2016-02-08 21:31 - 19794896 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-04-13 00:10 - 2016-02-08 21:31 - 02757616 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-04-13 00:10 - 2016-02-08 21:31 - 02412576 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-04-13 00:10 - 2016-02-08 21:31 - 00273264 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlows.exe
2016-04-13 00:10 - 2016-02-08 16:55 - 02712576 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-04-13 00:10 - 2016-02-08 16:15 - 02551808 _____ (Microsoft Corporation) C:\windows\SysWOW64\themecpl.dll
2016-04-13 00:10 - 2016-02-08 16:02 - 01197056 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2016-04-13 00:10 - 2016-02-08 15:48 - 12879360 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2016-04-13 00:10 - 2016-02-08 15:43 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncHost.exe
2016-04-13 00:10 - 2016-02-08 15:40 - 00539648 _____ (Microsoft Corporation) C:\windows\SysWOW64\hgcpl.dll
2016-04-13 00:10 - 2016-02-08 15:39 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll
2016-04-13 00:10 - 2016-02-08 15:37 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingMonitor.dll
2016-04-13 00:10 - 2016-02-08 15:35 - 00954880 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.appcore.dll
2016-04-13 00:10 - 2016-02-08 15:34 - 00667648 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncCore.dll
2016-04-13 00:10 - 2016-02-08 15:33 - 00520192 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2016-04-13 00:10 - 2016-02-08 14:50 - 03120640 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-04-13 00:10 - 2016-02-08 13:55 - 02592256 _____ (Microsoft Corporation) C:\windows\system32\themecpl.dll
2016-04-13 00:10 - 2016-02-08 13:33 - 01278464 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2016-04-13 00:10 - 2016-02-08 13:12 - 14466560 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2016-04-13 00:10 - 2016-02-08 13:02 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncHost.exe
2016-04-13 00:10 - 2016-02-08 13:00 - 00599552 _____ (Microsoft Corporation) C:\windows\system32\hgcpl.dll
2016-04-13 00:10 - 2016-02-08 12:58 - 00336384 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll
2016-04-13 00:10 - 2016-02-08 12:55 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\SettingMonitor.dll
2016-04-13 00:10 - 2016-02-08 12:53 - 02171904 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlowUI.dll
2016-04-13 00:10 - 2016-02-08 12:53 - 01348096 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2016-04-13 00:10 - 2016-02-08 12:50 - 01220096 _____ (Microsoft Corporation) C:\windows\system32\twinui.appcore.dll
2016-04-13 00:10 - 2016-02-08 12:50 - 00841728 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncCore.dll
2016-04-13 00:10 - 2016-02-08 12:48 - 00655872 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2016-04-13 00:10 - 2016-02-08 12:47 - 02819584 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2016-04-13 00:10 - 2016-02-08 12:44 - 00955392 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.dll
2016-04-13 00:10 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2016-04-13 00:10 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2016-04-13 00:10 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2016-04-13 00:10 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\windows\system32\WsmAgent.dll
2016-04-13 00:10 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2016-04-13 00:10 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2016-04-13 00:10 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAgent.dll
2016-04-13 00:10 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2016-04-13 00:10 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2016-04-13 00:10 - 2014-11-07 22:38 - 00166912 _____ (Microsoft Corporation) C:\windows\system32\AppxAllUserStore.dll
2016-04-13 00:10 - 2014-11-07 22:17 - 00143360 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxAllUserStore.dll
2016-04-13 00:05 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\windows\system32\workfolderssvc.dll
2016-04-13 00:05 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\windows\system32\WorkfoldersControl.dll
2016-04-12 23:59 - 2016-03-10 15:19 - 07452512 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-04-12 23:59 - 2016-03-10 15:17 - 01663192 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-04-12 23:59 - 2016-03-10 15:17 - 01523216 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2016-04-12 23:59 - 2016-03-10 15:17 - 01490128 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-04-12 23:59 - 2016-03-10 15:17 - 01358960 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2016-04-12 23:59 - 2016-03-10 15:17 - 01133752 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-04-12 23:59 - 2016-03-10 13:48 - 00862720 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-04-12 23:59 - 2016-03-10 13:43 - 00161280 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-04-12 23:59 - 2016-03-10 12:55 - 00166400 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-04-12 23:59 - 2016-03-10 12:42 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-04-12 23:59 - 2016-02-05 15:07 - 00378712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2016-04-12 23:59 - 2016-02-04 14:07 - 00222720 _____ (Microsoft Corporation) C:\windows\system32\dhcpsapi.dll
2016-04-12 23:59 - 2016-02-04 13:35 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpsapi.dll
2016-04-12 23:59 - 2016-01-26 15:15 - 00072024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vpci.sys
2016-04-12 23:59 - 2016-01-22 01:22 - 02487296 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2016-04-12 23:59 - 2016-01-22 01:11 - 01482240 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2016-04-12 23:58 - 2016-02-05 11:11 - 00845312 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2016-04-12 23:58 - 2016-02-05 11:11 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2016-04-12 23:58 - 2016-02-05 11:07 - 00272384 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2016-04-12 23:58 - 2016-02-05 11:02 - 01083904 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2016-04-12 23:58 - 2016-02-04 12:23 - 00713216 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2016-04-12 23:58 - 2016-02-04 12:22 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2016-04-12 23:58 - 2016-02-02 13:18 - 01574912 _____ (Microsoft Corporation) C:\windows\system32\wbengine.exe
2016-04-12 23:58 - 2016-01-31 13:17 - 00779264 _____ (Microsoft Corporation) C:\windows\system32\WindowsAnytimeUpgradeui.exe
2016-04-12 23:58 - 2016-01-20 18:40 - 00099672 ____C (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2016-04-12 23:57 - 2016-02-06 19:05 - 00551256 ____C (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys
2016-04-12 23:04 - 2016-03-29 10:05 - 04175872 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-04-12 23:04 - 2016-03-03 12:13 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2016-04-12 23:04 - 2016-02-06 18:41 - 00316760 ____C (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2016-04-10 13:31 - 2016-04-10 13:31 - 00066874 _____ C:\Users\Me\Desktop\Food Delivery _ Restaurant Takeout _ Order Food Online _ Grubhub.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-02 15:18 - 2015-07-24 23:22 - 00000000 ____D C:\Users\Me\AppData\Local\ClassicShell
2016-05-02 15:15 - 2015-07-22 12:38 - 00000000 ___RD C:\Users\Me\Dropbox
2016-05-02 15:14 - 2015-07-22 12:34 - 00000908 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-05-02 15:14 - 2014-09-05 14:56 - 00000000 ____D C:\Users\Me\AppData\LocalLow\Temp
2016-05-02 15:14 - 2014-08-29 19:03 - 00000000 ___DO C:\Users\Me\SkyDrive
2016-05-02 15:14 - 2014-08-29 18:25 - 00000914 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-02 15:13 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-05-02 15:13 - 2013-08-22 09:25 - 00524288 ___SH C:\windows\system32\config\BBI
2016-05-02 15:10 - 2014-04-26 12:02 - 00004608 _____ C:\windows\system32\VfService.trf
2016-05-02 15:09 - 2014-08-29 18:25 - 00000918 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-01 20:44 - 2015-07-22 12:34 - 00000912 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-05-01 19:58 - 2014-08-29 15:00 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3877431653-220597728-3785205167-1001
2016-05-01 19:34 - 2013-08-22 09:36 - 00000000 ____D C:\windows\Inf
2016-05-01 19:31 - 2014-08-29 14:55 - 00001006 _____ C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-01 19:24 - 2015-06-23 12:27 - 00000000 ____D C:\Users\Me\Documents\BDS
2016-05-01 16:13 - 2014-08-29 19:54 - 00000000 ____D C:\Users\Me\AppData\Local\CrashDumps
2016-05-01 13:49 - 2015-09-03 22:22 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-01 13:09 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-01 13:09 - 2013-08-22 11:36 - 00000000 ____D C:\windows\AppReadiness
2016-05-01 12:10 - 2013-10-07 14:27 - 00904636 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-30 14:19 - 2015-06-26 14:19 - 00000000 ____D C:\Users\Me\AppData\Roaming\Memeo
2016-04-29 19:43 - 2014-08-29 18:25 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-29 18:05 - 2015-05-03 12:48 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-29 15:11 - 2013-08-22 11:36 - 00000000 ____D C:\windows\Cursors
2016-04-29 15:01 - 2015-07-17 12:39 - 00000000 ____D C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-29 14:56 - 2015-05-10 21:15 - 00000000 ____D C:\windows\Minidump
2016-04-29 14:52 - 2016-02-26 19:57 - 00000000 ____D C:\Users\Me\Documents\CCSU
2016-04-29 13:40 - 2015-09-03 22:21 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-29 13:40 - 2015-09-03 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-29 13:40 - 2015-09-03 22:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-29 13:08 - 2014-08-29 14:54 - 00000000 ____D C:\Users\Me
2016-04-28 12:32 - 2014-08-29 14:55 - 00000000 ____D C:\Users\Me\AppData\Local\Packages
2016-04-27 17:10 - 2014-09-07 14:02 - 00002069 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-04-27 17:10 - 2014-09-07 14:02 - 00002067 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-04-27 17:10 - 2014-09-07 14:02 - 00002057 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-04-27 17:10 - 2014-09-07 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-27 17:06 - 2014-08-29 18:26 - 00003168 _____ C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3877431653-220597728-3785205167-1001
2016-04-22 19:28 - 2013-08-22 11:36 - 00000000 ____D C:\windows\rescache
2016-04-22 03:57 - 2015-07-24 22:19 - 00453288 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-04-17 23:24 - 2013-08-22 10:44 - 00499160 _____ C:\windows\system32\FNTCACHE.DAT
2016-04-17 23:14 - 2014-12-10 01:36 - 00000000 ____D C:\windows\system32\appraiser
2016-04-17 23:14 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ToastData
2016-04-15 18:09 - 2013-08-22 11:20 - 00000000 ____D C:\windows\CbsTemp
2016-04-15 18:07 - 2014-08-30 00:53 - 00000000 ____D C:\windows\system32\MRT
2016-04-15 17:56 - 2014-08-30 00:53 - 135176864 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-04-15 17:47 - 2015-07-22 12:34 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-04-13 00:14 - 2016-01-13 23:31 - 00177488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-04-12 23:49 - 2016-03-10 13:15 - 01501488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-04-12 23:49 - 2016-03-10 13:15 - 00246784 _____ (Microsoft Corporation) C:\windows\system32\microsoft-windows-system-events.dll
2016-04-12 23:48 - 2016-03-10 13:15 - 01737080 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-04-07 00:13 - 2015-01-01 18:03 - 00000000 ____D C:\Users\Me\AppData\Roaming\Dropbox
 
