Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

liveadexchanger.com won't go away


  • This topic is locked This topic is locked
38 replies to this topic

#1 edcolandra

edcolandra

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metuchen, NJ
  • Local time:07:02 AM

Posted 25 April 2016 - 06:22 PM

Hello

I have tried every version of both paid and free trial malware/anti-virus to no avail.

Including Malwarebytes, McAfee, Windows Essentials, Hitman, and more.

 

Please let me know what you need from me to start the process...

 

Thank you in advance,

ed in NJ



BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 AM

Posted 25 April 2016 - 06:44 PM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's take a look at your machine and see what's going on. :)


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable it after you have completed the steps.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 edcolandra

edcolandra
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metuchen, NJ
  • Local time:07:02 AM

Posted 25 April 2016 - 07:20 PM

Attached File  FRST.txt   58.29KB   8 downloadsAttached File  Addition.txt   52.33KB   8 downloads

 

Attached are files you requested.

 

ed



#4 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 AM

Posted 25 April 2016 - 08:29 PM

Hello, let's get started. :)

Please copy and paste the logs into your replies instead of attaching them. It makes them much easier to analyze. :) When you post these logs, please let me know how the machine is running. :thumbup2:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-3546548869-3357250835-2681684413-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
CHR DefaultSearchURL: Default -> hxxps://secure.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.homepage-web.com
S4 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [X]
S3 RoxMediaDB10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz138; \??\C:\Users\ed\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 mfeavfk01; \Device\mfeavfk01.sys [X]
S3 mfeavfk02; \Device\mfeavfk02.sys [X]
S3 mfeavfk03; \Device\mfeavfk03.sys [X]
CustomCLSID: HKU\S-1-5-21-3546548869-3357250835-2681684413-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\ed\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3546548869-3357250835-2681684413-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\ed\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CMD: ipconfig /flushdns
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Junkware Removal Tool

junkware-removal-tool_zpspjolgpuh.png Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\Adwcleaner
Step 4: Fresh FRST Logs
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#5 edcolandra

edcolandra
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metuchen, NJ
  • Local time:07:02 AM

Posted 25 April 2016 - 09:59 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:25-04-2016
Ran by ed (2016-04-25 22:32:56) Run:1
Running from C:\Users\ed\Desktop
Loaded Profiles: ed (Available Profiles: ed)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-3546548869-3357250835-2681684413-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
CHR DefaultSearchURL: Default -> hxxps://secure.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.homepage-web.com
S4 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [X]
S3 RoxMediaDB10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz138; \??\C:\Users\ed\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 mfeavfk01; \Device\mfeavfk01.sys [X]
S3 mfeavfk02; \Device\mfeavfk02.sys [X]
S3 mfeavfk03; \Device\mfeavfk03.sys [X]
CustomCLSID: HKU\S-1-5-21-3546548869-3357250835-2681684413-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\ed\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3546548869-3357250835-2681684413-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\ed\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CMD: ipconfig /flushdns
Emptytemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
Chrome DefaultSearchURL => not found.
Chrome DefaultSearchKeyword => not found.
RealPlayer Cloud Service => service removed successfully
RoxMediaDB10 => service removed successfully
catchme => service removed successfully
cpuz138 => service removed successfully
mfeavfk01 => service removed successfully
mfeavfk02 => service removed successfully
mfeavfk03 => service removed successfully
"HKU\S-1-5-21-3546548869-3357250835-2681684413-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-3546548869-3357250835-2681684413-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 173.2 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 22:34:22 ====


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.5 (04.20.2016)
Operating System: Windows 7 Professional x64
Ran by ed (Administrator) on Mon 04/25/2016 at 22:43:46.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 8

Successfully deleted: C:\Users\ed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\19IMO9V2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7F0QQ314 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FZ5A2V2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A16TC998 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\19IMO9V2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7F0QQ314 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FZ5A2V2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A16TC998 (Temporary Internet Files Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/25/2016 at 22:46:03.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


# AdwCleaner v5.021 - Logfile created 14/11/2015 at 23:20:23
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : ed - ED-PC
# Running from : C:\Users\ed\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Users\ed\AppData\Roaming\Mozilla\Firefox\Profiles\b53oleg4.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\ed\AppData\Roaming\Mozilla\Firefox\Profiles\b53oleg4.default\Extensions\anttoolbar@ant.com

***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Yahoo\Companion

***** [ Web browsers ] *****

[C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search provided by yahoo.com

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2011 bytes] ##########
# AdwCleaner v5.113 - Logfile created 25/04/2016 at 22:50:46
# Updated 24/04/2016 by Xplode
# Database : 2016-04-24.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : ed - ED-PC
# Running from : C:\Users\ed\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [6873 bytes] - [24/04/2016 21:19:40]
C:\AdwCleaner\AdwCleaner[C2].txt - [2278 bytes] - [15/11/2015 00:21:38]
C:\AdwCleaner\AdwCleaner[R0].txt - [2175 bytes] - [25/03/2015 14:57:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [2272 bytes] - [25/03/2015 15:00:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [6739 bytes] - [24/04/2016 21:16:26]
C:\AdwCleaner\AdwCleaner[S2].txt - [3059 bytes] - [15/11/2015 00:20:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3132 bytes] ##########

#6 edcolandra

edcolandra
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metuchen, NJ
  • Local time:07:02 AM

Posted 25 April 2016 - 10:15 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-04-2016
Ran by ed (administrator) on ED-PC (25-04-2016 23:11:03)
Running from C:\Users\ed\Desktop
Loaded Profiles: ed (Available Profiles: ed)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchService.exe
(Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchUser.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(© 2015 Microsoft Corporation) C:\Users\ed\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(EuroSmartz Ltd) C:\Program Files (x86)\WePrint\WePrint Server.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMResident.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_213_ActiveX.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2013-11-29] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (Lenovo)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388600 2013-04-15] (Lenovo Group Limited)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [TPFanControl] => C:\Program Files\TPFanControl\TPFanControl.exe [154624 2015-01-05] (troubadix)
HKLM-x32\...\Run: [TSMResident] => C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE [485336 2012-01-27] (Lenovo Group Limited)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [113656 2013-07-02] (Intel Corporation)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2015-12-18] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\...\Run: [join.me.launcher] => C:\Users\ed\AppData\Local\join.me.launcher\join.me.launcher.exe [176560 2015-10-27] (LogMeIn, Inc)
HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\...\Run: [BingSvc] => C:\Users\ed\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-10] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-12-01] (Apple Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-02-10]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-04-15]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WePrint Server.lnk [2015-03-26]
ShortcutTarget: WePrint Server.lnk -> C:\Program Files (x86)\WePrint\WePrint Server.exe (EuroSmartz Ltd)
BootExecute: autocheck autochk * Partizan

