Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

*btrll.com cerificate message


  • This topic is locked This topic is locked
7 replies to this topic

#1 Tandrus

Tandrus

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 04 August 2017 - 10:55 AM

I am getting a lot (over 50) of certificate invalid messages when I bring up Microsoft Edge web Browser.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by Rick (administrator) on LENOVO-PC (04-08-2017 11:39:59)
Running from C:\Users\Rick\AppData\Local\Microsoft\Windows\INetCache\IE\0LOOHCIH
Loaded Profiles: Rick (Available Profiles: Rick & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Bacula\bacula-fd.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Microsoft) C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(© 2015 Microsoft Corporation) C:\Users\Rick\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(BOSaNOVA) C:\Program Files\BOSaNOVA\BOSaNOVA Secure\Bsmdemul.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\lenovo\Lenovo Solution Center\LSCNotify.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HpDeviceDetection3.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1360600 2013-10-29] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2327440 2014-07-07] (Trend Micro Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2059896466-1161418347-2834966404-1001\...\Run: [BingSvc] => C:\Users\Rick\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2059896466-1161418347-2834966404-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2059896466-1161418347-2834966404-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-2059896466-1161418347-2834966404-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-2059896466-1161418347-2834966404-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-07-08] (Apple Inc.)
Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2017-06-12]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Copy 1).lnk [2015-01-13]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Copy 1).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2017-08-04]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{3AE09FB9-0E8C-492A-B854-406BCC3A10DB}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{7A9FF46A-4360-4F33-BB75-6D2AE18948FE}: [DhcpNameServer] 99.99.99.53 99.99.99.153