==================== Files in the root of some directories =======
 
2014-12-01 22:10 - 2014-12-01 22:10 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2014-10-12 14:41 - 2014-10-12 14:41 - 0000278 _____ () C:\Users\Me\AppData\Local\337b07d1-a097-4937-a099-408d60e322ec.dat
2014-10-12 14:41 - 2014-10-12 14:41 - 0000230 _____ () C:\Users\Me\AppData\Local\4fe3ece3-69ed-4fd6-b514-23a3a21494ec.dat
2014-08-29 17:56 - 2015-02-12 14:54 - 0003734 _____ () C:\Users\Me\AppData\Local\7396d5af-93b3-4d36-bfec-04bbd1449761.dat
2016-02-25 13:15 - 2016-02-25 13:15 - 0000000 ____H () C:\Users\Me\AppData\Local\BIT1DE.tmp
2014-10-12 14:41 - 2014-10-12 14:41 - 0000230 _____ () C:\Users\Me\AppData\Local\d4b3dc9e-01e0-4523-9784-08f8cfb504d2.dat
2015-12-18 18:19 - 2015-12-18 18:19 - 0003959 _____ () C:\Users\Me\AppData\Local\recently-used.xbel
2016-02-25 13:15 - 2016-02-25 13:15 - 0000000 _____ () C:\Users\Me\AppData\Local\{0497C2BB-BA9A-42CA-BC02-A6D9B1367B8B}
2014-10-15 19:48 - 2014-10-15 19:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-01 13:09
 
==================== End of FRST.txt ============================
And the Additional Log is:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-05-2016
Ran by Me (2016-05-02 15:25:24)
Running from C:\Users\Me\Downloads
Windows 8.1 (X64) (2014-08-29 18:54:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3877431653-220597728-3785205167-500 - Administrator - Disabled)
Guest (S-1-5-21-3877431653-220597728-3785205167-501 - Limited - Disabled)
Me (S-1-5-21-3877431653-220597728-3785205167-1001 - Administrator - Enabled) => C:\Users\Me
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
COMODO BackUp (HKLM\...\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}) (Version: 4.4.1.23 - COMODO)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.7.0 - Conexant)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.33 - Lenovo)
Energy Manager (x32 Version: 1.0.0.33 - Lenovo) Hidden
Eos Family (HKLM-x32\...\{0BBE42EB-7BB3-4BC4-817E-2438503CDE1B}) (Version: 2.3.1.9.0.12 - ETC)
Eos Family Fixture Library (HKLM-x32\...\{BABBBF7B-E332-4A4B-87B5-59B7031674D0}) (Version: 11.2.0.9.0.7 - ETC)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2208 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3366 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
LAV Filters 0.63.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.63.0 - Hendrik Leppkes)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10246 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{E7E2BEA6-ECCE-4306-9486-A08781BE0AD0}) (Version: 2.0.0.1104 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.1104 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.31.1 - ELAN Microelectronic Corp.)
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.2 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.12271 - Lenovo)
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.0.14.1061 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.5 - Lenovo)
Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.5 - Lenovo) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\OneDriveSetup.exe) (Version: 17.3.6386.0412 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 46.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0 (x86 en-US)) (Version: 46.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.310 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Serif PagePlus Starter Edition (HKLM-x32\...\{C675C60B-0CB7-4108-B8CA-C3EC0706DEF0}) (Version: 2.0.2.009 - Serif (Europe) Ltd)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synctunes Desktop (HKLM-x32\...\{4503D496-8D6B-4FC2-9A66-1CD6E12CD5DA}) (Version: 1.1.5 - The Bit Studio)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.5.013.1202 - Lenovo)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3877431653-220597728-3785205167-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3877431653-220597728-3785205167-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06034D5E-9FAA-4D95-B020-CC6B3A215CA4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {12B83853-F851-4E86-BDB4-ED5642C20FD3} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3877431653-220597728-3785205167-1001 => C:\Users\Me\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-04-27] (Microsoft Corporation)
Task: {14A420B2-89E6-406A-995E-55D3A332752F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {3966D66D-52F4-4885-9493-1B310E81CF11} - System32\Tasks\{6C232F94-5963-423B-B0A9-78786CAB52D0} => pcalua.exe -a "C:\Program Files (x86)\Itibiti Soft Phone\unins000.exe"
Task: {49340379-6674-46EC-8314-FDA07A52B839} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {682054AE-76B7-483C-AD58-7B8718A1A1F6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {83B14DFB-79BF-4331-8A9E-8887CFEA0BD3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-22] (Dropbox, Inc.)
Task: {9A617D38-C807-48CF-99FE-E7A7250EFE44} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2014-04-26] (Lenovo)
Task: {9B1C8D95-9C97-44AB-AED5-AC52CFFDF632} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-15] (Microsoft Corporation)
Task: {B28A4790-23EB-4337-B7D4-245C763BEA96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {D7F8CB74-3DCE-4747-8C86-2DB01E972288} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-22] (Dropbox, Inc.)
Task: {D96B830A-AD17-40A4-9F79-5B23D6C1DA74} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EBA64FCE-860E-4EDB-84C5-5B93E27B91C5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-29 18:12 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-04-26 12:01 - 2012-04-24 06:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-10-18 14:03 - 2015-04-09 12:50 - 00088576 ____N () C:\Windows\SysWOW64\slpd.exe
2015-07-24 23:12 - 2014-10-07 06:55 - 01508032 _____ () C:\Program Files\COMODO\COMMON\LIBEAY32.dll
2015-07-24 23:12 - 2014-10-07 06:55 - 00338112 _____ () C:\Program Files\COMODO\COMMON\SSLEAY32.dll
2014-04-26 12:02 - 2014-04-26 12:02 - 00067856 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-04-26 12:02 - 2014-04-26 12:02 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2014-04-26 12:02 - 2014-04-26 12:02 - 00062224 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2014-04-26 11:56 - 2013-11-18 19:40 - 00019440 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
2013-11-15 06:01 - 2013-11-15 06:01 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-11-15 05:58 - 2013-11-15 05:58 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-11-15 06:04 - 2013-11-15 06:04 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-04-26 12:02 - 2014-04-26 12:02 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2014-04-26 12:02 - 2014-04-26 12:02 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2014-04-26 12:02 - 2014-04-26 12:02 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
2014-04-26 12:02 - 2014-04-26 12:02 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2016-04-15 17:46 - 2016-03-21 17:50 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-04-15 17:45 - 2016-03-21 17:51 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-04-15 17:46 - 2016-03-21 17:50 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-04-15 17:46 - 2016-03-21 17:50 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-04-15 17:46 - 2016-03-21 17:50 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-04-15 17:46 - 2016-03-21 17:50 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-04-15 17:46 - 2016-04-08 14:20 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-04-15 17:46 - 2016-03-21 17:50 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-04-15 17:46 - 2016-03-21 17:51 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-04-15 17:45 - 2016-03-21 17:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-04-15 17:46 - 2016-03-21 17:50 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-04-15 17:46 - 2016-03-21 17:50 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-04-15 17:45 - 2016-03-21 17:51 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-04-15 17:45 - 2016-03-21 17:52 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-04-15 17:45 - 2016-04-08 14:19 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-04-15 17:46 - 2016-04-08 14:20 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-04-15 17:46 - 2016-03-21 17:51 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-04-15 17:45 - 2016-03-21 17:54 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-04-15 17:45 - 2016-03-21 17:54 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-04-15 17:46 - 2016-04-08 14:20 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-04-15 17:46 - 2016-03-21 17:56 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2014-04-26 12:02 - 2014-04-26 12:02 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
2014-08-29 18:14 - 2016-02-21 15:29 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-08-29 18:14 - 2016-02-21 15:25 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2016-04-29 19:43 - 2016-04-27 19:25 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libglesv2.dll
2016-04-29 19:43 - 2016-04-27 19:25 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpf64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpr64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpf64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpr64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Me\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "Yoga PhoneCompanion"
HKLM\...\StartupApproved\Run32: => "Yoga Picks"
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A1D915EA5DAE753EE11AF3AB6D0C4DBD"
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E943593A-5C94-4F3F-8E97-442B090FCEAB}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{13A05D37-4D5E-46CD-97F6-E3A2971C352C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CE7930EC-C34E-4171-9538-8A6A82C80257}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B8ACFA0-9688-47F8-AE6A-C72791B16125}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{70D729CE-983B-4D55-8BB7-F2B52CCE4F5F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{84359229-B1B0-486E-BD70-60E5CAE57EB1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3479ED5A-E238-452C-87E6-7E834246B06E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E0A165F9-0791-4A2A-B591-E93937E50D5B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{37AD1046-D6B1-4BDE-A4E9-94A7C2E7A09C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{0088764A-3651-42B8-A7A7-8A09DFEB7C8A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{06A7C2E1-88ED-4527-BF94-69E69920D945}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{934C23A6-CEA5-4B39-B5B9-4B0D7F1A1FA2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{63A5EA42-99E1-49FB-8CB1-19F7ECD17192}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{5ECA6328-D66B-4A94-9CFD-7C1D6F3AB79B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7B7C9ECC-8FCD-4671-8690-0449714E9F41}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9A60DF90-1675-4D3A-985A-93996AFA0547}] => (Allow) C:\windows\system32\hasplms.exe
FirewallRules: [{00082531-A9FA-4B94-A2DD-F732723766A5}] => (Allow) C:\Program Files (x86)\ETC\Eos\Eos.exe
FirewallRules: [{72F1E64C-10E8-46E7-8B46-B21690A30689}] => (Allow) C:\windows\SysWOW64\slpd.exe
FirewallRules: [{C03CC6EB-4EFE-45FC-AAB5-ACEC755B08FA}] => (Allow) C:\windows\SysWOW64\slpd.exe
FirewallRules: [{B82CB895-7DEB-4241-97F6-094E225404CE}] => (Allow) C:\windows\SysWOW64\slptool.exe
FirewallRules: [TCP Query User{25015644-D0CD-4D75-92F9-86E975643534}C:\program files\vectorworks2015\vectorworks2015.exe] => (Allow) C:\program files\vectorworks2015\vectorworks2015.exe
FirewallRules: [UDP Query User{B26188C8-8CC3-40FF-8518-393732283B92}C:\program files\vectorworks2015\vectorworks2015.exe] => (Allow) C:\program files\vectorworks2015\vectorworks2015.exe
FirewallRules: [TCP Query User{C7AA6F4E-9812-4D87-9F81-EB28955C9040}C:\program files\vectorworks2015\renderworks\cinerender 64bit.exe] => (Allow) C:\program files\vectorworks2015\renderworks\cinerender 64bit.exe
FirewallRules: [UDP Query User{D5310D58-0C06-40E7-9BD2-DCF5E9EB5427}C:\program files\vectorworks2015\renderworks\cinerender 64bit.exe] => (Allow) C:\program files\vectorworks2015\renderworks\cinerender 64bit.exe
FirewallRules: [{89AE8389-2AD4-4CA9-9B22-F888ACB0617C}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{E3259847-5283-4DC7-ACD6-3BEED114998A}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{73FA6BEA-247C-49C6-AC06-002636A8D50E}] => (Allow) C:\Program Files (x86)\The Bit Studio\Synctunes Desktop\Synctunes.exe
FirewallRules: [{29F46CE6-8CF9-465D-B3B0-13EEDF3CCAD0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{5C84E871-1DFB-45CE-9EA9-7F2B7EF5E584}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2F85D8ED-192A-4650-A5C9-5A368A664624}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1C447AC7-A46F-484F-B085-FAAD4001844B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\WINDOWS\System32\slpd.exe] => Enabled:Service Location Protocol
StandardProfile\AuthorizedApplications: [C:\WINDOWS\System32\slpd.exe] => Enabled:Service Location Protocol
 