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{010E7AF4-AFD5-4EFC-9875-F48384D88CF1}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{BBCCA4C1-B43B-4F66-9CCB-81347F5D3B4B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D04DB3A4-486B-4CBC-B9BF-03864C66634F}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3546548869-3357250835-2681684413-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5HDF&PC=SL5H&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3546548869-3357250835-2681684413-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5HDF&PC=SL5H&q={searchTerms}&src=IE-SearchBox
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-04-03] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-04-03] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-04-03] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2016-04-03] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T30L10NSP1-10038/webex/ieatgpc1.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-03-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-03-31] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\ed\AppData\Roaming\Mozilla\Firefox\Profiles\b53oleg4.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: www.google.com
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5DDF&PC=SL5D&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2014-07-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2014-07-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-25] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3546548869-3357250835-2681684413-1000: @citrixonline.com/appdetectorplugin -> C:\Users\ed\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-25] (Citrix Online)
FF Plugin HKU\S-1-5-21-3546548869-3357250835-2681684413-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\ed\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3546548869-3357250835-2681684413-1000: @talk.google.com/O1DPlugin -> C:\Users\ed\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3546548869-3357250835-2681684413-1000: @tools.google.com/Google Update;version=3 -> C:\Users\ed\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3546548869-3357250835-2681684413-1000: @tools.google.com/Google Update;version=9 -> C:\Users\ed\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\ed\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ed\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-04-09] [not signed]
FF HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 => not found