Internet Explorer:
==================
HKU\S-1-5-21-2059896466-1161418347-2834966404-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2059896466-1161418347-2834966404-1001 -> {D8A91381-F17A-43CF-8ED0-1E0121D5FC8E} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2014-01-27] (Trend Micro Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2014-01-27] (Trend Micro Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2014-01-27] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2014-01-27] (Trend Micro Inc.)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{21541D23-FDA1-4bf3-8AF2-8F623BF70B07}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey [2015-06-30] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-17] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2059896466-1161418347-2834966404-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-2059896466-1161418347-2834966404-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/"
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default [2017-03-30]
CHR Extension: (SafeSearch Incognito) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcfjamiccddlpmlldidfdgobpdblfbbm [2017-03-30]
CHR Extension: (Norton Identity Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-23]
CHR HKLM\...\Chrome\Extension: [eblihieomkjeiobglmnbmidkajdcfkpa] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eblihieomkjeiobglmnbmidkajdcfkpa] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Bacula-fd; C:\Program Files\Bacula\bacula-fd.exe [2301760 2012-06-28] () [File not signed]
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [25184 2013-08-09] (Microsoft) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 IdeaTouch.LocalDataServer.Game; C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe [7680 2013-01-17] (Microsoft) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [84280 2013-08-19] (Maxthon)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [4638784 2014-07-07] (Trend Micro Inc.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-06-09] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [572432 2012-05-04] (Trend Micro Inc.)
R3 tmccsf; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\tmccsf.exe [701064 2014-04-07] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [4628200 2014-07-07] (Trend Micro Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-04] (Malwarebytes)
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 RSP2STOR; C:\windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-04] (Realtek Semiconductor Corp.)
S3 RTWlanE; C:\windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
S2 tmactmon; C:\windows\system32\DRIVERS\tmactmon.sys [82296 2012-04-20] (Trend Micro Inc.)
S1 tmcomm; C:\windows\system32\DRIVERS\tmcomm.sys [165232 2012-04-13] (Trend Micro Inc.)
R0 TMEBC; C:\windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\windows\system32\DRIVERS\tmeevw.sys [102712 2014-02-14] (Trend Micro Inc.)
S2 tmevtmgr; C:\windows\system32\DRIVERS\tmevtmgr.sys [64304 2012-04-20] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [393944 2017-03-21] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [66776 2017-03-21] (Trend Micro Inc.)
R3 tmusa; C:\windows\system32\DRIVERS\tmusa.sys [94008 2014-02-19] (Trend Micro Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-06-23] ()
R3 vmuacflt; C:\windows\System32\Drivers\vmuacflt.sys [15872 2013-04-22] (Vimicro Corporation)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2621144 2017-03-21] (Trend Micro Inc.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-02 13:22 - 2017-08-02 13:22 - 000579487 _____ C:\Users\Rick\Documents\crosslin po 359262.pdf
2017-07-27 14:36 - 2017-07-27 14:36 - 000222688 _____ C:\Users\Rick\Documents\credit reference.pdf
2017-07-26 13:35 - 2017-07-26 13:35 - 000310795 _____ C:\Users\Rick\Documents\CROSSLIN PO 358729 B.pdf
2017-07-26 13:31 - 2017-07-26 13:32 - 000311720 _____ C:\Users\Rick\Documents\crosslin po 358729 b.pdf
2017-07-26 13:16 - 2017-07-26 13:16 - 000566797 _____ C:\Users\Rick\Documents\Harlan po 7562.pdf
2017-07-21 14:39 - 2017-07-21 14:39 - 000228657 _____ C:\Users\Rick\Documents\CROSSLIN PO 358729 A.pdf
2017-07-20 15:20 - 2017-07-20 15:20 - 000251296 _____ C:\Users\Rick\Documents\Christmas Lumber po GB 720179.pdf
2017-07-20 14:51 - 2017-07-20 14:51 - 000860380 _____ C:\Users\Rick\Documents\crosslin po 358693 A - C.pdf
2017-07-20 13:39 - 2017-07-20 13:39 - 000316795 _____ C:\Users\Rick\Documents\Harlan po 7532.pdf
2017-07-20 10:27 - 2017-07-20 10:27 - 000000000 _____ C:\autoexec.bat
2017-07-20 09:28 - 2017-07-20 09:28 - 000558501 _____ C:\Users\Rick\Documents\crosslin po 358471.pdf
2017-07-14 07:49 - 2017-07-14 07:49 - 000000000 ____D C:\windows\net35
2017-07-14 07:49 - 2017-07-14 07:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Lenovo
2017-07-14 07:49 - 2017-06-09 16:09 - 000002092 _____ C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk
2017-07-14 07:49 - 2017-06-09 16:09 - 000002092 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk
2017-07-14 07:49 - 2017-06-09 16:09 - 000002092 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk
2017-07-13 08:45 - 2017-07-13 08:45 - 000601894 _____ C:\Users\Rick\Documents\Harlan po 7483.pdf
2017-07-12 14:50 - 2017-07-12 14:50 - 001033428 _____ C:\Users\Rick\Documents\Somerset pos 50533 & 50534.pdf
2017-07-12 08:44 - 2017-07-12 08:44 - 000494792 _____ C:\Users\Rick\Documents\Mt Vernon & Whitley City Credits.pdf
2017-07-12 08:24 - 2017-06-29 02:27 - 025734656 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-07-12 08:24 - 2017-06-29 01:44 - 005975552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-07-12 08:24 - 2017-06-29 01:23 - 020270592 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-07-12 08:24 - 2017-06-29 00:58 - 015253504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-07-12 08:24 - 2017-06-29 00:52 - 004549632 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-07-12 08:24 - 2017-06-29 00:43 - 013663744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-07-12 08:24 - 2017-06-29 00:41 - 001545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-07-12 08:24 - 2017-06-29 00:24 - 001314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-07-12 08:24 - 2017-06-22 10:22 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-07-12 08:24 - 2017-06-17 12:45 - 003631616 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2017-07-12 08:24 - 2017-06-17 12:34 - 002749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2017-07-12 08:24 - 2017-06-17 12:11 - 002551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2017-07-12 08:24 - 2017-06-17 12:05 - 001920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2017-07-12 08:24 - 2017-06-15 18:02 - 000990040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2017-07-12 08:24 - 2017-06-15 09:45 - 007440728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-07-12 08:24 - 2017-06-15 09:45 - 001674520 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-07-12 08:24 - 2017-06-15 09:45 - 001534064 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2017-07-12 08:24 - 2017-06-15 09:45 - 001499920 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-07-12 08:24 - 2017-06-15 09:45 - 001370320 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2017-07-12 08:24 - 2017-06-11 17:00 - 000962560 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-07-12 08:24 - 2017-06-11 16:31 - 000781312 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-07-12 08:24 - 2017-06-11 11:15 - 002013528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2017-07-12 08:24 - 2017-06-06 16:42 - 000925696 _____ (Microsoft Corporation) C:\windows\system32\autoconv.exe
2017-07-12 08:24 - 2017-06-06 15:03 - 000837632 _____ (Microsoft Corporation) C:\windows\SysWOW64\autoconv.exe
2017-07-12 08:24 - 2017-06-03 12:27 - 002346496 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2017-07-12 08:24 - 2017-06-03 12:03 - 001549312 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2017-07-12 08:24 - 2017-04-27 21:13 - 001292288 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2017-07-12 08:23 - 2017-06-29 02:02 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-07-12 08:23 - 2017-06-29 01:50 - 000817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-07-12 08:23 - 2017-06-29 01:23 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-07-12 08:23 - 2017-06-29 01:17 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2017-07-12 08:23 - 2017-06-29 01:13 - 000663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-07-12 08:23 - 2017-06-29 01:09 - 000806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-07-12 08:23 - 2017-06-29 00:53 - 003240960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-07-12 08:23 - 2017-06-29 00:51 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2017-07-12 08:23 - 2017-06-29 00:47 - 000693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-07-12 08:23 - 2017-06-29 00:29 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-07-12 08:23 - 2017-06-29 00:28 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-07-12 08:23 - 2017-06-29 00:23 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-07-12 08:23 - 2017-06-27 10:29 - 007796736 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2017-07-12 08:23 - 2017-06-27 10:29 - 007077376 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2017-07-12 08:23 - 2017-06-27 10:26 - 005274112 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2017-07-12 08:23 - 2017-06-27 10:26 - 005268992 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2017-07-12 08:23 - 2017-06-15 09:45 - 000086360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
2017-07-12 08:23 - 2017-06-11 20:06 - 000376672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
2017-07-12 08:23 - 2017-06-11 18:21 - 000590848 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2017-07-12 08:23 - 2017-06-11 17:43 - 000371200 _____ (Microsoft Corporation) C:\windows\system32\msinfo32.exe
2017-07-12 08:23 - 2017-06-11 17:25 - 000478720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2017-07-12 08:23 - 2017-06-11 17:15 - 001436672 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2017-07-12 08:23 - 2017-06-11 17:08 - 000358912 _____ (Microsoft Corporation) C:\windows\system32\Wldap32.dll
2017-07-12 08:23 - 2017-06-11 17:07 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2017-07-12 08:23 - 2017-06-11 16:58 - 000334336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msinfo32.exe
2017-07-12 08:23 - 2017-06-11 16:40 - 001323008 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2017-07-12 08:23 - 2017-06-11 16:35 - 000325120 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wldap32.dll
2017-07-12 08:23 - 2017-06-06 16:52 - 003120640 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2017-07-12 08:23 - 2017-06-06 16:38 - 000039424 _____ (Microsoft Corporation) C:\windows\system32\cnvfat.dll
2017-07-12 08:23 - 2017-06-06 16:36 - 000168448 _____ (Microsoft Corporation) C:\windows\system32\uudf.dll
2017-07-12 08:23 - 2017-06-06 16:36 - 000020992 _____ (Microsoft Corporation) C:\windows\system32\convert.exe
2017-07-12 08:23 - 2017-06-06 16:35 - 000517120 _____ (Microsoft Corporation) C:\windows\system32\uReFS.dll
2017-07-12 08:23 - 2017-06-06 15:13 - 000177664 _____ (Microsoft Corporation) C:\windows\system32\ulib.dll
2017-07-12 08:23 - 2017-06-06 15:11 - 000557568 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2017-07-12 08:23 - 2017-06-06 15:11 - 000220672 _____ (Microsoft Corporation) C:\windows\system32\ifsutil.dll
2017-07-12 08:23 - 2017-06-06 15:11 - 000131072 _____ (Microsoft Corporation) C:\windows\system32\ufat.dll
2017-07-12 08:23 - 2017-06-06 15:11 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\uexfat.dll
2017-07-12 08:23 - 2017-06-06 15:08 - 002712576 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2017-07-12 08:23 - 2017-06-06 14:59 - 000034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\cnvfat.dll
2017-07-12 08:23 - 2017-06-06 14:57 - 000141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\uudf.dll
2017-07-12 08:23 - 2017-06-06 14:56 - 000375296 _____ (Microsoft Corporation) C:\windows\SysWOW64\uReFS.dll
2017-07-12 08:23 - 2017-06-06 14:03 - 000143360 _____ (Microsoft Corporation) C:\windows\SysWOW64\ulib.dll
2017-07-12 08:23 - 2017-06-06 14:02 - 000513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2017-07-12 08:23 - 2017-06-06 14:02 - 000197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\ifsutil.dll
2017-07-12 08:23 - 2017-06-06 14:02 - 000106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\ufat.dll
2017-07-12 08:23 - 2017-06-06 14:02 - 000074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\uexfat.dll
2017-07-12 08:23 - 2017-05-31 17:20 - 000470360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2017-07-12 08:23 - 2017-05-15 18:09 - 000057688 ____C (Microsoft Corporation) C:\windows\system32\Drivers\stornvme.sys
2017-07-12 08:23 - 2017-05-15 16:03 - 000379744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2017-07-12 08:23 - 2017-05-09 10:37 - 000658432 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2017-07-12 08:23 - 2017-05-09 10:35 - 000555520 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2017-07-12 08:23 - 2017-05-09 10:29 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsdchngr.dll
2017-07-12 08:23 - 2017-05-09 10:29 - 000014848 _____ (Microsoft Corporation) C:\windows\system32\snmptrap.exe
2017-07-12 08:23 - 2017-05-09 10:28 - 000193024 _____ (Microsoft Corporation) C:\windows\system32\DAFWSD.dll
2017-07-12 08:23 - 2017-05-09 10:28 - 000030208 _____ (Microsoft Corporation) C:\windows\system32\wsdchngr.dll
2017-07-12 08:23 - 2017-05-09 10:12 - 000448576 _____ C:\windows\system32\ApnDatabase.xml
2017-07-12 08:23 - 2017-05-06 12:45 - 001114624 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2017-07-12 08:23 - 2017-05-06 12:41 - 000056832 _____ (Microsoft Corporation) C:\windows\system32\rdsdwmdr.dll
2017-07-12 08:23 - 2017-05-02 16:09 - 000686592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2017-07-12 08:23 - 2017-05-02 16:08 - 000415744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2017-07-12 08:23 - 2017-05-02 16:08 - 000243200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2017-07-12 08:23 - 2017-05-02 14:41 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2017-07-12 08:23 - 2017-05-02 14:31 - 000329216 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2017-07-12 08:23 - 2017-05-02 14:31 - 000207360 _____ (Microsoft Corporation) C:\windows\system32\smbwmiv2.dll
2017-07-12 08:23 - 2017-05-02 13:35 - 000031744 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2017-07-12 08:23 - 2017-04-30 12:48 - 000080078 _____ C:\windows\system32\normidna.nls
2017-07-12 08:23 - 2017-04-27 21:11 - 001060352 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2017-07-12 08:15 - 2017-05-03 19:11 - 000103600 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2017-07-12 08:15 - 2017-05-03 09:43 - 001555968 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2017-07-12 08:15 - 2017-05-03 09:43 - 001206272 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2017-07-12 08:15 - 2017-05-03 09:43 - 000620544 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2017-07-12 08:15 - 2017-05-03 09:43 - 000535552 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2017-07-12 08:15 - 2017-05-03 09:43 - 000325632 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2017-07-12 08:15 - 2017-05-03 09:43 - 000311296 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2017-07-12 08:15 - 2017-05-03 09:43 - 000217088 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2017-07-12 08:15 - 2017-05-03 09:43 - 000127488 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2017-07-07 11:22 - 2017-07-07 11:22 - 000002425 _____ C:\Users\Public\Desktop\Langdale Industries - LogMeIn Rescue Calling Card.lnk
2017-07-07 11:22 - 2017-07-07 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Langdale Industries - LogMeIn Rescue Calling Card
2017-07-07 11:22 - 2017-07-07 11:22 - 000000000 ____D C:\Program Files (x86)\LogMeIn Rescue Calling Card
2017-07-06 11:16 - 2017-07-06 11:16 - 001400588 _____ C:\Users\Rick\Documents\crosslin po 358077 A - D.pdf
2017-07-06 09:38 - 2017-07-06 09:38 - 000296222 _____ C:\Users\Rick\Documents\Harlan po 7428.pdf
2017-07-05 12:09 - 2017-07-05 12:09 - 000544010 _____ C:\Users\Rick\Documents\Harlan po 7427.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-04 11:39 - 2016-06-23 13:27 - 000000000 ____D C:\FRST
2017-08-04 09:25 - 2014-06-12 01:19 - 000109056 _____ C:\Users\Rick\Desktop\Lumber Pricing 2014.xls
2017-08-04 08:12 - 2014-06-11 02:17 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2059896466-1161418347-2834966404-1001
2017-08-04 08:02 - 2016-11-09 14:49 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\Adblock Plus for IE
2017-08-04 07:49 - 2015-05-15 08:03 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-04 07:49 - 2014-06-11 03:49 - 000003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{8FE9DF51-43B2-4A5B-AA16-4E5079A584F0}
2017-08-04 07:47 - 2015-11-30 10:35 - 000000000 ___RD C:\Users\Rick\iCloudDrive
2017-08-04 07:46 - 2017-01-25 08:55 - 000253856 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-04 07:45 - 2014-06-11 02:11 - 000000000 ____D C:\Users\Rick
2017-08-04 07:45 - 2013-08-22 10:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-08-02 10:33 - 2014-06-11 04:28 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Nitro PDF
2017-08-01 11:25 - 2016-12-30 12:11 - 000003160 _____ C:\windows\System32\Tasks\HPCeeScheduleForRick
2017-08-01 11:25 - 2016-12-30 12:11 - 000000348 _____ C:\windows\Tasks\HPCeeScheduleForRick.job
2017-08-01 08:11 - 2013-08-22 11:36 - 000000000 ____D C:\windows\AppReadiness
2017-07-31 08:09 - 2013-08-22 09:36 - 000000000 ____D C:\windows\Inf
2017-07-20 12:08 - 2013-08-22 09:25 - 000262144 ___SH C:\windows\system32\config\BBI
2017-07-20 11:04 - 2016-10-17 11:32 - 000000000 ____D C:\Users\Rick\AppData\Local\6c90
2017-07-20 08:42 - 2013-08-22 11:36 - 000000000 ____D C:\windows\rescache
2017-07-20 08:28 - 2014-09-08 13:15 - 000000000 ____D C:\Users\Rick\AppData\Local\ElevatedDiagnostics
2017-07-20 08:28 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-07-20 07:52 - 2013-12-22 07:44 - 000000000 ____D C:\ProgramData\Lenovo
2017-07-14 13:19 - 2017-01-13 15:26 - 000524674 _____ C:\Users\Rick\Documents\corbin treated lumber truck.pdf
2017-07-14 10:41 - 2015-06-14 12:07 - 000000000 ____D C:\Users\Rick\AppData\Local\CrashDumps
2017-07-14 07:49 - 2015-09-14 08:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2017-07-14 07:49 - 2014-08-08 08:40 - 000000000 ____D C:\windows\System32\Tasks\TVT
2017-07-14 07:49 - 2013-12-22 07:56 - 000000000 ____D C:\Program Files (x86)\Lenovo
2017-07-14 07:49 - 2013-12-22 07:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-07-13 16:55 - 2013-08-22 10:44 - 000422888 _____ C:\windows\system32\FNTCACHE.DAT
2017-07-13 16:44 - 2014-12-11 15:40 - 000000000 ____D C:\windows\system32\appraiser
2017-07-13 08:25 - 2014-06-11 04:50 - 000000000 ____D C:\windows\system32\MRT
2017-07-13 08:20 - 2014-06-11 04:50 - 135225752 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-07-13 08:19 - 2013-08-22 11:20 - 000000000 ____D C:\windows\CbsTemp
2017-07-12 16:39 - 2017-01-25 08:55 - 000077376 _____ C:\windows\system32\Drivers\mbae64.sys
2017-07-12 07:59 - 2016-04-05 08:38 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-07 11:25 - 2013-08-31 11:40 - 000880736 _____ C:\windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2014-06-11 02:12 - 2014-06-11 02:12 - 000000193 _____ () C:\Users\Rick\AppData\Local\RegisteredPackageInformation.xml
2014-06-12 02:06 - 2014-06-12 02:06 - 000000057 _____ () C:\ProgramData\Ament.ini
2013-12-22 07:43 - 2013-12-22 07:43 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2015-11-12 09:01 - 2015-11-12 09:01 - 000144008 _____ (© 2015 Microsoft Corporation) C:\Users\Rick\AppData\Local\Temp\BingSvc.exe
2015-09-09 15:19 - 2015-11-12 09:01 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\Rick\AppData\Local\Temp\BSvcProcessor.exe
2015-09-09 15:19 - 2015-11-12 09:01 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\Rick\AppData\Local\Temp\BSvcUpdater.exe
2015-09-09 15:09 - 2016-03-14 16:02 - 002612880 _____ (Microsoft Corporation) C:\Users\Rick\AppData\Local\Temp\DefaultPack.EXE
2016-06-23 13:21 - 2015-03-23 17:58 - 001498872 _____ (Microsoft Corporation) C:\Users\Rick\AppData\Local\Temp\dllnt_dump.dll
2014-06-11 03:57 - 2011-03-14 08:31 - 000149352 ____R (Microsoft Corporation) C:\Users\Rick\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-31 08:16