==================== Restore Points =========================
 
13-04-2016 17:36:52 Windows Update
22-04-2016 17:03:49 Scheduled Checkpoint
29-04-2016 15:05:35 Restore Operation
02-05-2016 15:10:37 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/02/2016 03:14:09 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel:  DeviceIoControl() failed.
 
Error: (05/02/2016 03:14:09 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfGetConfigTdpLevel:  DeviceIoControl() failed.
 
Error: (05/02/2016 03:10:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {18526d13-21a1-4c9b-83fc-cfa8e420e565}
 
Error: (05/02/2016 03:06:03 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel:  DeviceIoControl() failed.
 
Error: (05/01/2016 08:52:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7922
 
Error: (05/01/2016 08:52:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7922
 
Error: (05/01/2016 08:52:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/01/2016 08:52:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3922
 
Error: (05/01/2016 08:52:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3922
 
Error: (05/01/2016 08:52:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (05/02/2016 03:10:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ymc service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/02/2016 03:10:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service Location Protocol service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/02/2016 03:10:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAtheros Bt and Wlan Coex Agent service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/02/2016 03:10:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/02/2016 03:10:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/02/2016 03:10:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The YogaPicks.AppService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/02/2016 03:10:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Update service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/02/2016 03:10:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Sentinel LDK License Manager service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/02/2016 03:10:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Online Storage Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/02/2016 03:10:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Conexant SmartAudio service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-04-29 01:49:53.823
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-29 01:49:48.346
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-28 22:49:42.945
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-28 22:49:41.399
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-28 22:49:39.090
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-28 22:49:35.396
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-28 22:49:31.398
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-28 22:49:27.531
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-28 22:49:23.304
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-28 22:49:19.074
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU N3520 @ 2.16GHz
Percentage of memory in use: 45%
Total physical RAM: 3979.22 MB
Available physical RAM: 2170.79 MB
Total Virtual: 8075.22 MB
Available Virtual: 5997.91 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:427.7 GB) (Free:238.26 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CAFAD3AC)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
Hope to hear back on the next steps soon!

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Are we still getting this error at boot

C:\Users\Me\AppData\Local\Icrsoft\loader_u.dll" failed to load.
  • 0

#5
nicechaibabe

nicechaibabe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

There's a moment of lag that scares me a bit before everything on my desktop pops up, but I just rebooted and the error message did not pop up.


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts

but I just rebooted and the error message did not pop up.

Great !

Lets run a few scans for adware

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

    I'll look at these tomorrow need to call it a nite.

  • 0

#7
nicechaibabe

nicechaibabe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

My Adware cleaner produced two logs, so I'll post all three, I hope that's not troublesome, but I'm not positive which is the one you need.

# AdwCleaner v5.115 - Logfile created 03/05/2016 at 04:49:10

# Updated 01/05/2016 by Xplode
# Database : 2016-05-01.2 [Server]
# Operating system : Windows 8.1  (X64)
# Username : Me - AUDRA
# Running from : C:\Users\Me\Downloads\adwcleaner_5.115 (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\khnpeclbnipcdacdkhejifenadikeghk
 
***** [ Files ] *****
 
File Found : C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_khnpeclbnipcdacdkhejifenadikeghk_0.localstorage
File Found : C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_khnpeclbnipcdacdkhejifenadikeghk_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : gjkpcnacdgdlpfejlgflolpaigoicibh
[C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : khnpeclbnipcdacdkhejifenadikeghk
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2695 bytes] - [01/05/2016 19:31:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [2814 bytes] - [01/05/2016 19:26:31]
C:\AdwCleaner\AdwCleaner[S3].txt - [1456 bytes] - [03/05/2016 04:49:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1529 bytes] ##########
 
# AdwCleaner v5.115 - Logfile created 03/05/2016 at 05:02:38
# Updated 01/05/2016 by Xplode
# Database : 2016-05-01.2 [Server]
# Operating system : Windows 8.1  (X64)
# Username : Me - AUDRA
# Running from : C:\Users\Me\Downloads\adwcleaner_5.115 (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\khnpeclbnipcdacdkhejifenadikeghk
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_khnpeclbnipcdacdkhejifenadikeghk_0.localstorage
[-] File Deleted : C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_khnpeclbnipcdacdkhejifenadikeghk_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : gjkpcnacdgdlpfejlgflolpaigoicibh
[-] [C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : khnpeclbnipcdacdkhejifenadikeghk
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2695 bytes] - [01/05/2016 19:31:54]
C:\AdwCleaner\AdwCleaner[C2].txt - [1502 bytes] - [03/05/2016 05:02:38]
C:\AdwCleaner\AdwCleaner[S1].txt - [2814 bytes] - [01/05/2016 19:26:31]
C:\AdwCleaner\AdwCleaner[S3].txt - [1608 bytes] - [03/05/2016 04:49:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1721 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 8.1 x64 
Ran by Me (Administrator) on Tue 05/03/2016 at  5:11:03.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 4 
 
Successfully deleted: C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\khnpeclbnipcdacdkhejifenadikeghk (Folder) 
Successfully deleted: C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_khnpeclbnipcdacdkhejifenadikeghk_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_khnpeclbnipcdacdkhejifenadikeghk_0.localstorage (File) 
Successfully deleted: C:\Users\Me\Appdata\LocalLow\company (Folder) 
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A1D915EA5DAE753EE11AF3AB6D0C4DBD (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41590B24-FA55-4D1F-bFF1-18B2F966A124} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41590B24-FA55-4D1F-bFF1-18B2F966A124} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/03/2016 at  5:16:58.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I am also very sorry I keep missing you by a matter of minutes!  Thank you again for all your help, and I'll be patiently waiting your reply!
 

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Sorry for delay here. I'd like to run an online scan now. This scan can take a long time so don't wait for it.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
NOTE: In some instances if no malware is found there will be no log produced.
  • 0

#9
nicechaibabe

nicechaibabe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

I am running the scan now, and should hopefully has a log in a few hours, I apologize for taking so long, it's been a hectic week and I did the scan incorrectly the first time.  I really appreciate the help though!


  • 0

#10
nicechaibabe

nicechaibabe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Neither scan automatically created a log, so I exported the list of items found, I hope that was correct?