Chrome:
=======
CHR Profile: C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-25]
CHR Extension: (Google Docs) - C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-25]
CHR Extension: (Google Drive) - C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-25]
CHR Extension: (YouTube) - C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-25]
CHR Extension: (Google Sheets) - C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-25]
CHR Extension: (Google Docs Offline) - C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-25]
CHR Extension: (No Name) - C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-25]
CHR Extension: (Personal Blocklist (by Google)) - C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2016-04-25]
CHR Extension: (Buffer) - C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2016-04-25]
CHR Extension: (Gmail) - C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ASRSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [79136 2010-10-28] (Lenovo Group Limited)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-04-03] (Microsoft Corporation)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [514048 2012-07-18] (Red Bend Ltd.) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2015-04-17] (Lenovo.)
R2 GobiQDLService; C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [312688 2011-11-25] (Sierra Wireless, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [619776 2015-01-15] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [889704 2016-03-31] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe [1709096 2016-03-14] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [718248 2016-03-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2016-01-25] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-02-19] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1037048 2016-03-15] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
S3 ose64; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [242720 2016-04-02] (Microsoft Corporation) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [896456 2016-03-02] (Intel Security, Inc.)
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31176 2016-01-20] (SHAREit Technologies Co.Ltd)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [5650296 2012-04-10] (Wacom Technology, Corp.)
R2 TabletSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [83920 2012-02-08] (Lenovo Group Limited)
R2 TouchServiceISD; C:\Program Files\Tablet\ISD\ISD_TouchService.exe [449912 2012-04-10] (Wacom Technology, Corp.)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [979456 2012-07-18] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2016-01-29] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HBtnKey; C:\Windows\system32\drivers\wstbtndb.sys [17064 2010-06-28] (Lenovo)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [388368 2011-11-30] (Intel® Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [78096 2011-11-30] (Intel® Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-25] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [84824 2016-03-16] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2016-01-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2016-04-25] (Greatis Software)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [42224 2013-11-15] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S3 swg3kmbb01; C:\Windows\System32\DRIVERS\swg3kmbb01.sys [458240 2012-04-13] (Sierra Wireless Incorporated)
S3 swg3knmea01; C:\Windows\system32\drivers\swg3knmea01.sys [259584 2012-04-13] (Sierra Wireless Incorporated)
S3 swg3kser01; C:\Windows\system32\drivers\swg3kser01.sys [259584 2012-04-13] (Sierra Wireless Incorporated)
S3 swibus01; C:\Windows\system32\drivers\swibus01.sys [79360 2012-04-13] (Sierra Wireless Inc.)
S3 swibusflt01; C:\Windows\system32\drivers\swibusflt01.sys [79360 2012-04-13] (Sierra Wireless Inc.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows ® Win 7 DDK provider)
S3 wacomhidfilter; C:\Windows\system32\drivers\wacomhidfilter.sys [11520 2012-04-10] (Wacom Technology)
R3 wacomvthid; C:\Windows\system32\drivers\WacomVTHid.sys [16368 2012-04-10] (Wacom Technology)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-25 23:11 - 2016-04-25 23:11 - 00036262 _____ C:\Users\ed\Desktop\FRST.txt
2016-04-25 22:52 - 2016-04-25 22:52 - 00003211 _____ C:\Users\ed\Desktop\AdwCleaner[S2].txt
2016-04-25 22:47 - 2016-04-25 22:48 - 03580480 _____ C:\Users\ed\Desktop\AdwCleaner.exe
2016-04-25 22:46 - 2016-04-25 22:46 - 00001859 _____ C:\Users\ed\Desktop\JRT.txt
2016-04-25 22:43 - 2016-04-25 22:43 - 01610008 _____ (Malwarebytes) C:\Users\ed\Desktop\JRT.exe
2016-04-25 22:32 - 2016-04-25 23:05 - 00003235 _____ C:\Users\ed\Desktop\Fixlog.txt
2016-04-25 22:27 - 2016-04-25 22:27 - 00000000 ____D C:\Users\ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2016-04-25 20:51 - 2016-04-25 20:51 - 00000000 ____D C:\@RestoreQuarantine
2016-04-25 19:58 - 2016-04-25 19:58 - 02376192 _____ (Farbar) C:\Users\ed\Desktop\FRST64.exe
2016-04-25 19:00 - 2016-04-25 23:06 - 00000244 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2016-04-25 18:54 - 2016-04-25 18:54 - 00040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2016-04-25 18:54 - 2016-04-25 18:54 - 00000002 RSHOT C:\Windows\winstart.bat
2016-04-25 18:54 - 2016-04-25 18:54 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2016-04-25 18:54 - 2016-04-25 18:54 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2016-04-25 18:54 - 2016-04-25 18:54 - 00000000 ____D C:\ProgramData\RegRun
2016-04-25 18:53 - 2016-04-25 20:49 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-04-25 18:53 - 2016-04-25 18:59 - 00000000 ____D C:\Users\ed\Documents\RegRun2
2016-04-25 18:53 - 2016-04-25 18:56 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2016-04-25 18:53 - 2016-04-25 18:53 - 17475297 _____ C:\Users\ed\Desktop\unhackme.zip
2016-04-25 18:53 - 2016-04-25 18:53 - 00003312 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2016-04-25 18:53 - 2016-04-25 18:53 - 00001018 _____ C:\Users\ed\Desktop\UnHackMe.lnk
2016-04-25 18:53 - 2016-04-25 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-04-25 18:53 - 2016-04-05 15:17 - 00012808 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2016-04-25 18:53 - 2015-12-28 11:32 - 00049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe
2016-04-25 17:24 - 2016-04-25 17:24 - 01610008 _____ (Malwarebytes) C:\Users\ed\Downloads\JRT.exe
2016-04-25 16:57 - 2016-04-25 17:04 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-25 12:06 - 2016-04-25 12:06 - 00060708 _____ C:\Users\ed\Desktop\fix.txt
2016-04-25 12:04 - 2016-04-25 12:04 - 00060708 _____ C:\ComboFix.txt
2016-04-25 11:45 - 2016-04-25 20:17 - 00053585 _____ C:\Users\ed\Desktop\Addition.txt
2016-04-25 11:45 - 2016-04-25 11:45 - 00070076 _____ C:\Users\ed\Desktop\Shortcut.txt
2016-04-25 11:44 - 2016-04-25 11:44 - 00070076 _____ C:\Users\ed\Downloads\Shortcut.txt
2016-04-25 11:43 - 2016-04-25 11:44 - 00050859 _____ C:\Users\ed\Downloads\Addition.txt
2016-04-25 11:41 - 2016-04-25 23:11 - 00000000 ____D C:\FRST
2016-04-25 11:41 - 2016-04-25 11:44 - 00124001 _____ C:\Users\ed\Downloads\FRST.txt
2016-04-25 11:40 - 2016-04-25 11:41 - 02375680 _____ (Farbar) C:\Users\ed\Downloads\FRST64.exe
2016-04-25 11:26 - 2016-04-25 11:26 - 03580480 _____ C:\Users\ed\Downloads\adwcleaner_5.113.exe
2016-04-25 11:00 - 2016-04-25 11:00 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-04-25 01:46 - 2016-04-25 23:06 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-25 01:46 - 2016-04-25 22:51 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-25 01:46 - 2016-04-25 01:46 - 00003886 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-25 01:46 - 2016-04-25 01:46 - 00003634 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-25 01:46 - 2016-04-25 01:46 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-25 01:46 - 2016-04-25 01:46 - 00002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-25 01:45 - 2016-04-25 01:45 - 00987728 _____ (Google Inc.) C:\Users\ed\Downloads\ChromeSetup.exe
2016-04-25 00:53 - 2016-04-25 12:11 - 00259588 _____ C:\Windows\ntbtlog.txt
2016-04-24 22:39 - 2016-04-24 22:39 - 00000000 _____ C:\autoexec.bat
2016-04-24 21:25 - 2016-04-25 00:30 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-04-24 21:25 - 2016-04-24 22:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-24 07:05 - 2016-04-24 07:07 - 00253842 _____ C:\TDSSKiller.3.1.0.9_24.04.2016_07.05.28_log.txt
2016-04-24 07:03 - 2016-04-24 07:03 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-04-24 07:00 - 2016-04-24 07:03 - 00256984 _____ C:\TDSSKiller.3.1.0.9_24.04.2016_07.00.34_log.txt
2016-04-24 07:00 - 2016-04-24 07:00 - 00000364 _____ C:\TDSSKiller.3.1.0.5_24.04.2016_07.00.08_log.txt
2016-04-24 04:20 - 2016-04-24 04:20 - 00001487 _____ C:\Users\ed\Desktop\ReadMe-1.txt
2016-04-24 04:13 - 2016-04-24 04:13 - 00000000 ____D C:\Program Files (x86)\windriveuse
2016-04-24 04:08 - 2016-04-25 00:30 - 00000000 ____D C:\Users\ed\Downloads\Adobe Acrobat XI PRO V11 (1)
2016-04-24 03:37 - 2016-04-24 03:37 - 00003413 _____ C:\Users\ed\Documents\hosts.txt
2016-04-24 03:08 - 2016-04-25 00:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-04-24 02:46 - 2016-04-25 00:30 - 00000000 ____D C:\Users\ed\AppData\Roaming\uTorrent
2016-04-24 02:05 - 2016-04-24 02:05 - 00000000 ____D C:\Users\ed\AppData\Roaming\PDF Producer
2016-04-24 01:54 - 2016-04-24 03:01 - 00000000 ____D C:\Users\ed\AppData\Roaming\PDF Architect 4
2016-04-24 01:52 - 2016-04-24 02:59 - 00000000 ____D C:\Program Files (x86)\PDF Architect 4
2016-04-24 01:49 - 2016-04-25 00:59 - 00000000 ____D C:\Program Files\PDFCreator.SH!
2016-04-24 01:49 - 2016-04-25 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2016-04-24 01:49 - 2016-04-25 00:30 - 00000000 ____D C:\ProgramData\PDF Architect 4
2016-04-24 01:49 - 2016-04-24 01:49 - 00120072 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2016-04-24 01:47 - 2016-04-24 01:48 - 27650032 _____ (pdfforge GmbH ) C:\Users\ed\Downloads\PDFCreator-2_3_0-Setup.exe
2016-04-24 01:43 - 2016-04-25 00:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF2EXE
2016-04-24 01:43 - 2016-04-24 01:43 - 01697622 _____ (CoolPDF Software, Inc. ) C:\Users\ed\Downloads\pdf2exe.exe
2016-04-21 23:08 - 2016-04-25 00:30 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-20 17:17 - 2016-04-20 17:17 - 00738880 _____ (Oracle Corporation) C:\Users\ed\Downloads\jxpiinstall.exe
2016-04-20 04:12 - 2016-04-20 04:12 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-04-19 22:00 - 2016-04-19 22:00 - 00052978 _____ C:\Users\ed\Desktop\chamber-white-paper.pdf
2016-04-17 20:31 - 2016-04-17 20:31 - 00495035 _____ C:\Users\ed\Desktop\brochuregen.pdf