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Rick (04-08-2017 11:41:34)
Running from C:\Users\Rick\AppData\Local\Microsoft\Windows\INetCache\IE\0LOOHCIH
Windows 8.1 (Update) (X64) (2014-06-11 06:11:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2059896466-1161418347-2834966404-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2059896466-1161418347-2834966404-501 - Limited - Disabled)
Rick (S-1-5-21-2059896466-1161418347-2834966404-1001 - Administrator - Enabled) => C:\Users\Rick

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
AngryBirds (HKLM-x32\...\{20CE0033-8F3D-464B-8BA2-A08EB0F27FD3}) (Version: 1.01.0618 - Rovio)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bacula (HKLM-x32\...\Bacula) (Version: 5.2.10 - )
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BOSaNOVA Secure (HKLM\...\BOSaNOVA Secure) (Version: 8.08.0 - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Comparing (HKLM-x32\...\{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd) Hidden
Comparing (HKLM-x32\...\InstallShield_{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM-x32\...\{1D2682EA-75DD-44B6-BF2D-CD3C49EAD012}) (Version: 1.6.38.01 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0903 - Lenovo)
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version: - SEIKO EPSON Corporation)
Find the Differences (HKLM-x32\...\{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd) Hidden
Find the Differences (HKLM-x32\...\InstallShield_{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (HKLM-x32\...\{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Fruits (HKLM-x32\...\{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Fruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
GamePortal (HKLM-x32\...\{AD741B21-068E-413B-89C6-C4E03FD3CDE2}) (Version: 5.0.013.0128 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.4.19.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.7.27.15 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Langdale Industries - LogMeIn Rescue Calling Card (HKLM-x32\...\{0ED150A3-DC6A-4716-0F0C-B069C6F12107}) (Version: 7.8.658 - LogMeIn, Inc.)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.18 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5723.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5723.52 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0059 - Lenovo)
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Mammals (HKLM-x32\...\{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Mammals (HKLM-x32\...\InstallShield_{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Matching Roles (HKLM-x32\...\{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30F729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla)
Mozilla Thunderbird 38.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.1.0 (x86 en-US)) (Version: 38.1.0 - Mozilla)
Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
Puzzle (HKLM-x32\...\{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
Puzzle (HKLM-x32\...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
sudoku (HKLM-x32\...\{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
timer (HKLM-x32\...\{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
timer (HKLM-x32\...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
TnI CheckExplorer Project (HKLM\...\{EBFA3741-71F4-48C3-BEAE-B140AEDCC19B}) (Version: 1.0.0.2 - TPV-INVENTA TECHNOLOGY CO., LTD.) Hidden
TnI CheckExplorer Project (HKLM-x32\...\InstallShield_{EBFA3741-71F4-48C3-BEAE-B140AEDCC19B}) (Version: 1.0.0.2 - TPV-INVENTA TECHNOLOGY CO., LTD.)
Trend Micro OfficeScan Agent (HKLM-x32\...\OfficeScanNT) (Version: 11.0.1028 - Trend Micro Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2059896466-1161418347-2834966404-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-2059896466-1161418347-2834966404-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2013-08-17] (Nitro PDF)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-07-08] (Apple Inc.)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-09-30] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02D1A367-7C8F-4AEB-9AB6-9B819A778087} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-06-09] ()
Task: {04A38F3B-78AF-45C6-8C42-0CE69714F557} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {052681C2-1B16-4EFE-B124-CB270D1D61D4} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe
Task: {0E090947-8F2D-4233-BC0B-D502A4D2F997} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {1132ECF8-3E94-42D0-BFAC-BA6E95EB9F93} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] ()
Task: {18F2DCD2-126A-4FA8-A423-3BDC3683E68D} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2015-05-08] (Maxthon International ltd.)
Task: {22358C45-C8A6-4CB6-B6D9-00CB2F20BF44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {27E82448-1DF3-45D6-BB3B-14FDB4A091B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {2B1B038D-0B7E-4BBD-A6D4-22D49B085797} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {35CDB4D2-AA48-4B26-A9A0-6B11CB7DE243} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {37957F05-FC59-4BF0-88C0-881BD1A5F3CC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {475FC68A-BC1F-4422-BE29-566736256B18} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-06-28] (HP Inc.)
Task: {61CC3E05-9777-4B68-AC20-9E5257105CE4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe
Task: {64E22619-C257-4316-A4F5-08B62B322B9E} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-09-09] (Dolby Laboratories Inc.)
Task: {6A13D2C3-763F-4988-91DA-D5DB1FD2A251} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {6E8E0533-FCE2-4DCF-A8BF-CC601BCCD629} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {75568230-E094-4FB0-9961-D3D04CA6606F} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-06-09] ()
Task: {80FCB4A2-185D-4B24-82E4-1DA83613FB33} - System32\Tasks\Joke1 => C:\Test.vbs [2014-09-24] ()
Task: {85236750-68AA-453E-A712-5CD35C85D9E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {91B9C43C-DA9A-433E-B259-3AB60B2458CE} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {96616422-2A91-4190-A51C-529AAC9DF520} - System32\Tasks\Message from the ladies at LFP => C:\Rick.vbs [2014-09-24] ()
Task: {9827CAD0-8952-4D9C-A5F1-D5B89E99A34A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {9B38C446-AC48-4C7D-83A7-840583DD0458} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {A08031B8-3C58-465E-8D00-F61523BE02D7} - System32\Tasks\Rick => C:\Test.vbs [2014-09-24] ()
Task: {A3986B58-734E-4602-9808-B05F9943DF3F} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe
Task: {A68FAE8B-C743-4E0C-AD1C-C03EE2471EC2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {AE784113-CF1A-419B-8999-A86155BAB000} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B6D7BD46-9BEF-40C6-A970-76FAD15A4268} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {B8E06C5B-1147-42E3-A7D4-CE673DF5C62F} - System32\Tasks\back up notification => C:\Sweetwater.vbs [2014-09-22] ()
Task: {BE90FD40-DAE7-45B4-B4AE-F94348A93DF5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN479150VK => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {EA1B305E-D93C-48BB-AD5D-40BBDDDDEDA9} - System32\Tasks\HPCeeScheduleForRick => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {EE4BEDE3-B274-47C0-B094-A043D4D3728B} - System32\Tasks\TnICheckExplorerFunction => C:\Program Files (x86)\TPV-INVENTA\TnI CheckExplorer Function\CheckExploer.exe [2013-11-25] (TPV-INVENTA TECHNOLOGY CO,LTD )
Task: {F142D9CE-8150-4F40-B29C-B9523F3A73E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {F910CE9E-B109-4462-9A9B-2C68BE4E14C7} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {FA14FE9D-AE0E-4E49-95BE-C426E847FA29} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\HPCeeScheduleForRick.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-10-05 19:17 - 2016-10-05 19:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-28 10:59 - 2012-06-28 10:59 - 002301760 _____ () C:\Program Files\Bacula\bacula-fd.exe
2012-06-28 10:59 - 2012-06-28 10:59 - 000360541 _____ () C:\Program Files\Bacula\pthreadGCE.dll
2012-06-28 10:59 - 2012-06-28 10:59 - 002207018 _____ () C:\Program Files\Bacula\bacula.dll
2012-06-28 10:59 - 2012-06-28 10:59 - 001586733 _____ () C:\Program Files\Bacula\cryptoeay32-0.9.8.dll
2012-06-28 10:59 - 2012-06-28 10:59 - 000387990 _____ () C:\Program Files\Bacula\ssleay32-0.9.8.dll
2013-12-22 07:43 - 2011-08-17 00:46 - 000032768 _____ () C:\Windows\jmesoft\Service.exe
2011-08-31 13:55 - 2011-08-31 13:55 - 000801792 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\sqlite3.dll
2013-12-22 07:59 - 2013-05-14 14:53 - 000390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2007-05-16 11:42 - 2007-05-16 11:42 - 000089088 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\zlibwapi.dll
2012-12-19 04:06 - 2012-12-19 04:06 - 001300480 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\libprotobuf.dll
2013-09-09 17:13 - 2013-09-09 17:13 - 000050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2013-01-16 10:19 - 2013-01-16 10:19 - 000048128 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_date_time-vc110-mt-1_49.dll
2013-04-02 12:25 - 2013-04-02 12:25 - 000675840 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\sqlite3.dll
2012-12-19 04:06 - 2012-12-19 04:06 - 001300480 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\libprotobuf.dll
2013-01-16 10:23 - 2013-01-16 10:23 - 000058368 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_thread-vc110-mt-1_49.dll
2013-12-22 07:43 - 2011-08-17 00:46 - 000024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2011-06-23 08:46 - 2011-06-23 08:46 - 000370176 _____ () C:\Program Files\BOSaNOVA\BOSaNOVA Secure\BSCLIC.DLL
2016-10-05 19:18 - 2016-10-05 19:18 - 001041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-05 19:18 - 2016-10-05 19:18 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-10-05 19:18 - 2016-10-05 19:18 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-12-22 07:43 - 2011-05-17 17:27 - 000028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 20:59 - 2009-12-04 20:59 - 000619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 21:04 - 2009-12-04 21:04 - 000013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2013-12-22 07:41 - 2013-09-03 20:52 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 ____N C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2059896466-1161418347-2834966404-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6237316D-D1FB-47C1-B68B-4723A7EB3A9D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{64B59F8A-2267-42E5-A1FA-5F5EBBD0AFCB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CBC06405-0D93-4627-9DA1-9D67579A1CE8}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F1CAAE02-F586-4D25-992F-E2861A5EE56E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{E579BD3F-8950-4100-A79F-92C1830B288D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{14A92633-8EA8-4EEF-9792-866C2BDC3959}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{163844D9-1A3B-4792-A9FD-A411CBF13696}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{6B05F384-C45C-41FD-9898-9C77EED7359E}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{FEB25F8A-2002-4F3E-94CE-D1A5ADC514ED}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{6D1CFE0D-5198-4037-82AF-75467A1908B4}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{6CF20C2D-D06C-4536-B37E-476CA599650E}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{9990F853-5900-4C1C-8614-7ACA5C8144E8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{19E6A818-3AD7-4BF0-A325-9A395CC1B89A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{4F65677A-ADAE-41EC-B584-B42468C17998}C:\program files\bosanova\bosanova secure\bsmdemul.exe] => (Allow) C:\program files\bosanova\bosanova secure\bsmdemul.exe
FirewallRules: [UDP Query User{95DB5D92-A16F-41D6-9018-CEB6021D40E0}C:\program files\bosanova\bosanova secure\bsmdemul.exe] => (Allow) C:\program files\bosanova\bosanova secure\bsmdemul.exe
FirewallRules: [{2FE4839B-16D4-4C20-A8AB-279D196DA807}] => (Allow) LPort=80
FirewallRules: [{0F250AC4-8910-4ACB-9402-C895D5B93D4A}] => (Allow) LPort=110
FirewallRules: [{D1F20F3F-23E1-46BA-A3C5-80B7267B6E77}] => (Allow) LPort=25
FirewallRules: [{067D5623-5850-4F67-8DC9-BFF98DDE02F4}] => (Allow) LPort=9102
FirewallRules: [{D575126B-62A2-4126-B974-39AFE2FA9BE3}] => (Allow) LPort=9102
FirewallRules: [{13661E00-930C-4213-B47C-E8D13DE63C73}] => (Allow) LPort=9101
FirewallRules: [{01EEDEDB-EB21-4E7D-9B67-77393C86A3DF}] => (Allow) LPort=9101
FirewallRules: [{65FBDDCD-AF78-4A87-A09F-EFA76BBDCA77}] => (Allow) LPort=9103
FirewallRules: [{1B38018E-95B0-46C1-844B-934ED16F633A}] => (Allow) LPort=9103
FirewallRules: [{7081FB3C-1173-4F70-AC4B-48870697B02B}] => (Allow) LPort=10000
FirewallRules: [{12AEF050-CB29-4865-9AC3-772233394DD6}] => (Allow) LPort=10000
FirewallRules: [{53EE020E-1603-49B2-9BF7-1E9444C36AF3}] => (Allow) C:\Users\Rick\AppData\Local\Temp\7zS26E5.tmp\SymNRT.exe
FirewallRules: [{85CE227D-6E7E-43A2-B532-509D20B640C9}] => (Allow) C:\Users\Rick\AppData\Local\Temp\7zS26E5.tmp\SymNRT.exe
FirewallRules: [{C79916E4-8E32-458F-A138-AA9D2DB0427D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A5B0C17A-1256-4166-A59D-ED42DE07C3E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8EA26D98-09C9-49B5-A110-ECBB7AB65E58}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4006531D-A1E0-4918-BC7C-0644D904B5B3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A9769D1A-6793-49EB-B1D3-F229695C5A73}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{CD53EADF-4D70-4D3C-A190-157E874D26D6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{3AB16AAF-175C-4101-85B2-D449BB99115E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{7567940D-198A-4F9D-A5AC-B615130220C7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{4AD12E67-BC6B-49FD-B77A-F26A9F319306}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{874A2F82-B376-4F15-B8BD-058F0AA9450C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{EEFEFDE2-F703-479F-809B-7B0520E13D9F}C:\program files\bosanova\bosanova secure\bsmdemul.exe] => (Allow) C:\program files\bosanova\bosanova secure\bsmdemul.exe
FirewallRules: [UDP Query User{5CFB9442-60DD-4323-B9AB-AB2F468DEE6B}C:\program files\bosanova\bosanova secure\bsmdemul.exe] => (Allow) C:\program files\bosanova\bosanova secure\bsmdemul.exe
FirewallRules: [{F04ED34B-0291-4572-9A0F-D9D077191D6C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{46072373-4587-48CA-BED2-32E26B3C2535}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E52A4C60-9C42-4340-ADC5-18D68583F7E6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E5148BAF-4D7A-47A0-8880-4F72BA647019}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{159DEED3-39C7-4E60-BCE1-979D7373358F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{454D049E-2F53-4165-BC19-20398B143DF7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{26845A37-B6DF-4F73-BC36-A154B370DF17}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{71CE8BAC-C3AC-4CCD-912F-3DF7D53C96B7}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{5BB347AA-6806-467E-A625-CB0A910DBB3B}] => (Allow) LPort=25774