This is the first log, the one I ran incorrectly:

C:\Program Files\Pusnuugapecaceg\Acidsaf.exe a variant of Win32/NopleMento.E trojan cleaned by deleting
C:\Program Files\Pusnuugapecaceg\Kesjo.dll a variant of Win32/Toolbar.Perion.AB potentially unwanted application cleaned by deleting
C:\Program Files\Pusnuugapecaceg\Lakrua.dll a variant of Win32/Toolbar.Perion.AC potentially unwanted application cleaned by deleting
C:\Program Files\Pusnuugapecaceg\Obyaues.dll a variant of Win32/Toolbar.Perion.AC potentially unwanted application cleaned by deleting
C:\Program Files\Pusnuugapecaceg\Obyaues64.dll a variant of Win64/Toolbar.Perion.L potentially unwanted application cleaned by deleting
C:\Program Files\Pusnuugapecaceg\Vepreoaj.dll a variant of Win32/Toolbar.Perion.X potentially unwanted application cleaned by deleting
C:\Program Files\Pusnuugapecaceg\Vepreoaj64.dll a variant of Win64/Toolbar.Perion.H potentially unwanted application cleaned by deleting
C:\Users\Me\AppData\Roaming\Hejij\Dugnoakf.dll a variant of Win64/TrojanDropper.Addrop.B trojan cleaned by deleting
C:\Users\Me\AppData\Roaming\Hejij\Dugnoakf.exe a variant of Win64/TrojanDropper.Addrop.B trojan cleaned by deleting
C:\Users\Me\AppData\Roaming\Hejij\Horvepe.dll a variant of Win32/TrojanDropper.Addrop.AI trojan cleaned by deleting
C:\Users\Me\AppData\Roaming\Hejij\Horvepe.exe a variant of Win32/TrojanDropper.Addrop.AI trojan cleaned by deleting
 
 
This was the log after I re-read the directions and clicked the correct: 
C:\Users\Me\Downloads\ccsetup501pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf (1).iso a variant of Win32/ExpressDownloader.K potentially unwanted application
C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf (2).iso a variant of Win32/ExpressDownloader.K potentially unwanted application
C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf (3).iso a variant of Win32/ExpressDownloader.K potentially unwanted application
C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf (4).iso a variant of Win32/ExpressDownloader.K potentially unwanted application
C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf.iso a variant of Win32/ExpressDownloader.K potentially unwanted application
C:\Users\Me\Downloads\Setup.iso a variant of Win32/SoftPulse.AH potentially unwanted application
 

 

I don't think I did this step right, please advise, thanks!


  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Very nice work please follow along

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#12
nicechaibabe

nicechaibabe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Okay, this one was easy to follow :) 

First Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-05-2016

Ran by Me (administrator) on AUDRA (08-05-2016 12:11:16)
Running from C:\Users\Me\Downloads
Loaded Profiles: Me (Available Profiles: Me)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\COSService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Windows\SysWOW64\slpd.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\SynchronizationService.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Barnesandnoble.com llc) C:\Program Files\WindowsApps\BarnesNoble.Nook_1.9.0.359_x86__ahnzqzva31enc\NookClient.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-09-06] (Realtek semiconductor)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-04-26] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-04-26] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-04-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-04-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164080 2015-06-27] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119824 2013-12-02] (Lenovo)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23248560 2016-04-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-15] (Qualcomm®Atheros®)
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\Run: [GoogleChromeAutoLaunch_A1D915EA5DAE753EE11AF3AB6D0C4DBD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-27] (Google Inc.)
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [COSDriveIconOverlay] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemInSyncIconOverlay] -> {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemModifiedIconOverlay] -> {AE67D273-7253-4236-B55E-D40055B305D6} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemNewIconOverlay] -> {022F23E9-DA0F-4A86-A728-CAF6150C0B63} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemUnsynchronizedIconOverlay] -> {4D7EE7CF-E7A1-45FE-8F80-3A37574918D7} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
Startup: C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39D959D5-DF6C-485A-865E-473909CC08EA}: [DhcpNameServer] 150.201.1.2
Tcpip\..\Interfaces\{54A889E4-1F7B-4FE2-BEA0-9DCD20AB262E}: [DhcpNameServer] 192.168.1.1
ManualProxies: 
 