2016-04-17 19:32 - 2016-04-17 19:32 - 00041928 _____ C:\Users\ed\Desktop\IHS_HIPAA_Security_Checklist.pdf
2016-04-17 17:40 - 2016-04-17 17:40 - 00086900 _____ C:\Users\ed\Desktop\write-emotional-headlines-power-words-copy.pdf
2016-04-14 01:16 - 2016-04-25 02:07 - 00000000 ____D C:\Users\ed\AppData\LocalLow\Adblock Plus for IE
2016-04-14 01:16 - 2016-04-14 01:16 - 00000000 ____D C:\Program Files\Adblock Plus for IE
2016-04-13 14:51 - 2016-04-13 14:51 - 00046401 _____ C:\Users\ed\Desktop\combo.txt
2016-04-12 07:15 - 2016-04-12 07:15 - 00002386 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-04-11 21:46 - 2016-04-25 00:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-06 17:11 - 2016-03-16 14:56 - 00084824 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2016-04-04 00:15 - 2016-04-04 00:15 - 00110520 _____ C:\Users\ed\Downloads\myseoaudit.pdf
2016-03-31 22:30 - 2016-04-25 00:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-03-31 22:30 - 2016-03-31 22:30 - 00002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-03-31 22:30 - 2016-03-31 22:30 - 00002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-03-31 22:30 - 2016-03-31 22:30 - 00002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-03-31 22:30 - 2016-03-31 22:30 - 00002343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-03-31 22:30 - 2016-03-31 22:30 - 00002337 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-03-31 22:30 - 2016-03-31 22:30 - 00002331 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-03-31 22:30 - 2016-03-31 22:30 - 00002323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-03-31 22:27 - 2016-03-31 22:27 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-25 23:11 - 2009-07-14 01:13 - 00783456 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-25 23:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-25 23:07 - 2015-07-27 00:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-25 23:07 - 2015-03-26 23:17 - 00000000 ____D C:\Users\ed\Documents\WePrint
2016-04-25 23:07 - 2015-03-24 20:43 - 00000000 __RSD C:\Users\ed\Documents\McAfee Vaults
2016-04-25 23:06 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-25 23:03 - 2015-03-25 13:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-25 22:44 - 2009-07-14 00:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-25 22:44 - 2009-07-14 00:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-25 22:35 - 2009-07-14 01:08 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-25 22:33 - 2015-09-22 19:07 - 00000000 ____D C:\Users\ed\AppData\LocalLow\Temp
2016-04-25 22:27 - 2015-05-30 03:25 - 00000628 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3546548869-3357250835-2681684413-1000.job
2016-04-25 22:27 - 2015-04-10 10:54 - 00000532 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3546548869-3357250835-2681684413-1000.job
2016-04-25 21:30 - 2016-02-22 07:47 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-04-25 20:47 - 2015-04-03 10:32 - 00000000 ____D C:\Users\ed\Desktop\edco
2016-04-25 18:59 - 2015-03-24 20:12 - 00000000 ____D C:\Users\ed
2016-04-25 16:53 - 2015-05-15 22:33 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2016-04-25 16:38 - 2015-03-25 00:18 - 01350423 _____ C:\Users\ed\Desktop\Cash Flow.xlsx
2016-04-25 13:22 - 2016-02-01 02:38 - 00130368 _____ C:\Users\ed\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-25 13:21 - 2016-02-01 02:43 - 00497464 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-25 12:10 - 2015-08-26 01:20 - 00000000 ____D C:\Windows\system32\appmgmt
2016-04-25 12:10 - 2015-03-25 13:31 - 00000000 ____D C:\ProgramData\Adobe
2016-04-25 12:05 - 2015-07-31 21:43 - 00000000 ____D C:\Qoobox
2016-04-25 12:05 - 2015-03-25 13:55 - 00000000 ____D C:\Users\ed\AppData\Local\Apps\2.0
2016-04-25 12:01 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-04-25 11:51 - 2015-11-13 23:22 - 05660058 ____R (Swearware) C:\Users\ed\Desktop\ComboFix.exe
2016-04-25 11:49 - 2015-03-25 13:31 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-25 11:26 - 2015-03-25 14:57 - 00000000 ____D C:\AdwCleaner
2016-04-25 01:46 - 2015-03-25 13:56 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-25 01:40 - 2015-11-14 13:03 - 00000000 ____D C:\Windows\en
2016-04-25 00:30 - 2016-03-10 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-04-25 00:30 - 2016-02-26 07:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LenovoSHAREit
2016-04-25 00:30 - 2016-02-24 15:36 - 00000000 ____D C:\Users\ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AdWords Editor
2016-04-25 00:30 - 2016-02-23 23:44 - 00000000 ____D C:\Users\ed\Desktop\Tip and Ideas
2016-04-25 00:30 - 2016-02-08 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
2016-04-25 00:30 - 2016-02-08 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2016-04-25 00:30 - 2016-02-04 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-04-25 00:30 - 2016-02-01 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-04-25 00:30 - 2016-01-29 03:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TPFanControl
2016-04-25 00:30 - 2016-01-23 04:52 - 00000000 ____D C:\Users\ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-04-25 00:30 - 2015-12-25 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-25 00:30 - 2015-12-25 22:46 - 00000000 ____D C:\Program Files\iTunes
2016-04-25 00:30 - 2015-12-11 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-04-25 00:30 - 2015-12-01 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-25 00:30 - 2015-11-14 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-04-25 00:30 - 2015-08-21 08:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-04-25 00:30 - 2015-08-08 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage
2016-04-25 00:30 - 2015-07-31 21:43 - 00000000 ____D C:\Windows\erdnt
2016-04-25 00:30 - 2015-07-27 00:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-25 00:30 - 2015-07-27 00:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-25 00:30 - 2015-05-11 20:06 - 00000000 ____D C:\Users\ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2016-04-25 00:30 - 2015-05-07 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-25 00:30 - 2015-04-12 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-25 00:30 - 2015-04-03 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-25 00:30 - 2015-03-26 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
2016-04-25 00:30 - 2015-03-26 23:17 - 00000000 ____D C:\Users\ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WePrint
2016-04-25 00:30 - 2015-03-26 23:17 - 00000000 ____D C:\Program Files (x86)\WePrint
2016-04-25 00:30 - 2015-03-25 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-04-25 00:30 - 2015-03-25 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-04-25 00:30 - 2015-03-25 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-25 00:30 - 2015-03-25 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX350 series
2016-04-25 00:30 - 2015-03-24 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-04-25 00:30 - 2014-02-10 16:16 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-04-25 00:30 - 2014-02-10 16:10 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-04-25 00:30 - 2014-02-10 14:31 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2016-04-25 00:30 - 2014-02-10 14:31 - 00000000 ____D C:\ProgramData\Lenovo
2016-04-25 00:30 - 2014-02-10 10:26 - 00000000 ____D C:\RPKTools
2016-04-25 00:30 - 2011-04-12 04:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-04-25 00:30 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-25 00:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-25 00:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-04-24 15:56 - 2016-01-09 22:48 - 00000000 ____D C:\Users\ed\Desktop\SPLC
2016-04-24 07:00 - 2016-02-06 01:43 - 00000000 ____D C:\Users\ed\AppData\Local\CrashDumps
2016-04-24 04:06 - 2015-11-15 23:12 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-04-24 03:44 - 2016-01-22 01:25 - 00000000 ____D C:\Users\ed\AppData\LocalLow\uTorrent
2016-04-24 02:34 - 2016-02-15 22:15 - 00000000 ____D C:\Users\ed\Desktop\MMS
2016-04-23 20:52 - 2015-04-06 20:21 - 00000000 ____D C:\Users\ed\Desktop\RRS
2016-04-23 19:28 - 2015-03-25 13:29 - 00000000 ____D C:\Users\ed\AppData\Local\Adobe
2016-04-21 23:08 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-04-21 19:29 - 2015-11-19 02:41 - 00000000 ____D C:\Users\ed\Documents\cvcoptdata
2016-04-20 17:19 - 2015-03-25 14:51 - 00000000 ____D C:\ProgramData\Oracle
2016-04-20 17:19 - 2015-03-25 14:51 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-20 17:18 - 2015-12-01 10:24 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-20 17:18 - 2015-08-21 08:14 - 00000000 ____D C:\Users\ed\.oracle_jre_usage
2016-04-20 04:12 - 2015-04-03 14:10 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-20 04:12 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-20 04:11 - 2015-04-03 14:10 - 00000000 ____D C:\Program Files\Microsoft Office
2016-04-18 00:21 - 2015-12-02 16:18 - 00000000 ____D C:\Users\ed\Documents\My Kindle Content
2016-04-15 20:43 - 2015-03-25 14:00 - 00000000 ____D C:\Users\ed\Downloads\Ant Videos
2016-04-14 02:43 - 2015-05-30 03:25 - 00003642 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3546548869-3357250835-2681684413-1000
2016-04-14 02:43 - 2015-04-10 10:54 - 00003546 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3546548869-3357250835-2681684413-1000
2016-04-12 07:41 - 2015-11-16 12:32 - 00000000 ____D C:\Users\ed\AppData\Roaming\avidemux
2016-04-11 17:18 - 2015-03-25 13:33 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-11 17:18 - 2015-03-25 13:33 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-11 17:18 - 2015-03-25 13:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-11 00:03 - 2015-04-12 22:26 - 00000000 ____D C:\Users\ed\AppData\Roaming\vlc
2016-04-08 13:40 - 2015-03-24 20:33 - 00000000 ____D C:\ProgramData\McAfee
2016-04-08 04:42 - 2015-07-15 16:24 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-04-06 17:11 - 2015-03-24 20:33 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-04-06 17:09 - 2015-06-29 03:33 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-03-31 22:58 - 2014-02-10 16:09 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-31 22:45 - 2015-04-03 14:18 - 00002156 _____ C:\Users\ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-03-31 22:45 - 2015-04-03 14:18 - 00002111 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-03-31 22:45 - 2015-04-03 14:18 - 00002111 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-03-31 22:45 - 2015-04-03 14:18 - 00000000 ___RD C:\Users\ed\OneDrive
2016-03-31 22:45 - 2015-04-03 14:18 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2016-03-31 10:25 - 2016-01-25 16:54 - 00000000 ____D C:\ProgramData\WinZip