==================== Restore Points =========================

20-07-2017 08:38:07 Scheduled Checkpoint
28-07-2017 07:54:49 Windows Update
04-08-2017 08:38:50 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: 1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
Description: 1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTWlanE
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2017 11:35:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: igd10iumd32.dll, version: 10.18.10.3316, time stamp: 0x524b007a
Exception code: 0xc0000005
Fault offset: 0x00093e67
Faulting process id: 0x1578
Faulting application start time: 0x01d30d3680da438c
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\windows\SYSTEM32\igd10iumd32.dll
Report Id: 85449f86-792a-11e7-82e0-0025ab4be089
Faulting package full name:
Faulting package-relative application ID:

Error: (08/04/2017 09:19:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: igd10iumd32.dll, version: 10.18.10.3316, time stamp: 0x524b007a
Exception code: 0xc0000005
Fault offset: 0x00093ef7
Faulting process id: 0x72c
Faulting application start time: 0x01d30d18aeb3d616
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\windows\SYSTEM32\igd10iumd32.dll
Report Id: 996c774e-7917-11e7-82e0-0025ab4be089
Faulting package full name:
Faulting package-relative application ID:

Error: (08/04/2017 08:00:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\bosanova\bosanova secure\WinKinit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2017 01:53:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: igd10iumd32.dll, version: 10.18.10.3316, time stamp: 0x524b007a
Exception code: 0xc0000005
Fault offset: 0x00093ef7
Faulting process id: 0x2f94
Faulting application start time: 0x01d30b9a0101d784
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\windows\SYSTEM32\igd10iumd32.dll
Report Id: 80672134-77ab-11e7-82df-0025ab4be089
Faulting package full name:
Faulting package-relative application ID:

Error: (08/02/2017 12:21:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\bosanova\bosanova secure\WinKinit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2017 12:59:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 Lenovo-PC.local. Addr 192.168.4.16

Error: (08/01/2017 12:59:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.4.119:5353 4 Lenovo-PC.local. Addr 192.168.4.119

Error: (08/01/2017 12:59:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 Lenovo-PC.local. Addr 192.168.4.16

Error: (08/01/2017 12:59:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.4.119:5353 4 Lenovo-PC.local. Addr 192.168.4.119

Error: (08/01/2017 09:18:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: igd10iumd32.dll, version: 10.18.10.3316, time stamp: 0x524b007a
Exception code: 0xc0000005
Fault offset: 0x00093e67
Faulting process id: 0x16d4
Faulting application start time: 0x01d30ac7feb04b77
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\windows\SYSTEM32\igd10iumd32.dll
Report Id: e8abfbe0-76bb-11e7-82df-0025ab4be089
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (08/04/2017 08:38:43 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (08/04/2017 08:38:11 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (08/04/2017 08:33:36 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (08/04/2017 08:33:06 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (08/04/2017 08:13:54 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (08/04/2017 08:13:24 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (08/04/2017 07:48:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Trend Micro Unauthorized Change Prevention Service service depends on the tmactmon service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 07:48:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The tmactmon service depends on the tmevtmgr service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 07:48:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The tmevtmgr service depends on the tmcomm service which failed to start because of the following error:
This driver has been blocked from loading

Error: (08/04/2017 07:48:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tmcomm service failed to start due to the following error:
This driver has been blocked from loading


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G3220T @ 2.60GHz
Percentage of memory in use: 59%
Total physical RAM: 4008.77 MB
Available physical RAM: 1643.47 MB
Total Virtual: 4712.77 MB
Available Virtual: 2265.53 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:837.24 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A499C9DF)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 08 August 2017 - 07:15 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:55 PM

Posted 08 August 2017 - 07:53 PM

Greetings Tandrus and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Do you know the date this started?

Does this only affect Edge?

Can you verify the date and time on your system clock is correct?

Do you recognize these?