Internet Explorer:
==================
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Pusnuugapecaceg -> {41590B24-FA55-4D1F-bFF1-18B2F966A124} -> C:\Program Files\Pusnuugapecaceg\Vepreoaj64.dll => No File
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-06-27] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-09] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-09] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-06-27] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\36u5pcxw.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://shs.suffield.org/home.aspx
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Bejeweled) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-02-19]
CHR Extension: (Google Docs) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Sheets) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (AdBlock) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-17]
CHR Extension: (Pin It Button) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-24]
CHR Extension: (Asana Extension for Chrome) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\khnpeclbnipcdacdkhejifenadikeghk [2016-05-03]
CHR Extension: (Skype) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Gmail) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-3877431653-220597728-3785205167-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-04-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-15] (Windows ® Win 7 DDK provider) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
R2 COSService.exe; C:\Program Files\COMODO\COMMON\COSService.exe [3550400 2014-10-07] (COMODO Security Solutions)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-22] (Dropbox, Inc.)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
R2 hasplms; C:\windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-04-26] (Lenovo)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-11-04] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-04-26] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-04-26] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 slpd; C:\Windows\SysWOW64\slpd.exe [88576 2015-04-09] () [File not signed]
R2 SynchronizationService.exe; C:\Program Files\COMODO\COMMON\SynchronizationService.exe [2575552 2014-10-07] (COMODO Security Solutions)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-04-26] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-04-26] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2013-11-18] ()
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-15] (Atheros) [File not signed]
S3 Pusnuugapecaceg Updater; C:\Program Files\Pusnuugapecaceg\Acidsaf.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R0 bdisk; C:\Windows\System32\DRIVERS\bdisk.sys [85488 2014-10-07] (COMODO Security Solutions Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-15] (Qualcomm Atheros)
R0 CBUFS; C:\Windows\System32\DRIVERS\CBUFS.sys [230712 2014-10-07] (COMODO Security Solutions Inc.)
R0 cbvd; C:\Windows\System32\DRIVERS\cbvd.sys [677744 2014-10-07] (COMODO Security Solutions Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [24392 2013-10-16] (ELAN Microelectronic Corp.)
R2 hardlock; C:\windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-01] (Malwarebytes)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R0 Reparse; C:\Windows\System32\DRIVERS\CBReparse.sys [674160 2014-10-07] (COMODO Security Solutions Inc.)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8874712 2013-09-06] (Realtek Semiconductor Corp.)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 vdbus; C:\Windows\System32\drivers\vdbus.sys [826040 2014-10-07] (COMODO Security Solutions Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-08 12:11 - 2016-05-08 12:11 - 00000000 ____D C:\Users\Me\Downloads\FRST-OlderVersion
2016-05-07 16:51 - 2016-05-07 16:51 - 00001826 _____ C:\Users\Me\Desktop\Quarantine 2.txt
2016-05-07 11:05 - 2016-05-07 11:05 - 02870984 _____ (ESET) C:\Users\Me\Downloads\esetsmartinstaller_enu (2).exe
2016-05-07 11:04 - 2016-05-07 11:04 - 00002780 _____ C:\Users\Me\Desktop\Quarantine.txt
2016-05-07 00:05 - 2016-05-07 00:05 - 02870984 _____ (ESET) C:\Users\Me\Downloads\esetsmartinstaller_enu (1).exe
2016-05-06 14:56 - 2016-05-06 14:56 - 00000000 ____D C:\Program Files (x86)\ESET
2016-05-06 14:52 - 2016-05-06 14:52 - 02870984 _____ (ESET) C:\Users\Me\Downloads\esetsmartinstaller_enu.exe
2016-05-03 05:16 - 2016-05-03 05:16 - 00001570 _____ C:\Users\Me\Desktop\JRT.txt
2016-05-03 05:10 - 2016-05-03 05:10 - 01610816 _____ (Malwarebytes) C:\Users\Me\Downloads\JRT.exe
2016-05-03 05:05 - 2016-05-03 05:05 - 00001800 _____ C:\Users\Me\Desktop\AdwCleaner[C2].txt
2016-05-03 05:02 - 2016-05-03 05:02 - 00001608 _____ C:\Users\Me\Desktop\AdwCleaner[S3].txt
2016-05-03 04:48 - 2016-05-03 04:48 - 03615296 _____ C:\Users\Me\Downloads\adwcleaner_5.115 (1).exe
2016-05-03 04:47 - 2016-05-03 04:47 - 03615296 _____ C:\Users\Me\Downloads\adwcleaner_5.115.exe
2016-05-02 15:10 - 2016-05-02 15:12 - 00032952 _____ C:\Users\Me\Downloads\Fixlog.txt
2016-05-01 19:26 - 2016-05-03 05:02 - 00000000 ____D C:\AdwCleaner
2016-05-01 19:25 - 2016-05-01 19:26 - 03615296 _____ C:\Users\Me\Downloads\AdwCleaner.exe
2016-05-01 16:20 - 2016-05-01 16:20 - 00007606 _____ C:\Users\Me\Documents\cc_20160501_162044.reg
2016-05-01 12:35 - 2016-05-02 15:27 - 00040649 _____ C:\Users\Me\Downloads\Addition.txt
2016-05-01 12:33 - 2016-05-08 12:11 - 00029884 _____ C:\Users\Me\Downloads\FRST.txt
2016-05-01 12:32 - 2016-05-08 12:11 - 00000000 ____D C:\FRST
2016-05-01 12:31 - 2016-05-08 12:11 - 02379264 _____ (Farbar) C:\Users\Me\Downloads\FRST64.exe
2016-04-30 13:51 - 2016-04-30 13:51 - 00000000 ____D C:\Users\Me\Downloads\GoFlex_BundledSW (1)
2016-04-30 13:46 - 2016-04-30 13:48 - 194852403 _____ C:\Users\Me\Downloads\GoFlex_BundledSW (1).zip
2016-04-30 13:33 - 2016-04-30 13:34 - 00541302 _____ C:\Users\Me\Downloads\DeviceWin8.meta.diagcab
2016-04-29 19:44 - 2016-04-29 19:44 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-29 19:44 - 2016-04-29 19:44 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-29 19:42 - 2016-04-29 19:43 - 00987728 _____ (Google Inc.) C:\Users\Me\Downloads\ChromeSetup.exe
2016-04-29 19:35 - 2016-04-29 19:44 - 00000000 ____D C:\Users\Me\AppData\Local\Mozilla
2016-04-29 19:35 - 2016-04-29 19:38 - 00000000 ____D C:\Users\Me\AppData\Roaming\Mozilla
2016-04-29 19:35 - 2016-04-29 19:35 - 00001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-29 19:35 - 2016-04-29 19:35 - 00001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-29 19:35 - 2016-04-29 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-29 19:35 - 2016-04-29 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-29 19:34 - 2016-04-29 19:34 - 00242160 _____ C:\Users\Me\Downloads\Firefox Setup Stub 46.0.exe
2016-04-29 14:44 - 2016-04-29 14:44 - 00209030 ____T C:\Users\Me\Desktop\Prom Ballot.oxps
2016-04-29 13:18 - 2016-04-29 13:18 - 00003094 _____ C:\windows\System32\Tasks\{6C232F94-5963-423B-B0A9-78786CAB52D0}
2016-04-28 09:45 - 2016-05-07 04:23 - 00000000 ____D C:\Users\Me\AppData\Roaming\Hejij
2016-04-28 09:45 - 2016-04-29 13:09 - 00000000 ____D C:\Users\Me\AppData\Roaming\CebsuPaje
2016-04-28 09:45 - 2016-04-28 09:45 - 00000000 ____D C:\uninst
2016-04-28 09:44 - 2016-05-07 04:23 - 00000000 ____D C:\Program Files\Pusnuugapecaceg
2016-04-28 09:44 - 2016-04-29 13:10 - 00000000 ____D C:\Users\Me\AppData\Local\Tempfolder
2016-04-28 09:44 - 2016-04-28 21:26 - 00000000 ____D C:\Program Files\PusnuugapecacegUn
2016-04-28 09:43 - 2016-04-28 09:43 - 04280320 _____ C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf (4).iso
2016-04-28 09:43 - 2016-04-28 09:43 - 04280320 _____ C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf (3).iso
2016-04-28 09:43 - 2016-04-28 09:43 - 04280320 _____ C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf (2).iso
2016-04-28 09:42 - 2016-04-28 09:42 - 04280320 _____ C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf (1).iso
2016-04-28 09:40 - 2016-04-28 09:41 - 04280320 _____ C:\Users\Me\Downloads\Harold_pinter_the_homecoming_script_pdf.iso
2016-04-27 17:06 - 2016-04-27 17:06 - 00002300 _____ C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-04-26 08:14 - 2016-04-26 08:14 - 00016182 ____H C:\Users\Me\Desktop\~WRL0549.tmp
2016-04-19 09:52 - 2016-04-19 09:53 - 03054080 _____ C:\Users\Me\Downloads\Cloud 9_s.ppt
2016-04-17 23:26 - 2016-04-05 17:53 - 00829944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-04-17 23:26 - 2016-04-05 17:53 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-17 13:54 - 2016-04-17 13:54 - 119223343 _____ C:\Users\Me\Downloads\Photos.zip
2016-04-16 15:07 - 2016-04-16 15:08 - 12140644 _____ C:\Users\Me\Downloads\Presentation1.pptx
2016-04-15 17:46 - 2016-04-15 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-13 16:54 - 2016-04-13 16:54 - 00273581 _____ C:\Users\Me\Downloads\Cherry O assignment.pdf
2016-04-13 00:22 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rasl2tp.sys
2016-04-13 00:21 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-04-13 00:21 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-04-13 00:21 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-04-13 00:21 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-04-13 00:21 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-04-13 00:21 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-04-13 00:21 - 2016-03-30 19:56 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2016-04-13 00:21 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-04-13 00:21 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-04-13 00:21 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-04-13 00:21 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-04-13 00:21 - 2016-03-30 19:50 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-04-13 00:21 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-04-13 00:21 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-04-13 00:21 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-04-13 00:21 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-04-13 00:21 - 2016-03-30 19:43 - 00379392 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-04-13 00:21 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-04-13 00:21 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-04-13 00:21 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-04-13 00:21 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-04-13 00:21 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-04-13 00:21 - 2016-03-30 19:30 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2016-04-13 00:21 - 2016-03-30 19:27 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-04-13 00:21 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-04-13 00:21 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-04-13 00:21 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-04-13 00:21 - 2016-03-30 19:23 - 00330752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-04-13 00:21 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-04-13 00:21 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-04-13 00:21 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-04-13 00:21 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-04-13 00:21 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-04-13 00:21 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-04-13 00:15 - 2016-03-15 19:00 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-04-13 00:15 - 2016-03-15 10:14 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-04-13 00:15 - 2016-03-11 10:48 - 00833024 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2016-04-13 00:15 - 2016-03-10 14:22 - 00201728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-04-13 00:15 - 2016-03-10 14:21 - 00401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-04-13 00:15 - 2016-03-10 14:20 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-04-13 00:15 - 2016-03-10 13:44 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-04-13 00:15 - 2016-03-10 13:16 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-04-13 00:15 - 2016-03-10 13:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2016-04-13 00:15 - 2016-03-10 12:48 - 00064512 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2016-04-13 00:14 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2016-04-13 00:14 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2016-04-13 00:13 - 2016-04-04 02:35 - 00046768 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-04-13 00:13 - 2016-04-02 09:26 - 01386496 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-04-13 00:13 - 2016-04-02 09:26 - 01169408 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-04-13 00:13 - 2016-03-28 09:21 - 00698368 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-04-13 00:13 - 2016-03-28 09:21 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-04-13 00:13 - 2016-03-28 09:21 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-04-13 00:13 - 2016-03-28 09:21 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-04-13 00:13 - 2016-03-28 09:21 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-04-13 00:12 - 2016-03-02 21:39 - 01661576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-04-13 00:12 - 2016-03-02 21:39 - 01212248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-04-13 00:12 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2016-04-13 00:11 - 2016-01-27 11:18 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2016-04-13 00:10 - 2016-03-03 12:47 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-04-13 00:10 - 2016-03-03 12:33 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-04-13 00:10 - 2016-02-08 21:31 - 22365472 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-04-13 00:10 - 2016-02-08 21:31 - 19794896 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-04-13 00:10 - 2016-02-08 21:31 - 02757616 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-04-13 00:10 - 2016-02-08 21:31 - 02412576 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-04-13 00:10 - 2016-02-08 21:31 - 00273264 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlows.exe
2016-04-13 00:10 - 2016-02-08 16:55 - 02712576 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-04-13 00:10 - 2016-02-08 16:15 - 02551808 _____ (Microsoft Corporation) C:\windows\SysWOW64\themecpl.dll
2016-04-13 00:10 - 2016-02-08 16:02 - 01197056 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2016-04-13 00:10 - 2016-02-08 15:48 - 12879360 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2016-04-13 00:10 - 2016-02-08 15:43 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncHost.exe
2016-04-13 00:10 - 2016-02-08 15:40 - 00539648 _____ (Microsoft Corporation) C:\windows\SysWOW64\hgcpl.dll
2016-04-13 00:10 - 2016-02-08 15:39 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll
2016-04-13 00:10 - 2016-02-08 15:37 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingMonitor.dll
2016-04-13 00:10 - 2016-02-08 15:35 - 00954880 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.appcore.dll
2016-04-13 00:10 - 2016-02-08 15:34 - 00667648 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncCore.dll
2016-04-13 00:10 - 2016-02-08 15:33 - 00520192 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2016-04-13 00:10 - 2016-02-08 14:50 - 03120640 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-04-13 00:10 - 2016-02-08 13:55 - 02592256 _____ (Microsoft Corporation) C:\windows\system32\themecpl.dll
2016-04-13 00:10 - 2016-02-08 13:33 - 01278464 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2016-04-13 00:10 - 2016-02-08 13:12 - 14466560 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2016-04-13 00:10 - 2016-02-08 13:02 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncHost.exe
2016-04-13 00:10 - 2016-02-08 13:00 - 00599552 _____ (Microsoft Corporation) C:\windows\system32\hgcpl.dll
2016-04-13 00:10 - 2016-02-08 12:58 - 00336384 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll
2016-04-13 00:10 - 2016-02-08 12:55 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\SettingMonitor.dll
2016-04-13 00:10 - 2016-02-08 12:53 - 02171904 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlowUI.dll
2016-04-13 00:10 - 2016-02-08 12:53 - 01348096 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2016-04-13 00:10 - 2016-02-08 12:50 - 01220096 _____ (Microsoft Corporation) C:\windows\system32\twinui.appcore.dll
2016-04-13 00:10 - 2016-02-08 12:50 - 00841728 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncCore.dll
2016-04-13 00:10 - 2016-02-08 12:48 - 00655872 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2016-04-13 00:10 - 2016-02-08 12:47 - 02819584 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2016-04-13 00:10 - 2016-02-08 12:44 - 00955392 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.dll
2016-04-13 00:10 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2016-04-13 00:10 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2016-04-13 00:10 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2016-04-13 00:10 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\windows\system32\WsmAgent.dll
2016-04-13 00:10 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2016-04-13 00:10 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2016-04-13 00:10 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAgent.dll
2016-04-13 00:10 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2016-04-13 00:10 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2016-04-13 00:10 - 2014-11-07 22:38 - 00166912 _____ (Microsoft Corporation) C:\windows\system32\AppxAllUserStore.dll
2016-04-13 00:10 - 2014-11-07 22:17 - 00143360 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxAllUserStore.dll
2016-04-13 00:05 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\windows\system32\workfolderssvc.dll
2016-04-13 00:05 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\windows\system32\WorkfoldersControl.dll
2016-04-12 23:59 - 2016-03-10 15:19 - 07452512 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-04-12 23:59 - 2016-03-10 15:17 - 01663192 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-04-12 23:59 - 2016-03-10 15:17 - 01523216 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2016-04-12 23:59 - 2016-03-10 15:17 - 01490128 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-04-12 23:59 - 2016-03-10 15:17 - 01358960 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2016-04-12 23:59 - 2016-03-10 15:17 - 01133752 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-04-12 23:59 - 2016-03-10 13:48 - 00862720 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-04-12 23:59 - 2016-03-10 13:43 - 00161280 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-04-12 23:59 - 2016-03-10 12:55 - 00166400 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-04-12 23:59 - 2016-03-10 12:42 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-04-12 23:59 - 2016-02-05 15:07 - 00378712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2016-04-12 23:59 - 2016-02-04 14:07 - 00222720 _____ (Microsoft Corporation) C:\windows\system32\dhcpsapi.dll
2016-04-12 23:59 - 2016-02-04 13:35 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpsapi.dll
2016-04-12 23:59 - 2016-01-26 15:15 - 00072024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vpci.sys
2016-04-12 23:59 - 2016-01-22 01:22 - 02487296 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2016-04-12 23:59 - 2016-01-22 01:11 - 01482240 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2016-04-12 23:58 - 2016-02-05 11:11 - 00845312 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2016-04-12 23:58 - 2016-02-05 11:11 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2016-04-12 23:58 - 2016-02-05 11:07 - 00272384 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2016-04-12 23:58 - 2016-02-05 11:02 - 01083904 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2016-04-12 23:58 - 2016-02-04 12:23 - 00713216 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2016-04-12 23:58 - 2016-02-04 12:22 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2016-04-12 23:58 - 2016-02-02 13:18 - 01574912 _____ (Microsoft Corporation) C:\windows\system32\wbengine.exe
2016-04-12 23:58 - 2016-01-31 13:17 - 00779264 _____ (Microsoft Corporation) C:\windows\system32\WindowsAnytimeUpgradeui.exe
2016-04-12 23:58 - 2016-01-20 18:40 - 00099672 ____C (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2016-04-12 23:57 - 2016-02-06 19:05 - 00551256 ____C (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys
2016-04-12 23:04 - 2016-03-29 10:05 - 04175872 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-04-12 23:04 - 2016-03-03 12:13 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2016-04-12 23:04 - 2016-02-06 18:41 - 00316760 ____C (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2016-04-10 13:31 - 2016-04-10 13:31 - 00066874 _____ C:\Users\Me\Desktop\Food Delivery _ Restaurant Takeout _ Order Food Online _ Grubhub.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-08 12:11 - 2015-07-24 23:22 - 00000000 ____D C:\Users\Me\AppData\Local\ClassicShell
2016-05-07 17:09 - 2014-08-29 18:25 - 00000918 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-07 16:50 - 2013-08-22 11:20 - 00000000 ____D C:\windows\CbsTemp
2016-05-07 16:46 - 2015-04-03 22:41 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-05-07 16:46 - 2015-04-03 22:41 - 00000000 ___SD C:\windows\system32\GWX
2016-05-07 16:45 - 2015-07-22 12:34 - 00000912 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-05-07 16:44 - 2014-12-10 01:36 - 00000000 ____D C:\windows\system32\appraiser
2016-05-07 16:38 - 2014-08-29 15:00 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3877431653-220597728-3785205167-1001
2016-05-07 13:09 - 2014-08-29 18:25 - 00000914 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-07 12:44 - 2015-07-22 12:34 - 00000908 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-05-07 11:45 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-07 11:45 - 2013-08-22 11:36 - 00000000 ____D C:\windows\AppReadiness
2016-05-07 00:08 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-07 00:05 - 2015-07-22 12:38 - 00000000 ___RD C:\Users\Me\Dropbox
2016-05-07 00:05 - 2013-08-22 09:36 - 00000000 ____D C:\windows\Inf
2016-05-07 00:04 - 2015-06-19 10:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-07 00:04 - 2014-08-29 19:03 - 00000000 ___DO C:\Users\Me\SkyDrive
2016-05-07 00:03 - 2014-08-29 17:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-07 00:02 - 2014-08-29 14:54 - 00000000 ____D C:\Users\Me
2016-05-07 00:02 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-05-06 13:55 - 2016-02-26 19:57 - 00000000 ____D C:\Users\Me\Documents\CCSU
2016-05-05 12:20 - 2015-06-23 12:27 - 00000000 ____D C:\Users\Me\Documents\BDS
2016-05-03 12:55 - 2014-08-29 14:55 - 00000000 ____D C:\Users\Me\AppData\Local\Packages
2016-05-03 09:51 - 2013-08-22 09:25 - 00524288 ___SH C:\windows\system32\config\BBI
2016-05-03 09:50 - 2014-04-26 12:02 - 00004608 _____ C:\windows\system32\VfService.trf
2016-05-02 15:14 - 2014-09-05 14:56 - 00000000 ____D C:\Users\Me\AppData\LocalLow\Temp
2016-05-01 19:31 - 2014-08-29 14:55 - 00001006 _____ C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-01 16:13 - 2014-08-29 19:54 - 00000000 ____D C:\Users\Me\AppData\Local\CrashDumps
2016-05-01 13:49 - 2015-09-03 22:22 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-01 12:10 - 2013-10-07 14:27 - 00904636 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-30 14:19 - 2015-06-26 14:19 - 00000000 ____D C:\Users\Me\AppData\Roaming\Memeo
2016-04-29 19:43 - 2014-08-29 18:25 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-29 18:05 - 2015-05-03 12:48 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-29 15:11 - 2013-08-22 11:36 - 00000000 ____D C:\windows\Cursors
2016-04-29 15:01 - 2015-07-17 12:39 - 00000000 ____D C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-29 14:56 - 2015-05-10 21:15 - 00000000 ____D C:\windows\Minidump
2016-04-29 13:40 - 2015-09-03 22:21 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-29 13:40 - 2015-09-03 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-29 13:40 - 2015-09-03 22:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-27 17:10 - 2014-09-07 14:02 - 00002069 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-04-27 17:10 - 2014-09-07 14:02 - 00002067 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-04-27 17:10 - 2014-09-07 14:02 - 00002057 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-04-27 17:10 - 2014-09-07 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-27 17:06 - 2014-08-29 18:26 - 00003168 _____ C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3877431653-220597728-3785205167-1001
2016-04-22 19:28 - 2013-08-22 11:36 - 00000000 ____D C:\windows\rescache
2016-04-22 03:57 - 2015-07-24 22:19 - 00453288 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-04-17 23:24 - 2013-08-22 10:44 - 00499160 _____ C:\windows\system32\FNTCACHE.DAT
2016-04-17 23:14 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ToastData
2016-04-15 18:07 - 2014-08-30 00:53 - 00000000 ____D C:\windows\system32\MRT
2016-04-15 17:56 - 2014-08-30 00:53 - 135176864 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-04-15 17:47 - 2015-07-22 12:34 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-04-13 00:14 - 2016-01-13 23:31 - 00177488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-04-12 23:49 - 2016-03-10 13:15 - 01501488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-04-12 23:49 - 2016-03-10 13:15 - 00246784 _____ (Microsoft Corporation) C:\windows\system32\microsoft-windows-system-events.dll
2016-04-12 23:48 - 2016-03-10 13:15 - 01737080 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
 