==================== Files in the root of some directories =======

2015-04-03 14:35 - 2015-04-03 14:57 - 0000133 _____ () C:\Users\ed\AppData\Roaming\GeneralSetting.xml
2014-07-09 13:01 - 2014-07-09 13:01 - 0022976 _____ (Intel Corporation) C:\Users\ed\AppData\Roaming\JomCap.dll
2015-04-03 14:34 - 2015-04-03 14:34 - 0000019 _____ () C:\Users\ed\AppData\Roaming\LocationSetting.xml
2015-04-03 14:35 - 2015-04-03 14:57 - 0000360 _____ () C:\Users\ed\AppData\Roaming\LoginSetting.xml
2016-03-20 22:37 - 2016-03-20 22:41 - 0000600 _____ () C:\Users\ed\AppData\Local\PUTTY.RND
2015-11-15 21:46 - 2016-02-23 22:28 - 0007606 _____ () C:\Users\ed\AppData\Local\Resmon.ResmonCfg
2015-03-24 20:12 - 2014-02-11 08:11 - 0030280 _____ () C:\Users\ed\AppData\Local\WiDiSetupLog.20140211.041004.wdl
2015-08-25 14:02 - 2015-08-25 14:03 - 0036933 _____ () C:\Users\ed\AppData\Local\WiDiSetupLog.20150825.140221.wdl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-18 19:09

==================== End of FRST.txt



#7 edcolandra

edcolandra
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metuchen, NJ
  • Local time:07:02 AM