Task: {80FCB4A2-185D-4B24-82E4-1DA83613FB33} - System32\Tasks\Joke1 => C:\Test.vbs [2014-09-24] ()
Task: {96616422-2A91-4190-A51C-529AAC9DF520} - System32\Tasks\Message from the ladies at LFP => C:\Rick.vbs [2014-09-24] ()
Task: {A08031B8-3C58-465E-8D00-F61523BE02D7} - System32\Tasks\Rick => C:\Test.vbs [2014-09-24] ()
Task: {B8E06C5B-1147-42E3-A7D4-CE673DF5C62F} - System32\Tasks\back up notification => C:\Sweetwater.vbs [2014-09-22] ()

Please do this.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
=================

Malwarebytes Junkware Removal Tool

-------------------===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2059896466-1161418347-2834966404-1001 -> {D8A91381-F17A-43CF-8ED0-1E0121D5FC8E} URL =
CHR HKLM\...\Chrome\Extension: [eblihieomkjeiobglmnbmidkajdcfkpa] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [eblihieomkjeiobglmnbmidkajdcfkpa] - <no Path/update_url>
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24}
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24}
Folder: C:\windows\net35
Folder: C:\Users\Rick\AppData\Local\6c90
emptytemp:
End::
  • Click Fix
  • Copy and paste the contents of the Fixlog.txt file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • Update on browser behavior

Edited by Oh My!, 08 August 2017 - 08:17 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Tandrus

Tandrus
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 10 August 2017 - 06:43 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2017
Ran by Rick (10-08-2017 07:31:08)
Running from E:\The Gambit
Windows 8.1 (Update) (X64) (2014-06-11 06:11:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2059896466-1161418347-2834966404-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2059896466-1161418347-2834966404-501 - Limited - Disabled)
Rick (S-1-5-21-2059896466-1161418347-2834966404-1001 - Administrator - Enabled) => C:\Users\Rick
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
AngryBirds (HKLM-x32\...\{20CE0033-8F3D-464B-8BA2-A08EB0F27FD3}) (Version: 1.01.0618 - Rovio)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bacula (HKLM-x32\...\Bacula) (Version: 5.2.10 - )
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BOSaNOVA Secure (HKLM\...\BOSaNOVA Secure) (Version: 8.08.0 - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Comparing (HKLM-x32\...\{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd) Hidden
Comparing (HKLM-x32\...\InstallShield_{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM-x32\...\{1D2682EA-75DD-44B6-BF2D-CD3C49EAD012}) (Version: 1.6.38.01 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0903 - Lenovo)
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version:  - SEIKO EPSON Corporation)
Find the Differences (HKLM-x32\...\{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd) Hidden
Find the Differences (HKLM-x32\...\InstallShield_{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (HKLM-x32\...\{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Fruits (HKLM-x32\...\{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Fruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
GamePortal (HKLM-x32\...\{AD741B21-068E-413B-89C6-C4E03FD3CDE2}) (Version: 5.0.013.0128 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.4.19.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.7.27.15 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Langdale Industries - LogMeIn Rescue Calling Card (HKLM-x32\...\{0ED150A3-DC6A-4716-0F0C-B069C6F12107}) (Version: 7.8.658 - LogMeIn, Inc.)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.18 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5723.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5723.52 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0059 - Lenovo)
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Mammals (HKLM-x32\...\{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Mammals (HKLM-x32\...\InstallShield_{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Matching Roles (HKLM-x32\...\{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla)
Mozilla Thunderbird 38.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.1.0 (x86 en-US)) (Version: 38.1.0 - Mozilla)
Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
Puzzle (HKLM-x32\...\{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
Puzzle (HKLM-x32\...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
sudoku (HKLM-x32\...\{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
timer (HKLM-x32\...\{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
timer (HKLM-x32\...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
TnI CheckExplorer Project (HKLM\...\{EBFA3741-71F4-48C3-BEAE-B140AEDCC19B}) (Version: 1.0.0.2 - TPV-INVENTA TECHNOLOGY CO., LTD.) Hidden
TnI CheckExplorer Project (HKLM-x32\...\InstallShield_{EBFA3741-71F4-48C3-BEAE-B140AEDCC19B}) (Version: 1.0.0.2 - TPV-INVENTA TECHNOLOGY CO., LTD.)
Trend Micro OfficeScan Agent (HKLM-x32\...\OfficeScanNT) (Version: 11.0.1028 - Trend Micro Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2059896466-1161418347-2834966404-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-2059896466-1161418347-2834966404-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2013-08-17] (Nitro PDF)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-07-08] (Apple Inc.)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-09-30] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02D1A367-7C8F-4AEB-9AB6-9B819A778087} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-06-09] ()
Task: {04A38F3B-78AF-45C6-8C42-0CE69714F557} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {052681C2-1B16-4EFE-B124-CB270D1D61D4} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe
Task: {0E090947-8F2D-4233-BC0B-D502A4D2F997} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {1132ECF8-3E94-42D0-BFAC-BA6E95EB9F93} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] ()
Task: {18F2DCD2-126A-4FA8-A423-3BDC3683E68D} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2015-05-08] (Maxthon International ltd.)
Task: {22358C45-C8A6-4CB6-B6D9-00CB2F20BF44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {27E82448-1DF3-45D6-BB3B-14FDB4A091B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {2B1B038D-0B7E-4BBD-A6D4-22D49B085797} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {37957F05-FC59-4BF0-88C0-881BD1A5F3CC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {475FC68A-BC1F-4422-BE29-566736256B18} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-06-28] (HP Inc.)
Task: {61CC3E05-9777-4B68-AC20-9E5257105CE4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe
Task: {64E22619-C257-4316-A4F5-08B62B322B9E} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-09-09] (Dolby Laboratories Inc.)
Task: {6A13D2C3-763F-4988-91DA-D5DB1FD2A251} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {6E8E0533-FCE2-4DCF-A8BF-CC601BCCD629} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {75568230-E094-4FB0-9961-D3D04CA6606F} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-06-09] ()
Task: {80FCB4A2-185D-4B24-82E4-1DA83613FB33} - System32\Tasks\Joke1 => C:\Test.vbs [2014-09-24] ()
Task: {85236750-68AA-453E-A712-5CD35C85D9E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {85F11632-8B60-4C16-BCC0-0BEAB590D6E0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {91B9C43C-DA9A-433E-B259-3AB60B2458CE} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {96616422-2A91-4190-A51C-529AAC9DF520} - System32\Tasks\Message from the ladies at LFP => C:\Rick.vbs [2014-09-24] ()
Task: {9827CAD0-8952-4D9C-A5F1-D5B89E99A34A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {9B38C446-AC48-4C7D-83A7-840583DD0458} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {A08031B8-3C58-465E-8D00-F61523BE02D7} - System32\Tasks\Rick => C:\Test.vbs [2014-09-24] ()
Task: {A3986B58-734E-4602-9808-B05F9943DF3F} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe
Task: {A68FAE8B-C743-4E0C-AD1C-C03EE2471EC2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {AE784113-CF1A-419B-8999-A86155BAB000} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B6D7BD46-9BEF-40C6-A970-76FAD15A4268} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {B8E06C5B-1147-42E3-A7D4-CE673DF5C62F} - System32\Tasks\back up notification => C:\Sweetwater.vbs [2014-09-22] ()
Task: {BE90FD40-DAE7-45B4-B4AE-F94348A93DF5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN479150VK => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {EC453E04-AA14-4D62-B669-58DB257B1410} - System32\Tasks\HPCeeScheduleForRick => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {EE4BEDE3-B274-47C0-B094-A043D4D3728B} - System32\Tasks\TnICheckExplorerFunction => C:\Program Files (x86)\TPV-INVENTA\TnI CheckExplorer Function\CheckExploer.exe [2013-11-25] (TPV-INVENTA TECHNOLOGY CO,LTD )
Task: {F142D9CE-8150-4F40-B29C-B9523F3A73E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {F910CE9E-B109-4462-9A9B-2C68BE4E14C7} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {FA14FE9D-AE0E-4E49-95BE-C426E847FA29} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\HPCeeScheduleForRick.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-10-05 19:17 - 2016-10-05 19:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-28 10:59 - 2012-06-28 10:59 - 002301760 _____ () C:\Program Files\Bacula\bacula-fd.exe
2012-06-28 10:59 - 2012-06-28 10:59 - 000360541 _____ () C:\Program Files\Bacula\pthreadGCE.dll
2012-06-28 10:59 - 2012-06-28 10:59 - 002207018 _____ () C:\Program Files\Bacula\bacula.dll
2012-06-28 10:59 - 2012-06-28 10:59 - 001586733 _____ () C:\Program Files\Bacula\cryptoeay32-0.9.8.dll
2012-06-28 10:59 - 2012-06-28 10:59 - 000387990 _____ () C:\Program Files\Bacula\ssleay32-0.9.8.dll
2013-12-22 07:43 - 2011-08-17 00:46 - 000032768 _____ () C:\Windows\jmesoft\Service.exe
2011-08-31 13:55 - 2011-08-31 13:55 - 000801792 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\sqlite3.dll
2013-12-22 07:59 - 2013-05-14 14:53 - 000390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2007-05-16 11:42 - 2007-05-16 11:42 - 000089088 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\zlibwapi.dll
2012-12-19 04:06 - 2012-12-19 04:06 - 001300480 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\libprotobuf.dll
2013-01-16 10:19 - 2013-01-16 10:19 - 000048128 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_date_time-vc110-mt-1_49.dll
2013-04-02 12:25 - 2013-04-02 12:25 - 000675840 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\sqlite3.dll
2012-12-19 04:06 - 2012-12-19 04:06 - 001300480 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\libprotobuf.dll
2013-01-16 10:23 - 2013-01-16 10:23 - 000058368 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_thread-vc110-mt-1_49.dll
2017-07-14 07:49 - 2017-06-09 16:11 - 000023416 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2016-10-05 19:18 - 2016-10-05 19:18 - 001041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-05 19:18 - 2016-10-05 19:18 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-10-05 19:18 - 2016-10-05 19:18 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-12-22 07:41 - 2013-09-03 20:52 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 ____N C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2059896466-1161418347-2834966404-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6237316D-D1FB-47C1-B68B-4723A7EB3A9D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{64B59F8A-2267-42E5-A1FA-5F5EBBD0AFCB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CBC06405-0D93-4627-9DA1-9D67579A1CE8}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F1CAAE02-F586-4D25-992F-E2861A5EE56E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{E579BD3F-8950-4100-A79F-92C1830B288D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{14A92633-8EA8-4EEF-9792-866C2BDC3959}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{163844D9-1A3B-4792-A9FD-A411CBF13696}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{6B05F384-C45C-41FD-9898-9C77EED7359E}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{FEB25F8A-2002-4F3E-94CE-D1A5ADC514ED}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{6D1CFE0D-5198-4037-82AF-75467A1908B4}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{6CF20C2D-D06C-4536-B37E-476CA599650E}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{9990F853-5900-4C1C-8614-7ACA5C8144E8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{19E6A818-3AD7-4BF0-A325-9A395CC1B89A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{4F65677A-ADAE-41EC-B584-B42468C17998}C:\program files\bosanova\bosanova secure\bsmdemul.exe] => (Allow) C:\program files\bosanova\bosanova secure\bsmdemul.exe
FirewallRules: [UDP Query User{95DB5D92-A16F-41D6-9018-CEB6021D40E0}C:\program files\bosanova\bosanova secure\bsmdemul.exe] => (Allow) C:\program files\bosanova\bosanova secure\bsmdemul.exe
FirewallRules: [{2FE4839B-16D4-4C20-A8AB-279D196DA807}] => (Allow) LPort=80
FirewallRules: [{0F250AC4-8910-4ACB-9402-C895D5B93D4A}] => (Allow) LPort=110
FirewallRules: [{D1F20F3F-23E1-46BA-A3C5-80B7267B6E77}] => (Allow) LPort=25
FirewallRules: [{067D5623-5850-4F67-8DC9-BFF98DDE02F4}] => (Allow) LPort=9102
FirewallRules: [{D575126B-62A2-4126-B974-39AFE2FA9BE3}] => (Allow) LPort=9102
FirewallRules: [{13661E00-930C-4213-B47C-E8D13DE63C73}] => (Allow) LPort=9101
FirewallRules: [{01EEDEDB-EB21-4E7D-9B67-77393C86A3DF}] => (Allow) LPort=9101
FirewallRules: [{65FBDDCD-AF78-4A87-A09F-EFA76BBDCA77}] => (Allow) LPort=9103
FirewallRules: [{1B38018E-95B0-46C1-844B-934ED16F633A}] => (Allow) LPort=9103
FirewallRules: [{7081FB3C-1173-4F70-AC4B-48870697B02B}] => (Allow) LPort=10000
FirewallRules: [{12AEF050-CB29-4865-9AC3-772233394DD6}] => (Allow) LPort=10000
FirewallRules: [{53EE020E-1603-49B2-9BF7-1E9444C36AF3}] => (Allow) C:\Users\Rick\AppData\Local\Temp\7zS26E5.tmp\SymNRT.exe
FirewallRules: [{85CE227D-6E7E-43A2-B532-509D20B640C9}] => (Allow) C:\Users\Rick\AppData\Local\Temp\7zS26E5.tmp\SymNRT.exe
FirewallRules: [{C79916E4-8E32-458F-A138-AA9D2DB0427D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A5B0C17A-1256-4166-A59D-ED42DE07C3E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8EA26D98-09C9-49B5-A110-ECBB7AB65E58}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4006531D-A1E0-4918-BC7C-0644D904B5B3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A9769D1A-6793-49EB-B1D3-F229695C5A73}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{CD53EADF-4D70-4D3C-A190-157E874D26D6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{3AB16AAF-175C-4101-85B2-D449BB99115E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{7567940D-198A-4F9D-A5AC-B615130220C7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{4AD12E67-BC6B-49FD-B77A-F26A9F319306}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{874A2F82-B376-4F15-B8BD-058F0AA9450C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{EEFEFDE2-F703-479F-809B-7B0520E13D9F}C:\program files\bosanova\bosanova secure\bsmdemul.exe] => (Allow) C:\program files\bosanova\bosanova secure\bsmdemul.exe
FirewallRules: [UDP Query User{5CFB9442-60DD-4323-B9AB-AB2F468DEE6B}C:\program files\bosanova\bosanova secure\bsmdemul.exe] => (Allow) C:\program files\bosanova\bosanova secure\bsmdemul.exe
FirewallRules: [{F04ED34B-0291-4572-9A0F-D9D077191D6C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{46072373-4587-48CA-BED2-32E26B3C2535}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E52A4C60-9C42-4340-ADC5-18D68583F7E6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E5148BAF-4D7A-47A0-8880-4F72BA647019}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{159DEED3-39C7-4E60-BCE1-979D7373358F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{26845A37-B6DF-4F73-BC36-A154B370DF17}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{71CE8BAC-C3AC-4CCD-912F-3DF7D53C96B7}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{5BEC5C0B-52AB-4256-9805-B8618E179022}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D022D5FC-AAAB-4657-9B02-B6DCE9103136}] => (Allow) LPort=25774
 
==================== Restore Points =========================
 
20-07-2017 08:38:07 Scheduled Checkpoint
28-07-2017 07:54:49 Windows Update
04-08-2017 08:38:50 Scheduled Checkpoint
10-08-2017 07:18:58 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: 1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
Description: 1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTWlanE
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/10/2017 01:48:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\bosanova\bosanova secure\WinKinit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/09/2017 01:53:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\bosanova\bosanova secure\WinKinit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/08/2017 07:55:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\bosanova\bosanova secure\WinKinit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/07/2017 07:54:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\bosanova\bosanova secure\WinKinit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/04/2017 11:35:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: igd10iumd32.dll, version: 10.18.10.3316, time stamp: 0x524b007a
Exception code: 0xc0000005
Fault offset: 0x00093e67
Faulting process id: 0x1578
Faulting application start time: 0x01d30d3680da438c
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\windows\SYSTEM32\igd10iumd32.dll
Report Id: 85449f86-792a-11e7-82e0-0025ab4be089
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/04/2017 09:19:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: igd10iumd32.dll, version: 10.18.10.3316, time stamp: 0x524b007a
Exception code: 0xc0000005
Fault offset: 0x00093ef7
Faulting process id: 0x72c
Faulting application start time: 0x01d30d18aeb3d616
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\windows\SYSTEM32\igd10iumd32.dll
Report Id: 996c774e-7917-11e7-82e0-0025ab4be089
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/04/2017 08:00:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\bosanova\bosanova secure\WinKinit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/02/2017 01:53:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: igd10iumd32.dll, version: 10.18.10.3316, time stamp: 0x524b007a
Exception code: 0xc0000005
Fault offset: 0x00093ef7
Faulting process id: 0x2f94
Faulting application start time: 0x01d30b9a0101d784
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\windows\SYSTEM32\igd10iumd32.dll
Report Id: 80672134-77ab-11e7-82df-0025ab4be089
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/02/2017 12:21:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\bosanova\bosanova secure\WinKinit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/01/2017 12:59:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:    4 Lenovo-PC.local. Addr 192.168.4.16
 
 
System errors:
=============
Error: (08/10/2017 07:29:00 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (08/10/2017 07:28:30 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (08/10/2017 07:28:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240055: 2017-08 Security Update for Adobe Flash Player for Windows 8.1 for x64-based Systems (KB4034662).
 
Error: (08/10/2017 07:13:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Trend Micro Unauthorized Change Prevention Service service depends on the tmactmon service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/10/2017 07:13:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The tmactmon service depends on the tmevtmgr service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/10/2017 07:13:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The tmevtmgr service depends on the tmcomm service which failed to start because of the following error: 
This driver has been blocked from loading
 
Error: (08/10/2017 07:13:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tmcomm service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (08/10/2017 07:13:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tmcomm service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (08/10/2017 07:13:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Trend Micro Unauthorized Change Prevention Service service depends on the tmactmon service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/10/2017 07:13:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The tmactmon service depends on the tmevtmgr service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G3220T @ 2.60GHz
Percentage of memory in use: 42%
Total physical RAM: 4008.77 MB
Available physical RAM: 2286.84 MB
Total Virtual: 4712.77 MB
Available Virtual: 3081.31 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:834.68 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:7.45 GB) (Free:6.65 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A499C9DF)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: A93EFA56)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)
 
==================== End of Addition.txt ============================
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 x64 
Ran by Rick (Administrator) on Thu 08/10/2017 at  7:18:56.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D8A91381-F17A-43CF-8ED0-1E0121D5FC8E} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/10/2017 at  7:22:29.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2017
Ran by Rick (administrator) on LENOVO-PC (10-08-2017 07:29:52)
Running from E:\The Gambit
Loaded Profiles: Rick (Available Profiles: Rick & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Bacula\bacula-fd.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Microsoft) C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1360600 2013-10-29] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2327440 2014-07-07] (Trend Micro Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2059896466-1161418347-2834966404-1001\...\Run: [BingSvc] => C:\Users\Rick\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2059896466-1161418347-2834966404-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2059896466-1161418347-2834966404-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-2059896466-1161418347-2834966404-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-2059896466-1161418347-2834966404-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-07-08] (Apple Inc.)
Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2017-06-12]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Copy 1).lnk [2015-01-13]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Copy 1).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2017-08-10]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{3AE09FB9-0E8C-492A-B854-406BCC3A10DB}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{7A9FF46A-4360-4F33-BB75-6D2AE18948FE}: [DhcpNameServer] 99.99.99.53 99.99.99.153
 
Internet Explorer:
==================
HKU\S-1-5-21-2059896466-1161418347-2834966404-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2014-01-27] (Trend Micro Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2014-01-27] (Trend Micro Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2014-01-27] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2014-01-27] (Trend Micro Inc.)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{21541D23-FDA1-4bf3-8AF2-8F623BF70B07}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey [2015-06-30] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-17] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2059896466-1161418347-2834966404-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-2059896466-1161418347-2834966404-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> safe.search.tools
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/"
CHR DefaultSearchURL: Default -> hxxp://safe.search.tools/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> safe.search.tools
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default [2017-08-09]
CHR Extension: (SafeSearch) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcfjamiccddlpmlldidfdgobpdblfbbm [2017-08-09]
CHR Extension: (Norton Identity Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-09]
CHR HKLM\...\Chrome\Extension: [eblihieomkjeiobglmnbmidkajdcfkpa] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eblihieomkjeiobglmnbmidkajdcfkpa] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Bacula-fd; C:\Program Files\Bacula\bacula-fd.exe [2301760 2012-06-28] () [File not signed]
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [25184 2013-08-09] (Microsoft) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 IdeaTouch.LocalDataServer.Game; C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe [7680 2013-01-17] (Microsoft) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [84280 2013-08-19] (Maxthon)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [4638784 2014-07-07] (Trend Micro Inc.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-06-09] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [572432 2012-05-04] (Trend Micro Inc.)
R3 tmccsf; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\tmccsf.exe [701064 2014-04-07] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [4628200 2014-07-07] (Trend Micro Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-10] (Malwarebytes)
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 RSP2STOR; C:\windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-04] (Realtek Semiconductor Corp.)
S3 RTWlanE; C:\windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
S2 tmactmon; C:\windows\system32\DRIVERS\tmactmon.sys [82296 2012-04-20] (Trend Micro Inc.)
S1 tmcomm; C:\windows\system32\DRIVERS\tmcomm.sys [165232 2012-04-13] (Trend Micro Inc.)
R0 TMEBC; C:\windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\windows\system32\DRIVERS\tmeevw.sys [102712 2014-02-14] (Trend Micro Inc.)
S2 tmevtmgr; C:\windows\system32\DRIVERS\tmevtmgr.sys [64304 2012-04-20] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [393944 2017-03-21] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [66776 2017-03-21] (Trend Micro Inc.)
R3 tmusa; C:\windows\system32\DRIVERS\tmusa.sys [94008 2014-02-19] (Trend Micro Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-06-23] ()
R3 vmuacflt; C:\windows\System32\Drivers\vmuacflt.sys [15872 2013-04-22] (Vimicro Corporation)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2621144 2017-03-21] (Trend Micro Inc.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-07 07:46 - 2017-04-21 17:53 - 000029376 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2017-08-07 07:46 - 2017-04-21 17:53 - 000018600 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll
2017-08-07 07:46 - 2017-04-21 17:50 - 000030912 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2017-08-07 07:46 - 2017-04-21 17:50 - 000018592 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll
2017-08-07 07:46 - 2017-04-11 14:27 - 000987840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2017-08-07 07:46 - 2017-04-11 14:27 - 000485576 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2017-08-07 07:46 - 2017-03-15 14:15 - 000993632 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2017-08-07 07:46 - 2017-03-15 14:15 - 000690008 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2017-08-04 11:54 - 2017-08-04 11:54 - 000045139 _____ C:\Users\Rick\Desktop\Addition.txt
2017-08-04 11:54 - 2017-08-04 11:54 - 000042278 _____ C:\Users\Rick\Desktop\FRST.txt
2017-08-02 13:22 - 2017-08-02 13:22 - 000579487 _____ C:\Users\Rick\Documents\crosslin po 359262.pdf
2017-07-27 14:36 - 2017-07-27 14:36 - 000222688 _____ C:\Users\Rick\Documents\credit reference.pdf
2017-07-26 13:35 - 2017-07-26 13:35 - 000310795 _____ C:\Users\Rick\Documents\CROSSLIN PO 358729  B.pdf
2017-07-26 13:31 - 2017-07-26 13:32 - 000311720 _____ C:\Users\Rick\Documents\crosslin po 358729 b.pdf
2017-07-26 13:16 - 2017-07-26 13:16 - 000566797 _____ C:\Users\Rick\Documents\Harlan po 7562.pdf
2017-07-21 14:39 - 2017-07-21 14:39 - 000228657 _____ C:\Users\Rick\Documents\CROSSLIN PO 358729 A.pdf
2017-07-20 15:20 - 2017-07-20 15:20 - 000251296 _____ C:\Users\Rick\Documents\Christmas Lumber po GB 720179.pdf
2017-07-20 14:51 - 2017-07-20 14:51 - 000860380 _____ C:\Users\Rick\Documents\crosslin po 358693  A - C.pdf
2017-07-20 13:39 - 2017-07-20 13:39 - 000316795 _____ C:\Users\Rick\Documents\Harlan po 7532.pdf
2017-07-20 10:27 - 2017-07-20 10:27 - 000000000 _____ C:\autoexec.bat
2017-07-20 09:28 - 2017-07-20 09:28 - 000558501 _____ C:\Users\Rick\Documents\crosslin po 358471.pdf
2017-07-14 07:49 - 2017-07-14 07:49 - 000000000 ____D C:\windows\net35
2017-07-14 07:49 - 2017-07-14 07:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Lenovo
2017-07-14 07:49 - 2017-06-09 16:09 - 000002092 _____ C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk
2017-07-14 07:49 - 2017-06-09 16:09 - 000002092 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk
2017-07-14 07:49 - 2017-06-09 16:09 - 000002092 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk
2017-07-13 08:45 - 2017-07-13 08:45 - 000601894 _____ C:\Users\Rick\Documents\Harlan po 7483.pdf
2017-07-12 14:50 - 2017-07-12 14:50 - 001033428 _____ C:\Users\Rick\Documents\Somerset pos 50533 & 50534.pdf
2017-07-12 08:44 - 2017-07-12 08:44 - 000494792 _____ C:\Users\Rick\Documents\Mt Vernon & Whitley City Credits.pdf
2017-07-12 08:24 - 2017-06-29 02:27 - 025734656 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-07-12 08:24 - 2017-06-29 01:44 - 005975552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-07-12 08:24 - 2017-06-29 01:23 - 020270592 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-07-12 08:24 - 2017-06-29 00:58 - 015253504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-07-12 08:24 - 2017-06-29 00:52 - 004549632 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-07-12 08:24 - 2017-06-29 00:43 - 013663744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-07-12 08:24 - 2017-06-29 00:41 - 001545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-07-12 08:24 - 2017-06-29 00:24 - 001314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-07-12 08:24 - 2017-06-22 10:22 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-07-12 08:24 - 2017-06-17 12:45 - 003631616 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2017-07-12 08:24 - 2017-06-17 12:34 - 002749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2017-07-12 08:24 - 2017-06-17 12:11 - 002551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2017-07-12 08:24 - 2017-06-17 12:05 - 001920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2017-07-12 08:24 - 2017-06-15 18:02 - 000990040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2017-07-12 08:24 - 2017-06-15 09:45 - 007440728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-07-12 08:24 - 2017-06-15 09:45 - 001674520 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-07-12 08:24 - 2017-06-15 09:45 - 001534064 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2017-07-12 08:24 - 2017-06-15 09:45 - 001499920 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-07-12 08:24 - 2017-06-15 09:45 - 001370320 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2017-07-12 08:24 - 2017-06-11 17:00 - 000962560 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-07-12 08:24 - 2017-06-11 16:31 - 000781312 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-07-12 08:24 - 2017-06-11 11:15 - 002013528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2017-07-12 08:24 - 2017-06-06 16:42 - 000925696 _____ (Microsoft Corporation) C:\windows\system32\autoconv.exe
2017-07-12 08:24 - 2017-06-06 15:03 - 000837632 _____ (Microsoft Corporation) C:\windows\SysWOW64\autoconv.exe
2017-07-12 08:24 - 2017-06-03 12:27 - 002346496 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2017-07-12 08:24 - 2017-06-03 12:03 - 001549312 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2017-07-12 08:24 - 2017-04-27 21:13 - 001292288 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2017-07-12 08:23 - 2017-06-29 02:02 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-07-12 08:23 - 2017-06-29 01:50 - 000817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-07-12 08:23 - 2017-06-29 01:23 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-07-12 08:23 - 2017-06-29 01:17 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2017-07-12 08:23 - 2017-06-29 01:13 - 000663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-07-12 08:23 - 2017-06-29 01:09 - 000806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-07-12 08:23 - 2017-06-29 00:53 - 003240960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-07-12 08:23 - 2017-06-29 00:51 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2017-07-12 08:23 - 2017-06-29 00:47 - 000693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-07-12 08:23 - 2017-06-29 00:29 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-07-12 08:23 - 2017-06-29 00:28 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-07-12 08:23 - 2017-06-29 00:23 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-07-12 08:23 - 2017-06-27 10:29 - 007796736 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2017-07-12 08:23 - 2017-06-27 10:29 - 007077376 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2017-07-12 08:23 - 2017-06-27 10:26 - 005274112 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2017-07-12 08:23 - 2017-06-27 10:26 - 005268992 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2017-07-12 08:23 - 2017-06-15 09:45 - 000086360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
2017-07-12 08:23 - 2017-06-11 20:06 - 000376672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
2017-07-12 08:23 - 2017-06-11 18:21 - 000590848 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2017-07-12 08:23 - 2017-06-11 17:43 - 000371200 _____ (Microsoft Corporation) C:\windows\system32\msinfo32.exe
2017-07-12 08:23 - 2017-06-11 17:25 - 000478720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2017-07-12 08:23 - 2017-06-11 17:15 - 001436672 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2017-07-12 08:23 - 2017-06-11 17:08 - 000358912 _____ (Microsoft Corporation) C:\windows\system32\Wldap32.dll
2017-07-12 08:23 - 2017-06-11 17:07 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2017-07-12 08:23 - 2017-06-11 16:58 - 000334336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msinfo32.exe
2017-07-12 08:23 - 2017-06-11 16:40 - 001323008 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2017-07-12 08:23 - 2017-06-11 16:35 - 000325120 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wldap32.dll
2017-07-12 08:23 - 2017-06-06 16:52 - 003120640 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2017-07-12 08:23 - 2017-06-06 16:38 - 000039424 _____ (Microsoft Corporation) C:\windows\system32\cnvfat.dll
2017-07-12 08:23 - 2017-06-06 16:36 - 000168448 _____ (Microsoft Corporation) C:\windows\system32\uudf.dll
2017-07-12 08:23 - 2017-06-06 16:36 - 000020992 _____ (Microsoft Corporation) C:\windows\system32\convert.exe
2017-07-12 08:23 - 2017-06-06 16:35 - 000517120 _____ (Microsoft Corporation) C:\windows\system32\uReFS.dll
2017-07-12 08:23 - 2017-06-06 15:13 - 000177664 _____ (Microsoft Corporation) C:\windows\system32\ulib.dll
2017-07-12 08:23 - 2017-06-06 15:11 - 000557568 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2017-07-12 08:23 - 2017-06-06 15:11 - 000220672 _____ (Microsoft Corporation) C:\windows\system32\ifsutil.dll
2017-07-12 08:23 - 2017-06-06 15:11 - 000131072 _____ (Microsoft Corporation) C:\windows\system32\ufat.dll
2017-07-12 08:23 - 2017-06-06 15:11 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\uexfat.dll
2017-07-12 08:23 - 2017-06-06 15:08 - 002712576 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2017-07-12 08:23 - 2017-06-06 14:59 - 000034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\cnvfat.dll
2017-07-12 08:23 - 2017-06-06 14:57 - 000141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\uudf.dll
2017-07-12 08:23 - 2017-06-06 14:56 - 000375296 _____ (Microsoft Corporation) C:\windows\SysWOW64\uReFS.dll
2017-07-12 08:23 - 2017-06-06 14:03 - 000143360 _____ (Microsoft Corporation) C:\windows\SysWOW64\ulib.dll
2017-07-12 08:23 - 2017-06-06 14:02 - 000513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2017-07-12 08:23 - 2017-06-06 14:02 - 000197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\ifsutil.dll
2017-07-12 08:23 - 2017-06-06 14:02 - 000106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\ufat.dll
2017-07-12 08:23 - 2017-06-06 14:02 - 000074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\uexfat.dll
2017-07-12 08:23 - 2017-05-31 17:20 - 000470360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2017-07-12 08:23 - 2017-05-15 18:09 - 000057688 ____C (Microsoft Corporation) C:\windows\system32\Drivers\stornvme.sys
2017-07-12 08:23 - 2017-05-15 16:03 - 000379744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2017-07-12 08:23 - 2017-05-09 10:37 - 000658432 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2017-07-12 08:23 - 2017-05-09 10:35 - 000555520 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2017-07-12 08:23 - 2017-05-09 10:29 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsdchngr.dll
2017-07-12 08:23 - 2017-05-09 10:29 - 000014848 _____ (Microsoft Corporation) C:\windows\system32\snmptrap.exe
2017-07-12 08:23 - 2017-05-09 10:28 - 000193024 _____ (Microsoft Corporation) C:\windows\system32\DAFWSD.dll
2017-07-12 08:23 - 2017-05-09 10:28 - 000030208 _____ (Microsoft Corporation) C:\windows\system32\wsdchngr.dll
2017-07-12 08:23 - 2017-05-09 10:12 - 000448576 _____ C:\windows\system32\ApnDatabase.xml
2017-07-12 08:23 - 2017-05-06 12:45 - 001114624 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2017-07-12 08:23 - 2017-05-06 12:41 - 000056832 _____ (Microsoft Corporation) C:\windows\system32\rdsdwmdr.dll
2017-07-12 08:23 - 2017-05-02 16:09 - 000686592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2017-07-12 08:23 - 2017-05-02 16:08 - 000415744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2017-07-12 08:23 - 2017-05-02 16:08 - 000243200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2017-07-12 08:23 - 2017-05-02 14:41 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2017-07-12 08:23 - 2017-05-02 14:31 - 000329216 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2017-07-12 08:23 - 2017-05-02 14:31 - 000207360 _____ (Microsoft Corporation) C:\windows\system32\smbwmiv2.dll
2017-07-12 08:23 - 2017-05-02 13:35 - 000031744 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2017-07-12 08:23 - 2017-04-30 12:48 - 000080078 _____ C:\windows\system32\normidna.nls
2017-07-12 08:23 - 2017-04-27 21:11 - 001060352 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2017-07-12 08:15 - 2017-05-03 19:11 - 000103600 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2017-07-12 08:15 - 2017-05-03 09:43 - 001555968 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2017-07-12 08:15 - 2017-05-03 09:43 - 001206272 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2017-07-12 08:15 - 2017-05-03 09:43 - 000620544 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2017-07-12 08:15 - 2017-05-03 09:43 - 000535552 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2017-07-12 08:15 - 2017-05-03 09:43 - 000325632 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2017-07-12 08:15 - 2017-05-03 09:43 - 000311296 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2017-07-12 08:15 - 2017-05-03 09:43 - 000217088 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2017-07-12 08:15 - 2017-05-03 09:43 - 000127488 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-10 07:29 - 2016-06-23 13:27 - 000000000 ____D C:\FRST
2017-08-10 07:28 - 2013-08-22 11:20 - 000000000 ____D C:\windows\CbsTemp
2017-08-10 07:27 - 2014-06-11 02:17 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2059896466-1161418347-2834966404-1001
2017-08-10 07:22 - 2016-03-09 09:48 - 000000958 _____ C:\Users\Rick\Desktop\JRT.txt
2017-08-10 07:20 - 2014-06-11 04:28 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Nitro PDF
2017-08-10 07:11 - 2015-11-30 10:35 - 000000000 ___RD C:\Users\Rick\iCloudDrive
2017-08-10 07:10 - 2017-01-25 08:55 - 000253856 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-10 07:09 - 2014-06-11 05:43 - 000000000 ____D C:\Program Files\Google
2017-08-10 07:09 - 2014-06-11 05:42 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-10 07:09 - 2013-08-22 10:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-08-10 07:09 - 2013-08-22 09:25 - 000262144 ___SH C:\windows\system32\config\BBI
2017-08-10 07:05 - 2013-08-22 09:36 - 000000000 ____D C:\windows\Inf
2017-08-10 03:32 - 2014-06-11 03:49 - 000003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{8FE9DF51-43B2-4A5B-AA16-4E5079A584F0}
2017-08-09 22:07 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-09 22:07 - 2013-08-22 11:36 - 000000000 ____D C:\windows\AppReadiness
2017-08-09 15:35 - 2014-06-11 05:42 - 000000000 ____D C:\Users\Rick\AppData\Local\Google
2017-08-09 15:33 - 2013-08-31 11:40 - 000880736 _____ C:\windows\system32\PerfStringBackup.INI
2017-08-09 15:30 - 2016-06-23 13:09 - 000000000 ____D C:\AdwCleaner
2017-08-08 11:42 - 2016-12-30 12:11 - 000003160 _____ C:\windows\System32\Tasks\HPCeeScheduleForRick
2017-08-08 11:42 - 2016-12-30 12:11 - 000000348 _____ C:\windows\Tasks\HPCeeScheduleForRick.job
2017-08-08 10:42 - 2016-12-01 14:11 - 000508628 _____ C:\Users\Rick\Documents\Lumber King credits.pdf
2017-08-08 08:08 - 2014-06-11 05:43 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-08 08:08 - 2014-06-11 05:43 - 000002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-04 16:55 - 2014-06-11 02:11 - 000000000 ____D C:\Users\Rick
2017-08-04 13:38 - 2016-11-09 14:49 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\Adblock Plus for IE
2017-08-04 09:25 - 2014-06-12 01:19 - 000109056 _____ C:\Users\Rick\Desktop\Lumber Pricing 2014.xls
2017-08-04 07:49 - 2015-05-15 08:03 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-07-20 11:04 - 2016-10-17 11:32 - 000000000 ____D C:\Users\Rick\AppData\Local\6c90
2017-07-20 08:42 - 2013-08-22 11:36 - 000000000 ____D C:\windows\rescache
2017-07-20 08:28 - 2014-09-08 13:15 - 000000000 ____D C:\Users\Rick\AppData\Local\ElevatedDiagnostics
2017-07-20 07:52 - 2013-12-22 07:44 - 000000000 ____D C:\ProgramData\Lenovo
2017-07-14 13:19 - 2017-01-13 15:26 - 000524674 _____ C:\Users\Rick\Documents\corbin treated lumber truck.pdf
2017-07-14 10:41 - 2015-06-14 12:07 - 000000000 ____D C:\Users\Rick\AppData\Local\CrashDumps
2017-07-14 07:49 - 2015-09-14 08:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2017-07-14 07:49 - 2014-08-08 08:40 - 000000000 ____D C:\windows\System32\Tasks\TVT
2017-07-14 07:49 - 2013-12-22 07:56 - 000000000 ____D C:\Program Files (x86)\Lenovo
2017-07-14 07:49 - 2013-12-22 07:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-07-13 16:55 - 2013-08-22 10:44 - 000422888 _____ C:\windows\system32\FNTCACHE.DAT
2017-07-13 16:44 - 2014-12-11 15:40 - 000000000 ____D C:\windows\system32\appraiser
2017-07-13 08:25 - 2014-06-11 04:50 - 000000000 ____D C:\windows\system32\MRT
2017-07-13 08:20 - 2014-06-11 04:50 - 135225752 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-07-12 16:39 - 2017-01-25 08:55 - 000077376 _____ C:\windows\system32\Drivers\mbae64.sys
2017-07-12 07:59 - 2016-04-05 08:38 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories =======
 
2014-06-11 02:12 - 2014-06-11 02:12 - 000000193 _____ () C:\Users\Rick\AppData\Local\RegisteredPackageInformation.xml
2014-06-12 02:06 - 2014-06-12 02:06 - 000000057 _____ () C:\ProgramData\Ament.ini
2013-12-22 07:43 - 2013-12-22 07:43 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2015-11-12 09:01 - 2015-11-12 09:01 - 000144008 _____ (© 2015 Microsoft Corporation) C:\Users\Rick\AppData\Local\Temp\BingSvc.exe
2015-09-09 15:19 - 2015-11-12 09:01 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\Rick\AppData\Local\Temp\BSvcProcessor.exe
2015-09-09 15:19 - 2015-11-12 09:01 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\Rick\AppData\Local\Temp\BSvcUpdater.exe
2015-09-09 15:09 - 2016-03-14 16:02 - 002612880 _____ (Microsoft Corporation) C:\Users\Rick\AppData\Local\Temp\DefaultPack.EXE
2016-06-23 13:21 - 2015-03-23 17:58 - 001498872 _____ (Microsoft Corporation) C:\Users\Rick\AppData\Local\Temp\dllnt_dump.dll
2014-06-11 03:57 - 2011-03-14 08:31 - 000149352 ____R (Microsoft Corporation) C:\Users\Rick\AppData\Local\Temp\ose00000.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-09 01:13
 
==================== End of FRST.txt ============================
 
I have not seen the btrll.com message in a while now
 


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:55 PM

Posted 10 August 2017 - 08:20 AM

Greetings,

 

If you still desire assistance I need you to post the reports I requested in my reply. If you are all set now please let me know.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Tandrus

Tandrus
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 10 August 2017 - 09:10 AM

?

I posted the requested logs at 7:45 this morning. The computer seems to be fine now. I haven't seen the message come up today.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:55 PM

Posted 10 August 2017 - 02:15 PM

I do not see these 2 reports:

 

AdwCleaner log
Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:55 PM

Posted 13 August 2017 - 02:02 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:55 PM

Posted 15 August 2017 - 09:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users