==================== Files in the root of some directories =======
 
2014-12-01 22:10 - 2014-12-01 22:10 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2014-10-12 14:41 - 2014-10-12 14:41 - 0000278 _____ () C:\Users\Me\AppData\Local\337b07d1-a097-4937-a099-408d60e322ec.dat
2014-10-12 14:41 - 2014-10-12 14:41 - 0000230 _____ () C:\Users\Me\AppData\Local\4fe3ece3-69ed-4fd6-b514-23a3a21494ec.dat
2014-08-29 17:56 - 2015-02-12 14:54 - 0003734 _____ () C:\Users\Me\AppData\Local\7396d5af-93b3-4d36-bfec-04bbd1449761.dat
2016-02-25 13:15 - 2016-02-25 13:15 - 0000000 ____H () C:\Users\Me\AppData\Local\BIT1DE.tmp
2014-10-12 14:41 - 2014-10-12 14:41 - 0000230 _____ () C:\Users\Me\AppData\Local\d4b3dc9e-01e0-4523-9784-08f8cfb504d2.dat
2015-12-18 18:19 - 2015-12-18 18:19 - 0003959 _____ () C:\Users\Me\AppData\Local\recently-used.xbel
2016-02-25 13:15 - 2016-02-25 13:15 - 0000000 _____ () C:\Users\Me\AppData\Local\{0497C2BB-BA9A-42CA-BC02-A6D9B1367B8B}
2014-10-15 19:48 - 2014-10-15 19:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Me\AppData\Local\Temp\libeay32.dll
C:\Users\Me\AppData\Local\Temp\msvcr120.dll
C:\Users\Me\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-01 13:09
 