Posted 25 April 2016 - 10:17 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-04-2016
Ran by ed (2016-04-25 23:12:21)
Running from C:\Users\ed\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-03-25 00:12:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3546548869-3357250835-2681684413-500 - Administrator - Disabled)
ed (S-1-5-21-3546548869-3357250835-2681684413-1000 - Administrator - Enabled) => C:\Users\ed
Guest (S-1-5-21-3546548869-3357250835-2681684413-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3546548869-3357250835-2681684413-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)
AdWords Editor (HKLM-x32\...\{C026D7E1-DA53-11E5-90AC-B8AC6F88925A}) (Version: 11.2.4.0 - Google)
Amazon Kindle (HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MX350 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series) (Version:  - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.87 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
IBM Lotus Symphony (HKLM-x32\...\{638b91e2-b5ee-49f3-8348-be72f2d65d13}) (Version: 3.01.12011 - IBM)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Identity Protection Technology 1.2.32.0 (HKLM-x32\...\{2D793E41-F598-1014-9984-F3B169A93F79}) (Version: 1.2.32.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1211 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel® WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5F588B19-C575-4750-86FD-6ED2B76E61F1}) (Version: 7.50.0000 - Intel Corporation)
ISD Tablet (HKLM\...\ISD Tablet Driver) (Version: 7.0.2-29 - Wacom Technology Corp.)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
join.me (HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\...\JoinMe) (Version: 2.12.0.1804 - LogMeIn, Inc.)
join.me.launcher (x32 Version: 1.0.624.0 - LogMeIn, Inc.) Hidden
Lenovo Central Audio (x32 Version: 3.8.0 - Sonic Solutions) Hidden
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.17 - Lenovo)
Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.16 - Lenovo)
Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 14.0.8185 - McAfee, Inc.)
Message Center Plus (HKLM\...\{EE4D9822-C7F3-4386-8703-889CDDA22FAA}) (Version: 3.4.0001.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Lync 2013 (HKLM\...\Office15.LYNC) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.6769.2017 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetBeans IDE 7.4 (HKLM-x32\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
Optimum App for Laptop 4.12 (HKLM\...\{6082AB31-92B1-4832-AC89-3B2E6D8C14FE}) (Version: 4.12 - Cablevision)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.5 - Lenovo Group Limited)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.003.11 - Lenovo)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-012C-0000-1000-0000000FF1CE}_Office15.LYNC_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.2.0.543 - Lenovo)
Sierra Wireless QMI Lenovo Driver Package (HKLM-x32\...\SWILenovoDrvInstaller) (Version: 1.0.45.0 - Sierra Wireless Inc.)
Single Sign-On (HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\...\be747e9c9e2e034e) (Version: 2014.9.30.4 - SystemServer)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.04 - )
ThinkPad Tablet Shortcut Menu (HKLM-x32\...\{9a2db59f-091a-40b4-958d-1c8264624126}) (Version: 6.33 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.11 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.07 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.80 - Lenovo)
TPFanControl v0.62 (HKLM\...\{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1) (Version:  - troubadix)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.1 - Tweaking.com)
UnHackMe 8.00 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.LYNC_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.LYNC_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.LYNC_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-012C-0000-1000-0000000FF1CE}_Office15.LYNC_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.11 - Wacom Technology Corp.)
WePrint (HKLM-x32\...\WePrint) (Version:  - EuroSmartz Ltd)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
XAMPP (HKLM-x32\...\xampp) (Version: 7.0.2-1 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3546548869-3357250835-2681684413-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\ed\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3546548869-3357250835-2681684413-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ed\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3546548869-3357250835-2681684413-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\ed\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3546548869-3357250835-2681684413-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\ed\AppData\Local\Citrix\GoToMeeting\3277\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3546548869-3357250835-2681684413-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ed\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01FE4CC0-EBD6-4EF9-B09B-E33CE82D7478} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-10] (McAfee, Inc.)
Task: {08100C62-2193-4412-BC15-95864F78B264} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
Task: {0974D68A-086C-4370-A7D4-376A5CE3F97B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-25] (Google Inc.)
Task: {0C7FD49B-1DD3-49C9-AAB0-09BE003677D5} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-02-22] (Lenovo)
Task: {152B80E2-5E3B-481E-B689-DD0E3BC8A434} - System32\Tasks\{13130BE6-0069-4CD7-B145-9B81962B07AE} => pcalua.exe -a "C:\Users\ed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0H18PJIG\JavaSetup8u66.exe" -d C:\Users\ed\Desktop
Task: {18D057F6-6D90-4C20-BAC8-148D4CE7A24C} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2015-04-17] (Lenovo Group Limited)
Task: {2175FDB8-0DF8-4CFB-B9E3-616761DF8B26} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2015-03-23] (Lenovo)
Task: {22742A44-4BC8-496B-88FC-45D5D77AB263} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.)
Task: {3030C7EE-798F-4D95-A5BE-D3C2625AD42D} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-10] (McAfee, Inc.)
Task: {3078BDDE-95A3-443F-AF47-FA2E29D6635C} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {379E95A5-D8E6-41D0-9676-F60F47CCDCA1} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {3B53BC3F-355C-451E-88C5-79B14E526B26} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-03-10] (McAfee, Inc.)
Task: {43FE8E65-A453-4610-A763-A73C05F3EC09} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-03] (Microsoft Corporation)
Task: {66EB4053-DB7B-4101-AEBB-9AC70926F1E1} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {7901BD43-4107-4932-B4C1-6C7C8E8C959F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-25] (Google Inc.)
Task: {7D87C88D-84CF-4891-9C5F-40B8F2C99C33} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {825CD9E1-740B-4DFE-BFD4-D9155C6E586F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
Task: {874B4C19-0493-4204-8DE2-9059246A5B24} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {87C377FA-9D5B-46DA-A83F-C9F2C205297A} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {89C65C65-F56F-48EE-8525-52E096FDF8B9} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-02-22] (Lenovo)
Task: {8D869510-1B26-4A97-A457-1934F2B76246} - System32\Tasks\{B571C3EC-8410-4C58-A4C1-00AEFA5D496C} => pcalua.exe -a "C:\Users\ed\AppData\Local\Temp\Temp2_Microsoft_Office_2007_Enterprise.zip\Office 2007 Enterprise\Setup\setup.exe"
Task: {8EE2E6CD-D053-4658-BEE3-2582FEA0BC64} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {93C39DFF-F1F4-442D-AA04-A5825F91BAE4} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] ()
Task: {A8B77501-D041-4F29-BF63-F37E0B51D8DD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
Task: {AFB4424E-1046-4490-A5BA-15DE5EA15291} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
Task: {B06AE39A-E15A-4BA9-889B-342B4D9F0B4A} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2016-04-05] (Greatis Software)
Task: {B30C91A7-EA9D-4FCB-A0E2-BD826A337074} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {B60DAD90-FF41-4F86-9948-794470E4B71C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {C3C8BFDF-F455-4B56-B00C-93BFE7DB854E} - System32\Tasks\{33B23E46-5F66-4FBB-AE6E-AF084E4BD079} => pcalua.exe -a "C:\Users\ed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NCS7BJHN\Shockwave_Installer_Full.exe" -d C:\Users\ed\Desktop
Task: {CA9FA90B-F0E1-4B15-ABDC-E507ECACDF0B} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {E09C47A5-7F54-41D6-8CE3-D7D82302D135} - System32\Tasks\G2MUpdateTask-S-1-5-21-3546548869-3357250835-2681684413-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4800\g2mupdate.exe [2016-04-14] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {EA820697-578F-4D1A-894B-CF73ECEE32B2} - System32\Tasks\G2MUploadTask-S-1-5-21-3546548869-3357250835-2681684413-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4800\g2mupload.exe [2016-04-14] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F4528866-1854-4B7F-9288-8647E42936C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-11] (Adobe Systems Incorporated)
Task: {F5D86C61-6CC0-429C-94E4-6E74C08526FE} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {FDE2A0E5-C2F7-45E1-9583-CCA5EEB44B5D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {FF4FAC88-02D8-456E-8714-8FAE71E43949} - System32\Tasks\Lenovo\SROptimizer => C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\\SRORest.exe [2012-03-05] (Lenovo Group Limited)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3546548869-3357250835-2681684413-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4800\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3546548869-3357250835-2681684413-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4800\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3546548869-3357250835-2681684413-1000Core.job => C:\Users\ed\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3546548869-3357250835-2681684413-1000Core1d12be423885e70.job => C:\Users\ed\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3546548869-3357250835-2681684413-1000Core1d12ca4176be857.job => C:\Users\ed\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3546548869-3357250835-2681684413-1000Core1d15d90c660ee8.job => C:\Users\ed\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-02-10 16:18 - 2012-04-10 20:37 - 01183096 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-31 22:29 - 2016-04-20 04:10 - 08919232 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2015-07-25 01:12 - 2015-04-17 06:07 - 00105472 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2016-03-31 22:27 - 2016-04-03 04:34 - 00172224 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2014-02-10 16:20 - 2010-10-26 14:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2013-02-20 00:34 - 2013-02-20 00:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-03-31 22:30 - 2016-04-20 04:10 - 08919240 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-02-10 16:09 - 2011-06-29 22:09 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2014-02-10 16:09 - 2011-06-29 22:09 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2015-03-26 23:17 - 2015-03-26 23:17 - 00059904 _____ () C:\Program Files (x86)\WePrint\zlib1.dll
2013-07-18 14:28 - 2013-07-18 14:28 - 01013536 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\QtNetwork4.dll
2013-07-18 14:28 - 2013-07-18 14:28 - 02610464 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\QtCore4.dll
2013-07-18 14:28 - 2013-07-18 14:28 - 00389408 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\QtXml4.dll
2013-07-18 14:28 - 2013-07-18 14:28 - 00407328 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\sqlite3.dll
2013-07-18 14:28 - 2013-07-18 14:28 - 00328992 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\log4cplus.dll
2013-07-18 14:28 - 2013-07-18 14:28 - 00028448 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\osEvents.dll
2013-07-18 14:27 - 2013-07-18 14:27 - 00202528 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\libgsoap.dll
2013-07-18 14:28 - 2013-07-18 14:28 - 00069408 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\zlib1.dll
2013-07-18 14:29 - 2013-07-18 14:29 - 00473376 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\plugin\PServerPlugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\...\serverdata.net -> hxxps://lvsllc.serverdata.net
IE trusted site: HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\...\sharepoint.com -> hxxps://lvsllc.sharepoint.com
IE trusted site: HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-04-25 12:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3546548869-3357250835-2681684413-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B06C8574-90C5-4FA2-A76F-9945AFB21E5E}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{300FD06E-451E-48D5-B9F1-5A982F8692C9}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{72125A0A-26EF-4992-96BC-A8958800D7B3}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{C259CB19-1B51-4E6A-993C-F3E2655D7B28}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{A4CA0F4D-8FD6-4F80-AB84-0F4D0C09AACD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{F65C08D0-5B78-42E9-9BCA-B5066F80EA5B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{E2A3CFB6-5278-40D3-9BAD-9DA5981D177B}C:\program files (x86)\weprint\weprint server.exe] => (Allow) C:\program files (x86)\weprint\weprint server.exe
FirewallRules: [UDP Query User{C5E15EB5-ACC0-4267-86AF-52493DC55331}C:\program files (x86)\weprint\weprint server.exe] => (Allow) C:\program files (x86)\weprint\weprint server.exe
FirewallRules: [{68E58969-E006-4A9C-8CCA-53EA33998E28}] => (Allow) C:\Users\ed\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{77956F6D-3C04-41C5-814A-4A6122471506}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{059A6282-86B3-42B6-A5D2-42AC0F718E13}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B88EC646-95E8-4B6E-8326-27C286174E66}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{630E8FC5-758B-4BFF-B6E2-3E7AB0D3BA4D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{513E512A-F7A7-49A2-B27F-AC6125F43AE6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{39E20D34-2751-444D-A119-32D277AFBA3C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{419BF96A-20D9-40AC-A2EE-90F34F4CF19B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{37CBBD6B-E304-4427-8DB1-36C8EF1D327B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{212EFB8E-D979-44F5-9C7A-07F8F841BA9F}C:\program files (x86)\weprint\weprint server.exe] => (Allow) C:\program files (x86)\weprint\weprint server.exe
FirewallRules: [UDP Query User{6E132E81-FA19-4F50-96DA-59F142EBD2E0}C:\program files (x86)\weprint\weprint server.exe] => (Allow) C:\program files (x86)\weprint\weprint server.exe
FirewallRules: [{E1795ACD-84DF-48BD-B6A8-5968E5B18683}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE2FA860-2075-40BB-BB71-AEE415C67C6A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EAE96274-8FCE-4991-B42D-DB76D10DBC96}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{25108EAA-A8C6-411D-BCEE-69A1F49AC6AF}] => (Allow) C:\Users\ed\AppData\Local\Temp\nsiAED6.tmp\CnetInstaller-10493998.exe
FirewallRules: [{67C78E31-180B-40FB-907A-10168E467260}] => (Allow) C:\Users\ed\AppData\Local\Temp\nsiAED6.tmp\CnetInstaller-10493998.exe
FirewallRules: [{F1147CC0-8631-498F-909A-D618504943B3}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{3A3DBB10-36AB-4AEA-92BF-D6AFBFE9AC23}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{92972E53-8B1C-40BC-84BA-971850B53A45}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CEBE78B3-D9EC-487A-8BB2-F56B2A36A0F2}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{889EE22E-F66F-47D3-B20A-029E2195CF96}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8012CFCA-FFCB-40ED-98C6-03D3CBBAF2AD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{124AB4FA-9BD1-4D86-8990-4EE8F491475B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{32C8B74D-C0E0-422A-B32D-6BC47C5C7BD0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{80519D71-6C75-4486-A240-16D7C0AE07A2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91F96B62-E8A4-438A-A8A0-4412BF00B53E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26203297-00FC-4CD7-A6C9-DCC5E5BBA502}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{642255D0-6E41-4231-A62B-E31924F68FAE}] => (Allow) LPort=2869
FirewallRules: [{D70D4862-013E-4E1F-A772-48512DCE0CE5}] => (Allow) LPort=1900
FirewallRules: [{2F221C09-0DF2-4080-ABA2-E92182277146}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{08EED5D2-1196-414B-A8A3-51B90FF5E3A7}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{D651C592-8ECE-4CD2-941B-338DBBD2EE41}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{8FBF9162-076F-4F5F-B488-C93C70A7B163}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{B7167C86-AF5D-4F58-BDD5-05470584B386}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{D0082125-9548-4723-A3C1-4C10D428627E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{86A1D715-9364-4307-B9D1-CABF1A830124}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{935D47C6-7367-41F4-B9B4-AD175FC41329}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{57817801-3C38-42B8-A2EB-63856694D0BC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{C61E6DED-2B4A-465E-92FA-6D8D520DAFB9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{DA7A9120-724D-4CED-B25B-9E4989A7C5B6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-04-2016 06:23:07 Revo Uninstaller's restore point - Mozilla Firefox 45.0.2 (x86 en-US)
24-04-2016 06:25:16 Revo Uninstaller's restore point - Google Chrome
24-04-2016 07:00:03 Windows Live Essentials
24-04-2016 07:01:04 Installed DirectX
24-04-2016 07:02:24 Installed DirectX
24-04-2016 23:46:11 Revo Uninstaller's restore point - SpyHunter 4
24-04-2016 23:51:47 Revo Uninstaller's restore point - SpyHunter 4
25-04-2016 00:46:53 Revo Uninstaller's restore point - Google Chrome
25-04-2016 13:36:05 JRT Pre-Junkware Removal
25-04-2016 17:04:10 Checkpoint by HitmanPro
25-04-2016 17:24:13 JRT Pre-Junkware Removal
25-04-2016 22:32:58 Restore Point Created by FRST
25-04-2016 22:43:48 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2016 10:27:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2223232

Error: (04/25/2016 10:27:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2223232

Error: (04/25/2016 10:27:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/25/2016 07:14:04 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/25/2016 12:10:27 PM) (Source: MsiInstaller) (EventID: 11920) (User: ed-PC)
Description: Product: Adobe Acrobat DC -- Error 1920.Service Print Spooler (Spooler) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (04/25/2016 12:09:22 PM) (Source: MsiInstaller) (EventID: 11920) (User: ed-PC)
Description: Product: Adobe Acrobat DC -- Error 1920.Service Print Spooler (Spooler) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (04/25/2016 12:07:39 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Adobe Acrobat DC.; Error = 0x8007043c).

Error: (04/25/2016 12:07:16 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Adobe Acrobat DC.; Error = 0x8007043c).

Error: (04/25/2016 11:53:24 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {bd76c8c4-a29e-4453-8ade-b984570ab857}

Error: (04/25/2016 11:53:24 AM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {bd76c8c4-a29e-4453-8ade-b984570ab857}

System errors:
=============
Error: (04/25/2016 11:07:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/25/2016 11:05:33 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume Windows encountered a non-retryable error and could not start.  The data contains the error code.

Error: (04/25/2016 11:05:25 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (04/25/2016 11:05:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069

Error: (04/25/2016 11:05:25 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/25/2016 11:05:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (04/25/2016 11:04:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/25/2016 11:04:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Power Manager Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/25/2016 11:04:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Screen Reading Optimizer Service Program service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/25/2016 11:04:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

CodeIntegrity:
===================================
  Date: 2016-04-25 12:00:50.840
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-25 12:00:50.809
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-25 12:00:50.778
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-25 12:00:50.746
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-13 23:16:06.476
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-13 23:16:06.445
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-13 23:16:06.429
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-13 23:16:06.398
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-31 21:53:32.811
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-31 21:53:32.780
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 48%
Total physical RAM: 8075.23 MB
Available physical RAM: 4167.25 MB
Total Virtual: 16148.68 MB
Available Virtual: 12388.34 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:288.41 GB) (Free:167.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0E153634)
Partition 1: (Active) - (Size=9.7 GB) - (Type=27)
Partition 2: (Not Active) - (Size=288.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#8 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 AM

Posted 25 April 2016 - 10:43 PM

Hello :)

Update please, how is the machine running? We still have some steps to go, but I need to know how the machine is doing. :thumbup2:

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#9 edcolandra

edcolandra
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metuchen, NJ
  • Local time:07:02 AM

Posted 26 April 2016 - 12:26 PM

Hi and thank you

 

No change at all

 

Just got another popup blocked by Malwarebytes who now wants a fee to block future popups... thats a new one.

 

Since this site wouldn't let me paste as an image, I have included it as an attachment

 

 

Attached Files



#10 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 AM

Posted 26 April 2016 - 05:30 PM

Hello :)

Please run AdwCleaner again, and when the scan completes, please press the Cleaning button. The log you posted shows only that there was a scan run. Please post the log that will be produced upon reboot. :thumbup2:


Things I need to see in your next post:

AdwCleaner Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#11 edcolandra

edcolandra
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metuchen, NJ
  • Local time:07:02 AM

Posted 26 April 2016 - 07:14 PM

Thank you.

Here's the report after I just ran the CLEAN process

# AdwCleaner v5.021 - Logfile created 14/11/2015 at 23:21:38
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : ed - ED-PC
# Running from : C:\Users\ed\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\ed\AppData\Roaming\Mozilla\Firefox\Profiles\b53oleg4.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[-] Folder Deleted : C:\Users\ed\AppData\Roaming\Mozilla\Firefox\Profiles\b53oleg4.default\Extensions\anttoolbar@ant.com

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion

***** [ Web browsers ] *****

[-] [C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\ed\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search provided by yahoo.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2199 bytes] ##########
# AdwCleaner v5.113 - Logfile created 26/04/2016 at 20:08:58
# Updated 24/04/2016 by Xplode
# Database : 2016-04-24.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : ed - ED-PC
# Running from : C:\Users\ed\Desktop\bleeping\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: Firewall settings cleared
:: IPSec settings cleared
:: BITS queue cleared
:: IE policies deleted
:: Chrome policies deleted

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [6873 bytes] - [24/04/2016 21:19:40]
C:\AdwCleaner\AdwCleaner[C2].txt - [3213 bytes] - [15/11/2015 00:21:38]
C:\AdwCleaner\AdwCleaner[R0].txt - [2175 bytes] - [25/03/2015 14:57:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [2272 bytes] - [25/03/2015 15:00:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [6739 bytes] - [24/04/2016 21:16:26]
C:\AdwCleaner\AdwCleaner[S2].txt - [3211 bytes] - [15/11/2015 00:20:23]
C:\AdwCleaner\AdwCleaner[S3].txt - [1203 bytes] - [26/04/2016 20:07:52]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3651 bytes] ##########



#12 edcolandra

edcolandra
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metuchen, NJ
  • Local time:07:02 AM

Posted 26 April 2016 - 08:20 PM

And just to check...the problem remains... just got this pop up (blocked by MalwareBytes)

 

Attached File  liveadexchange popup.PNG   9.24KB   0 downloads

 

 



#13 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 AM

Posted 26 April 2016 - 09:10 PM

Hello :)

Thank you for the update, let's run some scans with MBAM and ESET Online scanner. :thumbup2:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes


Start the program and select Update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.




Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#14 edcolandra

edcolandra
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metuchen, NJ
  • Local time:07:02 AM

Posted 27 April 2016 - 02:50 AM

OK Here you go

First is the ESET log

There is only ONE line in it as follows

Update Init
Update Download
Update Finalize
Updated modules version: 29259

However, it did find three threats which does not appear that it cleaned. I captured them as well as follows:

C:\$RECYCLE.BIN\S-1-5-21-3546548869-3357250835-2681684413-1000\$RXD1QJZ.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\ed\Downloads\FreemakeVideoConverterSetup.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\ed\Downloads\FreeVideoFlipAndRotate.exe a variant of Win32/OpenCandy.A potentially unsafe application

(Note I emptied the recycle bin and deleted the two files that it considered threats)

 

MBAM Log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/27/2016
Scan Time: 1:14 AM
Logfile: MWBA.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.27.01
Rootkit Database: v2016.04.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ed

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 405470
Time Elapsed: 45 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


Edited by edcolandra, 27 April 2016 - 02:53 AM.


#15 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 AM

Posted 27 April 2016 - 06:34 AM

(Note I emptied the recycle bin and deleted the two files that it considered threats)


Hello :)

Ok, thank you for letting me know. Let's take a look with MiniToolBox. Also, is Chrome the only browser attempting to contact the malicious site?


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable it after you have completed the steps.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Things I need to see in your next post:

Result.txt

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users