==================== End of FRST.txt ============================
Second Log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-05-2016
Ran by Me (2016-05-08 12:15:24)
Running from C:\Users\Me\Downloads
Windows 8.1 (X64) (2014-08-29 18:54:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3877431653-220597728-3785205167-500 - Administrator - Disabled)
Guest (S-1-5-21-3877431653-220597728-3785205167-501 - Limited - Disabled)
Me (S-1-5-21-3877431653-220597728-3785205167-1001 - Administrator - Enabled) => C:\Users\Me
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
COMODO BackUp (HKLM\...\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}) (Version: 4.4.1.23 - COMODO)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.7.0 - Conexant)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.33 - Lenovo)
Energy Manager (x32 Version: 1.0.0.33 - Lenovo) Hidden
Eos Family (HKLM-x32\...\{0BBE42EB-7BB3-4BC4-817E-2438503CDE1B}) (Version: 2.3.1.9.0.12 - ETC)
Eos Family Fixture Library (HKLM-x32\...\{BABBBF7B-E332-4A4B-87B5-59B7031674D0}) (Version: 11.2.0.9.0.7 - ETC)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2208 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3366 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
LAV Filters 0.63.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.63.0 - Hendrik Leppkes)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10246 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{E7E2BEA6-ECCE-4306-9486-A08781BE0AD0}) (Version: 2.0.0.1104 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.1104 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.31.1 - ELAN Microelectronic Corp.)
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.2 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.12271 - Lenovo)
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.0.14.1061 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.5 - Lenovo)
Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.5 - Lenovo) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4815.1002 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4815.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\OneDriveSetup.exe) (Version: 17.3.6386.0412 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 46.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0 (x86 en-US)) (Version: 46.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.310 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Serif PagePlus Starter Edition (HKLM-x32\...\{C675C60B-0CB7-4108-B8CA-C3EC0706DEF0}) (Version: 2.0.2.009 - Serif (Europe) Ltd)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synctunes Desktop (HKLM-x32\...\{4503D496-8D6B-4FC2-9A66-1CD6E12CD5DA}) (Version: 1.1.5 - The Bit Studio)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.5.013.1202 - Lenovo)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3877431653-220597728-3785205167-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3877431653-220597728-3785205167-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {12B83853-F851-4E86-BDB4-ED5642C20FD3} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3877431653-220597728-3785205167-1001 => C:\Users\Me\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-04-27] (Microsoft Corporation)
Task: {14A420B2-89E6-406A-995E-55D3A332752F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {3966D66D-52F4-4885-9493-1B310E81CF11} - System32\Tasks\{6C232F94-5963-423B-B0A9-78786CAB52D0} => pcalua.exe -a "C:\Program Files (x86)\Itibiti Soft Phone\unins000.exe"
Task: {49340379-6674-46EC-8314-FDA07A52B839} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {83B14DFB-79BF-4331-8A9E-8887CFEA0BD3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-22] (Dropbox, Inc.)
Task: {970B3469-9B7A-4D86-841C-48E6EA119B13} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {9A617D38-C807-48CF-99FE-E7A7250EFE44} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2014-04-26] (Lenovo)
Task: {9B1C8D95-9C97-44AB-AED5-AC52CFFDF632} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-15] (Microsoft Corporation)
Task: {B28A4790-23EB-4337-B7D4-245C763BEA96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {C3969B60-617C-40A8-B9FB-C2546CD09DEE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {D7F8CB74-3DCE-4747-8C86-2DB01E972288} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-22] (Dropbox, Inc.)
Task: {D96B830A-AD17-40A4-9F79-5B23D6C1DA74} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DB3FC5C7-6C12-4BAA-BDD8-160EB5F764D6} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)
Task: {EBA64FCE-860E-4EDB-84C5-5B93E27B91C5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-30 04:37 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-04-26 12:01 - 2012-04-24 06:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-10-18 14:03 - 2015-04-09 12:50 - 00088576 ____N () C:\Windows\SysWOW64\slpd.exe
2015-07-24 23:12 - 2014-10-07 06:55 - 01508032 _____ () C:\Program Files\COMODO\COMMON\LIBEAY32.dll
2015-07-24 23:12 - 2014-10-07 06:55 - 00338112 _____ () C:\Program Files\COMODO\COMMON\SSLEAY32.dll
2014-04-26 12:02 - 2014-04-26 12:02 - 00067856 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-04-26 12:02 - 2014-04-26 12:02 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2014-04-26 12:02 - 2014-04-26 12:02 - 00062224 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2014-04-26 11:56 - 2013-11-18 19:40 - 00019440 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
2013-11-15 06:01 - 2013-11-15 06:01 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-11-15 05:58 - 2013-11-15 05:58 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-11-15 06:04 - 2013-11-15 06:04 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-04-26 12:02 - 2014-04-26 12:02 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2014-04-26 12:02 - 2014-04-26 12:02 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2014-08-29 18:12 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-07-03 11:46 - 2015-07-03 11:46 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-12-24 14:18 - 2015-12-24 14:18 - 01782272 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\f1407bb1d381cf5dee299c4e5f0fdf9d\Windows.ApplicationModel.ni.dll
2016-01-14 00:42 - 2016-01-14 00:42 - 00207872 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.System\5ab6059d1e922dc371685c5207f6f7a6\Windows.System.ni.dll
2015-12-24 14:19 - 2015-12-24 14:19 - 00127488 _____ () C:\Users\Me\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook.Ba70e54e13#\8823bdb58000ba3c428e18bc54c37f8d\Facebook.BackgroundTasks.ni.dll
2016-02-17 14:23 - 2016-02-17 14:23 - 01134592 _____ () C:\Users\Me\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook-Win8-Base\5247dce825f4b1b806197dfda36e8372\Facebook-Win8-Base.ni.dll
2015-12-24 14:19 - 2015-12-24 14:19 - 00619520 _____ () C:\Users\Me\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook-Base\b9acb2231bcf37635da949da7727727b\Facebook-Base.ni.dll
2015-12-24 14:19 - 2015-12-24 14:19 - 05790720 _____ () C:\Users\Me\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook-Services\b5cca8c245d95e0d0d7b37ff81b755ef\Facebook-Services.ni.dll
2015-12-24 14:19 - 2015-12-24 14:19 - 01112576 _____ () C:\Users\Me\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook-Models\ecf3784f369bf22abae36a6eb3a8db9f\Facebook-Models.ni.dll
2014-04-26 12:02 - 2014-04-26 12:02 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
2014-04-26 12:02 - 2014-04-26 12:02 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
2014-04-26 12:02 - 2014-04-26 12:02 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2016-04-15 17:46 - 2016-03-21 17:50 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-04-15 17:45 - 2016-03-21 17:51 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-04-15 17:46 - 2016-03-21 17:50 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-04-15 17:46 - 2016-03-21 17:50 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-04-15 17:46 - 2016-03-21 17:50 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-04-15 17:46 - 2016-03-21 17:50 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-04-15 17:46 - 2016-04-08 14:20 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-04-15 17:46 - 2016-03-21 17:50 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-04-15 17:46 - 2016-03-21 17:51 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-04-15 17:45 - 2016-03-21 17:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-04-15 17:46 - 2016-03-21 17:50 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-04-15 17:46 - 2016-03-21 17:50 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-04-15 17:45 - 2016-03-21 17:51 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-04-15 17:45 - 2016-03-21 17:52 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-04-15 17:45 - 2016-04-08 14:19 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-04-15 17:46 - 2016-03-21 17:52 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-04-15 17:45 - 2016-04-08 14:19 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-04-15 17:46 - 2016-04-08 14:20 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-04-15 17:46 - 2016-03-21 17:51 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-04-15 17:45 - 2016-03-21 17:54 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-04-15 17:45 - 2016-03-21 17:54 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-04-15 17:46 - 2016-04-08 14:20 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-04-15 17:46 - 2016-04-08 14:20 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-04-15 17:46 - 2016-03-21 17:56 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-04-29 19:43 - 2016-04-27 19:25 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libglesv2.dll
2016-04-29 19:43 - 2016-04-27 19:25 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libegl.dll
2014-08-29 18:14 - 2016-02-21 15:29 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2016-01-14 00:41 - 2016-01-14 00:41 - 03530752 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\0b2afd93fc0545b7b94339e8a4a7af97\Windows.UI.Xaml.ni.dll
2016-01-14 00:43 - 2016-01-14 00:43 - 00799232 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Networking\86865ced79f3180ebdfa736d895e5edb\Windows.Networking.ni.dll
2016-01-14 00:42 - 2016-01-14 00:42 - 01131008 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\72dff8d45b73e9b02b3838d29765607a\Windows.ApplicationModel.ni.dll
2016-01-14 00:42 - 2016-01-14 00:42 - 00808448 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\7abff64c7c1ea1fae5bd170c8238b73e\Windows.Storage.ni.dll
2016-01-14 00:42 - 2016-01-14 00:42 - 00228864 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\16c3eb7650767d95d002c998d0c73eb5\Windows.Foundation.ni.dll
2016-01-14 00:42 - 2016-01-14 00:42 - 00133120 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.System\c639835fe3da556a2cbe2e03540996c0\Windows.System.ni.dll
2016-01-14 00:42 - 2016-01-14 00:42 - 00960000 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\8ddd8ad15fe3fb05a871ef0115fb84e2\Windows.UI.ni.dll
2016-01-14 20:09 - 2016-01-14 20:09 - 00555008 _____ () C:\Users\Me\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Nook.Cloud\5339c0578415636a4011bf2f939e867b\Nook.Cloud.ni.dll
2016-01-14 20:10 - 2016-01-14 20:10 - 00526848 _____ () C:\Users\Me\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Nook.Cloud.1553bc1e#\9915acf05626afb1cfdf56a4a7292c9b\Nook.Cloud.NativeServices.ni.dll
2016-01-14 00:43 - 2016-01-14 00:43 - 00239616 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\94af4549db265c6f339c287c8675d234\Windows.Globalization.ni.dll
2014-08-29 20:16 - 2014-08-29 20:16 - 13502976 _____ () C:\Program Files\WindowsApps\BarnesNoble.Nook_1.9.0.359_x86__ahnzqzva31enc\Nook.Cloud.NativeServices.dll
2016-01-14 00:43 - 2016-01-14 00:43 - 00402432 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Security\ae4a1bf110c1a12f619514bde2b27939\Windows.Security.ni.dll
2016-01-14 00:43 - 2016-01-14 00:43 - 00304128 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\eff020aac8737300c74dee47a69c9bbf\Windows.Graphics.ni.dll
2016-01-14 00:43 - 2016-01-14 00:43 - 00337920 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\98644a649e9bf9e880f2e97889501b07\Windows.Data.ni.dll
2016-01-14 20:10 - 2016-01-14 20:10 - 00230400 _____ () C:\Users\Me\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Nook.Reader\7929b7466eb947f145a31931e8228641\Nook.Reader.ni.dll
2016-01-14 20:10 - 2016-01-14 20:10 - 00235008 _____ () C:\Users\Me\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Nook.Reader2a671827#\f0fdfa962c462efd5db42484c38f3f5d\Nook.Reader.ReaderLib.ni.dll
2014-08-29 20:16 - 2014-08-29 20:16 - 36931072 _____ () C:\Program Files\WindowsApps\BarnesNoble.Nook_1.9.0.359_x86__ahnzqzva31enc\Nook.Reader.ReaderLib.dll
2016-01-14 20:10 - 2016-01-14 20:10 - 00412672 _____ () C:\Users\Me\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Notificatioc5a47191#\d3ce3c3589a24effa14a62fa2ac9552d\NotificationsExtensions.ni.dll
2014-08-29 20:16 - 2014-08-29 20:16 - 00152576 _____ () C:\Program Files\WindowsApps\BarnesNoble.Nook_1.9.0.359_x86__ahnzqzva31enc\Nook.FileUtils.dll
2014-08-29 18:14 - 2016-02-21 15:25 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-09-09 13:42 - 2015-09-09 13:42 - 00194728 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\IEAWSDC.DLL
2016-04-27 17:06 - 2016-04-27 17:06 - 00679624 _____ () C:\Users\Me\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpf64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpr64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpf64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpr64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Me\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "Yoga PhoneCompanion"
HKLM\...\StartupApproved\Run32: => "Yoga Picks"
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A1D915EA5DAE753EE11AF3AB6D0C4DBD"
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3877431653-220597728-3785205167-1001\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E943593A-5C94-4F3F-8E97-442B090FCEAB}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{13A05D37-4D5E-46CD-97F6-E3A2971C352C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CE7930EC-C34E-4171-9538-8A6A82C80257}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B8ACFA0-9688-47F8-AE6A-C72791B16125}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{70D729CE-983B-4D55-8BB7-F2B52CCE4F5F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{84359229-B1B0-486E-BD70-60E5CAE57EB1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3479ED5A-E238-452C-87E6-7E834246B06E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E0A165F9-0791-4A2A-B591-E93937E50D5B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{37AD1046-D6B1-4BDE-A4E9-94A7C2E7A09C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{0088764A-3651-42B8-A7A7-8A09DFEB7C8A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{06A7C2E1-88ED-4527-BF94-69E69920D945}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{934C23A6-CEA5-4B39-B5B9-4B0D7F1A1FA2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{63A5EA42-99E1-49FB-8CB1-19F7ECD17192}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{5ECA6328-D66B-4A94-9CFD-7C1D6F3AB79B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7B7C9ECC-8FCD-4671-8690-0449714E9F41}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9A60DF90-1675-4D3A-985A-93996AFA0547}] => (Allow) C:\windows\system32\hasplms.exe
FirewallRules: [{00082531-A9FA-4B94-A2DD-F732723766A5}] => (Allow) C:\Program Files (x86)\ETC\Eos\Eos.exe
FirewallRules: [{72F1E64C-10E8-46E7-8B46-B21690A30689}] => (Allow) C:\windows\SysWOW64\slpd.exe
FirewallRules: [{C03CC6EB-4EFE-45FC-AAB5-ACEC755B08FA}] => (Allow) C:\windows\SysWOW64\slpd.exe
FirewallRules: [{B82CB895-7DEB-4241-97F6-094E225404CE}] => (Allow) C:\windows\SysWOW64\slptool.exe
FirewallRules: [TCP Query User{25015644-D0CD-4D75-92F9-86E975643534}C:\program files\vectorworks2015\vectorworks2015.exe] => (Allow) C:\program files\vectorworks2015\vectorworks2015.exe
FirewallRules: [UDP Query User{B26188C8-8CC3-40FF-8518-393732283B92}C:\program files\vectorworks2015\vectorworks2015.exe] => (Allow) C:\program files\vectorworks2015\vectorworks2015.exe
FirewallRules: [TCP Query User{C7AA6F4E-9812-4D87-9F81-EB28955C9040}C:\program files\vectorworks2015\renderworks\cinerender 64bit.exe] => (Allow) C:\program files\vectorworks2015\renderworks\cinerender 64bit.exe
FirewallRules: [UDP Query User{D5310D58-0C06-40E7-9BD2-DCF5E9EB5427}C:\program files\vectorworks2015\renderworks\cinerender 64bit.exe] => (Allow) C:\program files\vectorworks2015\renderworks\cinerender 64bit.exe
FirewallRules: [{89AE8389-2AD4-4CA9-9B22-F888ACB0617C}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{E3259847-5283-4DC7-ACD6-3BEED114998A}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{73FA6BEA-247C-49C6-AC06-002636A8D50E}] => (Allow) C:\Program Files (x86)\The Bit Studio\Synctunes Desktop\Synctunes.exe
FirewallRules: [{29F46CE6-8CF9-465D-B3B0-13EEDF3CCAD0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{5C84E871-1DFB-45CE-9EA9-7F2B7EF5E584}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2F85D8ED-192A-4650-A5C9-5A368A664624}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1C447AC7-A46F-484F-B085-FAAD4001844B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\WINDOWS\System32\slpd.exe] => Enabled:Service Location Protocol
StandardProfile\AuthorizedApplications: [C:\WINDOWS\System32\slpd.exe] => Enabled:Service Location Protocol
 
==================== Restore Points =========================
 
13-04-2016 17:36:52 Windows Update
22-04-2016 17:03:49 Scheduled Checkpoint
29-04-2016 15:05:35 Restore Operation
02-05-2016 15:10:37 Restore Point Created by FRST
02-05-2016 23:31:31 Restore Operation
03-05-2016 05:11:12 JRT Pre-Junkware Removal
07-05-2016 16:39:15 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/08/2016 12:19:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
 
Error: (05/08/2016 12:19:00 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
 
Error: (05/08/2016 12:17:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 554
 
Start Time: 01d1a94403ece65c
 
Termination Time: 4294967295
 
Application Path: C:\windows\system32\backgroundTaskHost.exe
 
Report Id: 516bd607-1538-11e6-82f6-c677eceff246
 
Faulting package full name: daVincisGarageLLC.LarryBooBoo_1.2.63.159_x64__526xyj0r2d3h2
 
Faulting package-relative application ID: TouchMail
 
Error: (05/08/2016 12:09:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 56286985
 
Error: (05/08/2016 12:09:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 56286985
 
Error: (05/08/2016 12:09:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/08/2016 12:09:34 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPDll
DptfSetConfigTdpLevel:  DeviceIoControl() failed.
 
Error: (05/08/2016 12:09:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 56283516
 
Error: (05/08/2016 12:09:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 56283516
 
Error: (05/08/2016 12:09:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (05/07/2016 11:08:20 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Device Association Service service, but this action failed with the following error: 
%%1056
 
Error: (05/07/2016 11:07:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/07/2016 11:07:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/07/2016 11:07:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/07/2016 11:07:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/07/2016 11:07:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Touch Keyboard and Handwriting Panel Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/07/2016 11:07:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/07/2016 11:07:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/07/2016 11:07:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Network Connection Broker service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (05/07/2016 11:07:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The File History Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-04-29 01:49:53.823
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-29 01:49:48.346
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-28 22:49:42.945
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-28 22:49:41.399
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-28 22:49:39.090
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-28 22:49:35.396
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-28 22:49:31.398
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-28 22:49:27.531
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-28 22:49:23.304
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-28 22:49:19.074
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU N3520 @ 2.16GHz
Percentage of memory in use: 62%
Total physical RAM: 3979.22 MB
Available physical RAM: 1473.11 MB
Total Virtual: 8075.22 MB
Available Virtual: 4686.53 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:427.7 GB) (Free:235.43 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CAFAD3AC)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#13
nicechaibabe

nicechaibabe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Also, on a side note, every time I went to shut off windows defender, when requested, it told me it was disabled by group policy-is that an issue that would likely be caused by malware or just an issue with my configurations?


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Let me take a look be back shortly.
  • 0

#15
nicechaibabe

nicechaibabe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Thank you! Take your time, I know it's a slightly off-topic question.   :)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP