Jump to content

Help with possibly infected computer


Recommended Posts

Hello,

I have noticed the past few months that Firefox is taking up a lot of my RAM.  I downloaded TCPView and have seen strange IP addresses from other countries running as System Processes. I have MB Premium and run it often, but it does not seem to come up with any viruses or malware.  Would someone be able to assist me with seeing if I am infected in any way?  I downloaded Farbar as instructed in the "I'm infected - What do I do now?" topic and created the two files (see below)

Any assistance would be greatly appreciated.

Thanks!

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Brian (administrator) on BG (09-04-2016 06:34:27)
Running from C:\Users\Brian\Downloads
Loaded Profiles: Brian (Available Profiles: Brian)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Brian\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Users\Brian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(AVAST Software) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Dropbox, Inc.) C:\Users\Brian\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser_crashreporter.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files\AVAST Software\Avast\avastnm.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files\AVAST Software\Avast\avastnm.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2016-01-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2016-01-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2016-01-03] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-08-15] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12119872 2015-11-12] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1178400 2015-07-06] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Run: [Spotify Web Helper] => C:\Users\Brian\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-07] (Spotify Ltd)
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Brian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [100200 2014-06-19] (AVAST Software)
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Run: [Dropbox Update] => C:\Users\Brian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-07] (AVAST Software)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-04-14]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-03-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-11-06]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9b915597-2db4-48ab-a82e-4445226ac6c6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c9bcc082-4677-46e8-a462-524267678b66}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000 -> DefaultScope {2F9D3D87-34AE-4F95-8B0B-9FE9D85694AD} URL = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000 -> {2F9D3D87-34AE-4F95-8B0B-9FE9D85694AD} URL = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS505
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
BHO: avast! EasyPass Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-06-19] (AVAST Software)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-07] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
BHO-x32: avast! EasyPass Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-06-19] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-06] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-07] (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-06] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-06-19] (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-06-19] (AVAST Software)
Toolbar: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {76CBDDBA-3897-4EAC-A1D3-CCC47DE82EFB} hxxps://nycisepolicy1.pace.edu:8443/auth/provisioning/download/bb619a42-8203-43b5-af7f-8ddcb084b1ad/taweb.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kfv3p8ye.default-1440240311736
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.nytimes.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-06] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-05-24] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4266057503-3983920057-3671705298-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Brian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-4266057503-3983920057-3671705298-1000: LWAPlugin15.8 -> C:\Users\Brian\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Brian\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-02-17] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Brian\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-02-14]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-20] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-07]
FF HKLM\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF
FF Extension: Avast Passwords - C:\Program Files\AVAST Software\Avast\pam\FF [2016-02-07]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client => not found
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: avast! EasyPass Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-06-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-07]
FF HKLM-x32\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF
FF HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

Chrome: 
=======
CHR Profile: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-05]
CHR Extension: (Google Docs) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-05]
CHR Extension: (Google Drive) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-05]
CHR Extension: (YouTube) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-05]
CHR Extension: (Google Search) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-05]
CHR Extension: (Google Sheets) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-05]
CHR Extension: (Google Docs Offline) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-05]
CHR Extension: (Gmail) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-07] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [119128 2016-02-07] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-10-13] (Macrovision Europe Ltd.) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
S4 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [67848 2016-03-10] (Hewlett-Packard)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255096 2015-12-05] (Synaptics Incorporated)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-10] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [552880 2016-02-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-07] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-03-18] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-11] (AVAST Software)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c65x64.sys [480776 2016-01-03] (Intel Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-09] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184096 2015-06-29] (Intel Corporation)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44192 2015-08-21] (Synaptics Incorporated)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-05-06] (Acronis International GmbH)
S3 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [198432 2014-05-06] (Acronis International GmbH)
R3 Tvti2c; C:\Windows\system32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-05-06] (Acronis International GmbH)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U4 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-09 06:34 - 2016-04-09 06:35 - 00036894 _____ C:\Users\Brian\Downloads\FRST.txt
2016-04-09 06:33 - 2016-04-09 06:34 - 02374144 _____ (Farbar) C:\Users\Brian\Downloads\FRST64.exe
2016-04-08 05:02 - 2016-04-08 05:02 - 01524720 _____ C:\Users\Brian\Desktop\Heidelberg - Edutainment.pdf
2016-04-08 04:54 - 2016-04-08 04:54 - 02419276 _____ C:\Users\Brian\Desktop\The college sports reform movement.pdf
2016-04-08 04:38 - 2016-04-08 04:38 - 00133128 _____ C:\Users\Brian\Desktop\RodneyVisualculture.pdf
2016-04-08 04:35 - 2016-04-08 04:35 - 00756896 _____ C:\Users\Brian\Desktop\Addis - New Technologies and cultural consumption - edutainment is born.pdf
2016-04-07 04:20 - 2016-04-07 04:20 - 00349444 _____ C:\Users\Brian\Desktop\Programs for Posterity.pdf
2016-04-06 20:42 - 2016-04-06 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-04-06 20:42 - 2016-04-06 20:42 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-04-06 20:39 - 2016-04-06 20:39 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-06 20:39 - 2016-04-06 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-06 20:39 - 2016-04-06 20:39 - 00000000 ____D C:\Program Files\iTunes
2016-04-06 20:39 - 2016-04-06 20:39 - 00000000 ____D C:\Program Files\iPod
2016-04-06 20:39 - 2016-04-06 20:39 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-04-06 20:37 - 2016-04-06 20:37 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-04-06 20:37 - 2016-04-06 20:37 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-04-04 23:37 - 2016-04-05 21:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-04-04 06:12 - 2016-04-04 06:13 - 01978415 _____ C:\Users\Brian\Desktop\2nd round interview strategy guide.pdf
2016-03-27 17:55 - 2016-03-27 17:55 - 00044863 _____ C:\Users\Brian\Desktop\03_27_16 - system process.txt
2016-03-26 16:50 - 2016-03-26 16:43 - 00300832 _____ (Sysinternals - www.sysinternals.com) C:\Users\Brian\Desktop\Tcpview.exe
2016-03-26 15:26 - 2016-03-26 15:27 - 00678708 ____T C:\Users\Brian\Desktop\NYtimes - Why We Think We're Better Investors than we are.pdf
2016-03-26 14:39 - 2014-04-08 15:20 - 00232721 _____ C:\Users\Brian\Desktop\Brian C. Gregory _ Educational Technologies and Listening as Media Literacy_final.pdf
2016-03-25 16:18 - 2016-03-25 16:18 - 00229690 ____T C:\Users\Brian\Desktop\Brian Gregory_Contigo Autoseal Randolph Stainless Steel Travel Mug - Purchased from Amazon.pdf
2016-03-20 10:41 - 2016-03-20 10:41 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-20 10:41 - 2016-01-24 19:45 - 00170696 _____ (Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
2016-03-20 10:41 - 2016-01-24 19:45 - 00081096 _____ (Lenovo.) C:\WINDOWS\system32\ibmpmctl.exe
2016-03-20 10:41 - 2016-01-24 19:45 - 00072808 _____ (Lenovo.) C:\WINDOWS\system32\Drivers\ibmpmdrv.sys
2016-03-20 10:41 - 2016-01-24 19:45 - 00050888 _____ (Lenovo.) C:\WINDOWS\system32\tpinspm.dll
2016-03-20 10:40 - 2016-03-20 10:40 - 00000000 ____D C:\Users\Brian\AppData\LocalLow\Intel
2016-03-20 10:39 - 2016-03-20 10:39 - 00000000 ____D C:\Users\Brian\Intel
2016-03-20 10:37 - 2016-03-20 10:37 - 00000000 ____D C:\Users\Brian\AppData\Local\Tvsukernel
2016-03-20 10:12 - 2016-03-20 10:12 - 00231760 _____ C:\Users\Brian\Downloads\CrucialScan.exe
2016-03-20 09:13 - 2016-03-22 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-19 21:01 - 2016-03-19 21:01 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-18 13:47 - 2016-03-18 13:53 - 00000000 ____D C:\Users\Brian\Desktop\Backup from Samsung S2
2016-03-17 14:14 - 2016-03-17 14:14 - 00267338 _____ C:\Users\Brian\Downloads\VoiceMessage.wav
2016-03-13 09:31 - 2016-03-13 09:31 - 00073100 _____ C:\Users\Brian\Desktop\March 2016 - T-mobile bill.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-09 06:34 - 2014-03-19 12:10 - 00000000 ____D C:\FRST
2016-04-09 06:03 - 2015-12-05 11:50 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-09 06:02 - 2015-11-22 15:20 - 00003152 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1448220056
2016-04-09 06:02 - 2015-11-22 15:20 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-04-09 05:58 - 2015-06-18 09:30 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4266057503-3983920057-3671705298-1000UA.job
2016-04-09 05:57 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-09 05:57 - 2014-04-20 07:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-08 20:27 - 2012-10-14 00:27 - 00000000 ___RD C:\Users\Brian\Desktop\Dropbox
2016-04-08 20:27 - 2012-10-14 00:25 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Dropbox
2016-04-08 20:23 - 2015-12-05 11:50 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-08 06:59 - 2016-01-26 05:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-08 06:59 - 2012-10-13 19:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-08 06:58 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-08 06:50 - 2014-04-11 18:54 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-08 04:27 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-06 20:40 - 2015-08-26 06:54 - 00000000 ____D C:\Users\Brian\.oracle_jre_usage
2016-04-06 20:40 - 2014-08-08 12:03 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-04-06 20:40 - 2014-08-08 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-06 20:40 - 2013-07-09 08:42 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-06 20:39 - 2012-10-14 12:11 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-04-06 20:37 - 2012-10-14 12:11 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-06 20:24 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-03 21:57 - 2016-01-26 05:21 - 00000000 ____D C:\Users\Brian
2016-04-03 21:13 - 2012-10-12 17:39 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Nitro PDF
2016-04-03 21:06 - 2015-12-05 18:57 - 00000000 ____D C:\Users\Brian\AppData\Local\Packages
2016-04-03 18:01 - 2015-03-15 11:47 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-03-31 21:04 - 2015-12-05 11:50 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-31 21:04 - 2015-12-05 11:50 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-26 16:54 - 2015-12-05 18:17 - 00948146 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-26 07:58 - 2015-06-18 09:30 - 00000866 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4266057503-3983920057-3671705298-1000Core.job
2016-03-25 06:42 - 2014-04-20 07:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-25 06:42 - 2014-04-20 07:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-25 06:42 - 2014-03-16 10:05 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-25 05:48 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-20 10:41 - 2012-10-07 01:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-20 10:41 - 2012-10-07 01:34 - 00000000 ____D C:\Program Files\Intel
2016-03-20 10:40 - 2012-10-07 01:35 - 00000000 ____D C:\ProgramData\Intel
2016-03-20 10:40 - 2012-10-07 01:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-03-20 09:08 - 2015-12-05 19:06 - 00002411 _____ C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-20 09:08 - 2015-12-05 19:06 - 00000000 ___RD C:\Users\Brian\OneDrive
2016-03-18 08:28 - 2015-01-10 12:27 - 00002308 ____H C:\Users\Brian\Documents\Default.rdp
2016-03-18 08:20 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-03-17 13:47 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-17 13:42 - 2014-01-28 11:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-12 15:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-12 10:45 - 2016-01-26 05:14 - 02301784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-12 10:42 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-12 10:42 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-12 10:42 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-12 10:42 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-11 05:46 - 2013-07-15 03:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-11 05:46 - 2012-10-14 12:40 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-10 14:09 - 2014-04-20 07:31 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2014-04-20 07:31 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2014-03-16 10:04 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-10 07:04 - 2015-11-12 13:13 - 00000000 ___HD C:\Users\Public\Documents\.adata
2016-03-10 07:04 - 2015-11-12 13:09 - 00000000 ____D C:\ProgramData\SofTest
2016-03-10 07:04 - 2015-11-12 13:09 - 00000000 ____D C:\Program Files (x86)\Examsoft
2016-03-10 07:00 - 2015-03-15 11:47 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-03-10 07:00 - 2015-03-15 11:47 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys

==================== Files in the root of some directories =======

2012-10-17 12:17 - 2012-10-17 12:17 - 0030570 _____ () C:\Program Files (x86)\INSTALL.LOG
2014-04-21 09:43 - 2015-03-15 12:28 - 0000600 _____ () C:\Users\Brian\AppData\Roaming\winscp.rnd
2013-04-02 16:09 - 2013-10-02 07:19 - 0008192 ____R () C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-02 16:05 - 2014-03-02 16:05 - 0007607 ____R () C:\Users\Brian\AppData\Local\Resmon.ResmonCfg
2015-03-15 12:23 - 2015-02-03 15:49 - 0010240 ____R () C:\Users\Brian\AppData\Local\Z@!-9f740ce6-3ae3-433a-9e95-5d9fe9122117.tmp
2015-03-15 12:23 - 2015-02-03 15:49 - 0010240 ____R () C:\Users\Brian\AppData\Local\Z@!-efaa47ce-2f32-4391-894e-feadfdb80f3d.tmp
2015-03-15 12:23 - 2015-02-03 15:49 - 0009216 ____R () C:\Users\Brian\AppData\Local\Z@S!-a68f0749-c976-4df1-9e68-874af07e90c7.tmp
2016-01-26 05:18 - 2016-01-26 05:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-10-15 16:08 - 2016-02-25 08:25 - 0012451 _____ () C:\ProgramData\hpzinstall.log
2014-06-24 10:05 - 2014-08-01 20:45 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\Brian\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Brian\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Brian\AppData\Local\Temp\{7A34EA5A-1677-427B-B587-3AAB1A13B9F9}-48.0.2564.103_48.0.2564.97_chrome_updater_3stage.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-03 18:22

==================== End of FRST.txt ============================

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Brian (2016-04-09 06:35:34)
Running from C:\Users\Brian\Downloads
Windows 10 Home Version 1511 (X64) (2016-01-26 09:53:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4266057503-3983920057-3671705298-500 - Administrator - Disabled)
Brian (S-1-5-21-4266057503-3983920057-3671705298-1000 - Administrator - Enabled) => C:\Users\Brian
DefaultAccount (S-1-5-21-4266057503-3983920057-3671705298-503 - Limited - Disabled)
Guest (S-1-5-21-4266057503-3983920057-3671705298-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4266057503-3983920057-3671705298-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

5600 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acronis True Image 2014 (HKLM-x32\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Add or Remove Adobe Creative Suite 3 Design Premium (HKLM-x32\...\Adobe_498b43b77cac072081a5692bfc52804) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
avast! EasyPass (HKLM-x32\...\AI RoboForm) (Version: 7-9-7-133 - AVAST Software)
Blackboard Collaborate Launcher (HKLM-x32\...\{C4F79F84-C509-48B0-81B8-3C2FA2182406}) (Version: 1.6.0.0 - Blackboard)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brownstone Equation Editor 5 (HKLM-x32\...\BREE5) (Version: 5.2 - Design Science, Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version:  - )
CanoScan LiDE 700F Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq9601) (Version:  - )
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05182 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05182 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.392 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
EndNote X6 (HKLM-x32\...\{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}) (Version: 16.0.1.6599 - Thomson Reuters)
Evernote v. 5.9.1 (HKLM-x32\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.11.08 - Lenovo)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Lync 2010 (HKLM\...\{11849FBC-C416-4742-8279-17C3A2C85F72}) (Version: 4.0.7577.4486 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{DD3A1267-1A98-4332-BE1A-1D415C2CC1D8}) (Version: 15.8.8308.815 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Mozilla Thunderbird 38.7.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.7.2 (x86 en-US)) (Version: 38.7.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nitro Pro 7 (HKLM\...\{8E0790DA-185E-4DC1-8A88-750B2A6218FD}) (Version: 7.4.1.4 - Nitro PDF Software)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - )
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7614 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeZone Stable 1.48.2066.95 (x32 Version: 1.48.2066.95 - Avast Software) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SofTest v11 (HKLM-x32\...\InstallShield_{AAC04390-34C3-4CDF-ADA8-AA9DE5CEC66F}) (Version: 11.26.1 - Examsoft)
SofTest v11 (x32 Version: 11.26.1 - Examsoft) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.27 - Synaptics Incorporated)
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0031.1 - REALTEK Semiconductor Corp.)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.34.0 - Lenovo)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wimba Diploma 6 (HKLM-x32\...\Wimba Diploma 6) (Version: 6.72.0143 - Wimba)
Wimba Diploma 6 (x32 Version: 6.72.0143 - Wimba) Hidden
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (03/10/2011 9.2.0.1026) (HKLM\...\9BC1D406C7F459937934ABBF1D718304962F15C8) (Version: 03/10/2011 9.2.0.1026 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Brian\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06324F1F-75B9-4E43-B592-EC65E9BD95E0} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
Task: {07B9F7DD-B024-4026-AFCB-6D4A4734F986} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {1070E797-9B84-4D24-AB2B-F4062D03A2E5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {16A642ED-3112-48A9-B00B-710911471033} - \PMTask -> No File <==== ATTENTION
Task: {190CEED6-F462-4FAF-92B5-AA08D8299C04} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {1CE74941-AC01-4789-A981-60BAC20C46A0} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {227F3B0E-0ADB-42B3-A46C-ABEF8F48EF25} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {23A2E8C9-E1D6-4190-87DB-F2A2DA9C3871} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {246CD4D3-33B0-4A3F-90CF-528DF0DCDBD8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {289B343E-7780-4E8E-BFBF-0382BB9DA71B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {2C5FBF34-3F61-405A-BCFD-932C1EAAD553} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {2DE5B1D1-4B41-4470-8855-86ECDC98F359} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {33FC8F33-F326-4029-A80B-2E3640DC32EB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {342F1C49-1EBB-44D0-8A6D-D9F170A9FD1C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {3A2FF5FC-3504-4163-B20D-3E0298321644} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {3D40DD66-8341-4B3B-B865-7FB7BC19A0D7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4266057503-3983920057-3671705298-1000UA => C:\Users\Brian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {3F6AB3EC-7E91-4F10-9420-9C549F0A4DA4} - \Lenovo\SimpleTap\Start SimpleTap for BG.Brian -> No File <==== ATTENTION
Task: {43E579F7-C75E-4263-A170-07687064BDE2} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
Task: {4591FCE9-E10A-4D59-A621-B6BE3A74B5D6} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {46FC228A-5D87-48DA-BDB2-A0D9B0623416} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {4A61E6A0-2BFF-4FE8-8FAD-881BD692A345} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] ()
Task: {4B0F4B9E-892F-49B9-8775-2F96B075B7F6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {54B7E4D7-E4F2-4865-99D2-2EF8C57F528C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5843B1D6-30CE-4F4B-8261-8D2DF9F4AD64} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {63BB2C79-08BD-4AE2-8055-E9900868EFFE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {69919796-BB8A-4F48-982A-0788B39E9735} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2015-12-10] (Lenovo)
Task: {6F5D5B84-2FBE-443E-8B08-D2E57218CC47} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {7937AA97-3A8E-4540-A785-010C9DB4BCEB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {7F1C341C-0CD9-4492-A684-AEDCF225240D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {80438DF2-09A5-4B01-9AE8-EA3FB14A897B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {8D25F37F-9815-49FF-A806-91297AD0FAFD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {91866D7B-86B2-4E27-A795-219C988EC9E0} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A0F1C34C-54F0-4094-ADAA-8CDF8700E67F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {AB373F90-9C5E-47FE-915B-B17E41A39BC3} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {AF07C980-C7AF-4355-9484-2CBFB056B824} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4266057503-3983920057-3671705298-1000Core => C:\Users\Brian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {B4CC5A6F-9ECE-45B4-AF9C-AA4E700526F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B9FA8972-9000-4644-AA60-0579F4F2CAAF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {BDE94857-32A6-49C2-8BDC-C765940913A7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {BE85F8D1-F1FA-41B7-9265-404CCD68A5B6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {C0085FE1-8595-4227-8FD0-8E2E427CFB73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {C0C15E23-6A43-410D-8952-AD50A59E316D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {C18288D9-416E-4A7D-A955-8970D2BB644F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {C53ABBFC-9F3F-4A18-BBF7-3574B0FB09A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {C982AB7D-9ED7-4F7C-89F2-2A79CDAD79FB} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-06-19] (AVAST Software)
Task: {C989D8B7-4399-467A-B96F-58C54A6F2E44} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C9FD6C60-7924-4B97-AD7B-B88A9C21BAE5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {CB2ED866-D21D-428E-97DC-1792DDD8A9A5} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {CD4832CD-8221-4ACA-8835-C0D5659B1488} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-07] (AVAST Software)
Task: {D1BAA1BA-2766-4927-BE0D-4A6D2293E814} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {D4FAE3F6-1D19-4EC7-BC40-10E74BE34F70} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {D673A145-DB60-4FE9-B785-7C91487C5D45} - System32\Tasks\SafeZone scheduled Autoupdate 1448220056 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-08] (Avast Software)
Task: {D82C50C3-E28C-4BC1-B411-08D0C91A997E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DA081D00-CF58-4AA5-B751-CDAB6DA461ED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E450C898-470B-49A7-8282-01673BD1D75F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F110B929-5F6E-43EE-B40C-8BF85C111093} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F5C6F0E9-ADA3-40A4-9BF7-B2C16F489A93} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {F6CD8C18-42DA-4B92-A1E7-00CE7A56CF0D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-12-10] (Lenovo)
Task: {F6EADECD-FA30-4F13-A29A-E569F76F4B62} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F727790E-8A24-40F0-AE62-3E5DA4E4AFDC} - System32\Tasks\{D2F4A1A1-79D8-4599-AE73-10ED9BC5638B} => pcalua.exe -a C:\Users\Brian\Downloads\AdobeAIRInstaller.exe -d C:\Users\Brian\Downloads
Task: {F839821F-2CBC-40F1-8E75-1F4E17E01241} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {F9CF0DED-CBED-4315-B0EC-5A310DF73705} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FB52EBD5-4962-4FE5-9EF7-878BF1DFD9E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-11] (Microsoft Corporation)
Task: {FCD8B955-D473-4D4F-A110-3BBCA44370CD} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4266057503-3983920057-3671705298-1000Core.job => C:\Users\Brian\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4266057503-3983920057-3671705298-1000UA.job => C:\Users\Brian\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-25 17:09 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-03-02 21:27 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 21:27 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-28 19:52 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-01 10:26 - 2013-10-01 10:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2016-01-30 07:41 - 2016-01-30 07:42 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-26 07:56 - 2016-01-26 07:56 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 07:54 - 2016-02-23 04:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-26 07:56 - 2016-01-26 07:56 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-26 07:56 - 2016-01-26 07:56 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-30 07:34 - 2016-01-16 01:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-30 07:35 - 2016-01-16 01:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 22:00 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-22 14:17 - 2013-05-22 14:17 - 00400704 _____ () C:\Users\Brian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2016-03-22 21:45 - 2016-03-22 21:45 - 00258896 _____ () C:\Program Files\AVAST Software\Avast\avastnm.exe
2014-08-15 14:25 - 2014-08-15 14:25 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-02-07 10:47 - 2016-02-07 10:47 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-07 10:47 - 2016-02-07 10:47 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-06 19:52 - 2016-04-06 19:52 - 02853376 _____ () C:\Program Files\AVAST Software\Avast\defs\16040603\algo.dll
2016-02-07 10:47 - 2016-02-07 10:47 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-08 20:24 - 2016-04-08 20:24 - 02876416 _____ () C:\Program Files\AVAST Software\Avast\defs\16040802\algo.dll
2016-02-07 10:47 - 2016-02-07 10:47 - 00307808 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2012-10-07 01:45 - 2012-01-17 02:29 - 00030512 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2015-10-28 19:52 - 2015-09-01 08:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-01-30 07:41 - 2016-01-30 07:42 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-30 07:41 - 2016-01-30 07:42 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-03-19 21:00 - 2016-02-23 14:19 - 00034768 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-03-19 21:00 - 2016-02-23 14:20 - 00019408 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-03-19 21:00 - 2016-02-23 14:19 - 00116688 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-03-19 21:00 - 2016-02-23 14:19 - 00093640 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-03-19 21:00 - 2016-02-23 14:19 - 00018376 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\select.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00019760 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00105928 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-03-19 21:00 - 2016-02-23 14:19 - 00392144 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-03-19 21:00 - 2016-03-11 20:18 - 00381752 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-03-19 21:00 - 2016-02-23 14:19 - 00692688 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00020816 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-03-19 21:00 - 2016-02-23 14:20 - 00112592 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 01682760 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00020808 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00020800 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00021840 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00038696 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00020936 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00024528 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00114640 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00124880 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00021832 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00024016 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00175560 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00030160 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00043472 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00028616 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00048592 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00026456 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00057808 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00024016 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00117056 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00024392 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00036296 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\librsync.dll
2016-03-19 21:00 - 2016-03-11 20:18 - 00031568 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2016-03-19 21:00 - 2016-02-12 20:24 - 00293392 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2016-03-19 21:00 - 2016-03-11 20:18 - 00023376 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-03-19 21:00 - 2016-02-23 14:19 - 00134608 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-03-19 21:00 - 2016-02-23 14:19 - 00134088 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-03-19 21:00 - 2016-02-23 14:20 - 00240584 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00052024 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00020800 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00021824 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00019776 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00020800 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00020280 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00350152 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00022352 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00084792 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-03-19 21:00 - 2016-03-11 20:18 - 01826096 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-03-19 21:00 - 2016-02-23 14:20 - 00083912 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\sip.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 03928880 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 01971504 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00531248 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00132912 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00223544 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00207672 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00158008 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00042808 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-03-19 21:00 - 2016-02-23 14:23 - 00017864 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-03-19 21:00 - 2016-02-23 14:23 - 01631184 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-03-19 21:00 - 2016-03-11 20:18 - 00024904 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00546096 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00357680 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-03-19 21:00 - 2016-02-23 14:25 - 00697304 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-06 20:36 - 2015-07-06 20:36 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2014-02-04 18:28 - 2014-02-04 18:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-12-06 11:17 - 2015-12-06 11:17 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-04-09 06:02 - 2016-03-08 07:15 - 62327288 _____ () C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\SZBrowser.dll
2016-04-09 06:02 - 2016-03-08 07:15 - 02074104 _____ () C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\libglesv2.dll
2016-04-09 06:02 - 2016-03-08 07:15 - 00081400 _____ () C:\Program Files\AVAST Software\SZBrowser\1.48.2066.95\libegl.dll
2013-10-01 11:00 - 2013-10-01 11:00 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-02-02 11:48 - 00450856 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15462 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5849DA7A-7651-42A0-AE27-47B535423D9C}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{9143AB46-648A-4610-9B43-DA2B202B20DA}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{2904C90D-C309-4742-9E70-215CCFAC0C2C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{884AB406-6122-4215-BAA3-30F97FBAB87A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C67CF34D-6CFA-46BB-924E-DEA63E985FD5}] => (Allow) LPort=2869
FirewallRules: [{E1E88EF4-0503-4E65-9A50-50474A740FFB}] => (Allow) LPort=1900
FirewallRules: [{FAD7C97B-246B-4095-AB97-C1A902F1E38C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{033CF988-56E2-4C1C-83A3-B409FBFC4466}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{2770B272-CA87-42ED-947E-E4A0A3A68672}] => (Allow) C:\Users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5E0E7975-D350-42FE-9653-1E0C190221CF}] => (Allow) C:\Users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{674C1761-3DD2-420D-9CF5-E07D8616967C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3035677A-DA15-4F2C-9353-058866690DA0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{A217A5F7-42AE-465B-8E5B-91CAA3663C6E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{7506F602-2B2D-44FC-AEEF-B25C949AB8E1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{5D08D90E-E3D3-4080-B3B5-42D75C1B091F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{1D126AEE-BDBC-4355-B6B8-7F0F374B31FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{D1F4FEDD-079E-4116-B604-E8925FA1080A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{AD43DB9E-5C4E-4B7C-AA35-A8DAE0AB5196}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{5582B9F1-A184-41D0-A31D-4C3BFF954D62}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{54E501E0-00DB-4E90-A186-0F55224911B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{0FBDEE12-28B9-4912-81B5-E039BF9A7D10}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{19347D05-092A-45C1-AABB-EF46AA5CD9FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{A9E138F2-069C-4A8E-BC60-A1E6CEB39EFB}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{B7B710AD-2E9C-4236-87E2-8154D828065E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{8B58EC8A-F0A6-448A-9911-CD4A8DE586D8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{0869A248-C96F-4DBD-AAE8-A001CC2E9BCD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{EB53C540-2D11-4365-BDA9-0CC80826A306}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{D3ACDA1D-86AB-4816-A1E5-7D1B0C664461}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{B615C4DE-B61B-445B-BB83-6300AAAF2A4E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{323E3F37-3016-478F-B2E1-0A7A813E07E3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F9169EDC-694F-4482-8018-D973864DDA7E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E80C2CFB-EBF3-459D-8284-9EB8B2A6D3E3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{9CB796C4-D446-4F88-98F2-351873CC193F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{C66F8599-00AA-450C-AAB3-2C1F515971BA}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{78C630FA-A353-41F5-851A-64A6A551158C}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{E4D28E78-CB13-4773-9367-415F6CE27789}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{F2C17623-CA6B-4B7B-8143-53DBB2F46EED}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{7D47636B-625B-4BEB-8BEA-DFE7E22BA498}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{A303316C-DCCE-453C-B320-0648467EFC22}C:\users\brian\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\brian\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{CC10AEA6-27F3-4B5E-853C-4C499DB96DAB}C:\users\brian\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\brian\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{67F76E68-EDAD-4F59-8266-EFB93E994711}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{448EC3D8-0984-4509-BCCE-2860DDAF3DDD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{3D8C4105-FA55-43E5-BE08-2BFDC2CF35DC}C:\users\brian\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\brian\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8B3723C8-83AB-4840-8FBF-FB01ED5FAF50}C:\users\brian\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\brian\appdata\roaming\spotify\spotify.exe
FirewallRules: [{39F2C296-632C-4BFD-932D-8F70DAE2AA0A}] => (Block) C:\users\brian\appdata\roaming\spotify\spotify.exe
FirewallRules: [{643587B5-9F34-400E-9C9B-099B93293F58}] => (Block) C:\users\brian\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C72DDAE9-0483-4EB8-A4A6-0B89645E05F6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{2A1D1ADF-2332-4085-864E-B86FFDA3F956}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{B1E96839-932E-4544-AFF0-8DAABD69CF79}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{9971130F-A3CB-4DC6-B48D-8AFACC13BFF9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1270FD5D-3E18-488B-B313-6A98C4F0CE2B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{352A6D18-0C4C-4F49-9871-B57440EED50B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{DAF0B341-0A19-4F39-9FFD-81332AB18591}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{79132BC5-5EB9-46A3-80BE-8EF69E852CEE}C:\program files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [UDP Query User{020A02F1-87A5-4474-8D19-51A6DA6E2FF5}C:\program files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [TCP Query User{FABA1BA0-1953-418B-82E4-B1858973FD6E}C:\users\brian\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\brian\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{209D7979-373C-41CD-8317-A9AD93FCCA00}C:\users\brian\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\brian\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{4B63A058-9CFD-43C1-B426-1ED46E64635C}C:\users\brian\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\brian\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [UDP Query User{6F044FA4-9BA3-4A56-B4A0-80F555673C73}C:\users\brian\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\brian\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [{CFD5D39B-F17B-46D0-93B0-E4B5681C9BF4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{943A389E-5BF3-499C-8402-051E3FAFE325}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7EA7A666-5898-445F-82D5-21E4BF12E43A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E5A8A376-F8B2-4363-84ED-CE11CE67DFE8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F98C279F-083E-4526-BF8C-82FB260FE99E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D2C6C896-1924-4B5C-8B2A-A3165799FAF2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F612BE72-90FE-44F6-8A13-0E044532AB5D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2A071B04-AB7A-4F88-BBA0-B7444C7B713F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D45B2A1D-966C-453C-A401-97D1242EC3F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C8EA294-68CA-466D-8A0D-EA9D60CF1D94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1306E8EE-0C1F-437F-8499-24CC6B33CA27}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D450A37D-B105-434F-9110-6AC3410A5231}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E44ABF69-B3AD-4CD3-B4B4-380543072464}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{C63DFD15-1D86-489A-B90B-64E47D6E05F3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{7C28FA5E-70E1-4A94-8F8E-3AB0DA60499D}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{CA9CB561-F2E2-462E-9F29-24E6E6A50A9B}] => (Allow) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
FirewallRules: [{A717FB92-6EEA-46C9-8541-7FA18E83F316}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi64.exe
FirewallRules: [{E4C78DED-1EB3-4BA8-9B30-43901254D354}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{0EDFC878-A7AC-4D08-AFF4-6A02E261A72B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [TCP Query User{E1DC800E-FC4C-4963-88C6-3F116751CC8D}C:\users\brian\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\brian\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{DEAB2D11-A8B8-4516-959E-9130A0A435CF}C:\users\brian\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\brian\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [{32477994-4C0B-45AF-8C49-5E4F799CDFF1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{48E0BEDA-5DBE-45B1-9878-D9587B7C08FD}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

11-03-2016 05:44:03 Windows Update
20-03-2016 08:34:56 Scheduled Checkpoint
25-03-2016 05:48:02 Windows Update
06-04-2016 20:34:08 ASU_MSI_TRAN

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2016 05:57:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BG)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/08/2016 08:27:21 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/08/2016 08:27:21 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/08/2016 05:15:10 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: aspnet_stateaspnet_counters.dll8

Error: (04/08/2016 05:15:10 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_4.0.30319aspnet_counters.dll8

Error: (04/08/2016 05:15:10 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NETaspnet_counters.dll8

Error: (04/08/2016 04:27:51 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/08/2016 04:27:23 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/08/2016 04:26:45 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/07/2016 06:31:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125


System errors:
=============
Error: (04/09/2016 05:59:29 AM) (Source: DCOM) (EventID: 10016) (User: BG)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}BGBrianS-1-5-21-4266057503-3983920057-3671705298-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (04/09/2016 05:59:16 AM) (Source: DCOM) (EventID: 10016) (User: BG)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}BGBrianS-1-5-21-4266057503-3983920057-3671705298-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (04/09/2016 05:57:25 AM) (Source: DCOM) (EventID: 10010) (User: BG)
Description: App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca

Error: (04/08/2016 08:22:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SoftshieldService service to connect.

Error: (04/08/2016 06:58:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1dfd1b5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/06/2016 06:44:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_e86d0a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/05/2016 09:33:02 PM) (Source: DCOM) (EventID: 10001) (User: BG)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXwmnqm0nvq2b90pwvr42qmtdjp7cj3w82.mca31App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mcaUnavailableUnavailable

Error: (04/04/2016 06:20:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_c4f3b8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/03/2016 09:57:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4e1f3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/03/2016 05:58:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SoftshieldService service to connect.


CodeIntegrity:
===================================
  Date: 2016-03-25 18:31:43.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-13 07:49:39.531
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-12 09:46:43.670
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-04 04:32:28.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-03 04:50:02.872
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-17 18:27:56.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-10 23:25:12.024
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-10 22:04:20.482
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-03 06:42:19.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-31 17:39:49.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 26%
Total physical RAM: 16225.41 MB
Available physical RAM: 11909.97 MB
Total Virtual: 17613.41 MB
Available Virtual: 12988.65 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:451.1 GB) (Free:117.45 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:2.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 017F2DB4)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

Hello and :welcome:

 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please upload them into your next reply.

Link to post
Share on other sites

Please see the new scan - thanks!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Brian (administrator) on BG (09-04-2016 08:44:17)
Running from C:\Users\Brian\Downloads
Loaded Profiles: Brian (Available Profiles: Brian)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Brian\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Users\Brian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(AVAST Software) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
() C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2016-01-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2016-01-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2016-01-03] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-08-15] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12119872 2015-11-12] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1178400 2015-07-06] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Run: [Spotify Web Helper] => C:\Users\Brian\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-07] (Spotify Ltd)
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Brian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [100200 2014-06-19] (AVAST Software)
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Run: [Dropbox Update] => C:\Users\Brian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-07] (AVAST Software)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-04-14]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-03-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-11-06]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9b915597-2db4-48ab-a82e-4445226ac6c6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c9bcc082-4677-46e8-a462-524267678b66}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000 -> DefaultScope {2F9D3D87-34AE-4F95-8B0B-9FE9D85694AD} URL = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000 -> {2F9D3D87-34AE-4F95-8B0B-9FE9D85694AD} URL = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS505
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
BHO: avast! EasyPass Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-06-19] (AVAST Software)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-07] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
BHO-x32: avast! EasyPass Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-06-19] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-06] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-07] (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-06] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-06-19] (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-06-19] (AVAST Software)
Toolbar: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {76CBDDBA-3897-4EAC-A1D3-CCC47DE82EFB} hxxps://nycisepolicy1.pace.edu:8443/auth/provisioning/download/bb619a42-8203-43b5-af7f-8ddcb084b1ad/taweb.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kfv3p8ye.default-1440240311736
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.nytimes.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-06] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-05-24] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4266057503-3983920057-3671705298-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Brian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-4266057503-3983920057-3671705298-1000: LWAPlugin15.8 -> C:\Users\Brian\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Brian\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-02-17] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Brian\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-02-14]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-20] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-07]
FF HKLM\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF
FF Extension: Avast Passwords - C:\Program Files\AVAST Software\Avast\pam\FF [2016-02-07]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client => not found
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: avast! EasyPass Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-06-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-07]
FF HKLM-x32\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF
FF HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR Profile: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-05]
CHR Extension: (Google Docs) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-05]
CHR Extension: (Google Drive) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-05]
CHR Extension: (YouTube) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-05]
CHR Extension: (Google Search) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-05]
CHR Extension: (Google Sheets) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-05]
CHR Extension: (Google Docs Offline) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-05]
CHR Extension: (Gmail) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-07] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [119128 2016-02-07] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-10-13] (Macrovision Europe Ltd.) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
S4 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [67848 2016-03-10] (Hewlett-Packard)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255096 2015-12-05] (Synaptics Incorporated)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-10] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [552880 2016-02-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-07] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-03-18] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-11] (AVAST Software)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c65x64.sys [480776 2016-01-03] (Intel Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-09] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184096 2015-06-29] (Intel Corporation)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44192 2015-08-21] (Synaptics Incorporated)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-05-06] (Acronis International GmbH)
S3 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [198432 2014-05-06] (Acronis International GmbH)
R3 Tvti2c; C:\Windows\system32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-05-06] (Acronis International GmbH)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U4 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-09 06:35 - 2016-04-09 06:39 - 00074867 _____ C:\Users\Brian\Downloads\Addition.txt
2016-04-09 06:34 - 2016-04-09 08:44 - 00034630 _____ C:\Users\Brian\Downloads\FRST.txt
2016-04-09 06:33 - 2016-04-09 06:34 - 02374144 _____ (Farbar) C:\Users\Brian\Downloads\FRST64.exe
2016-04-08 05:02 - 2016-04-08 05:02 - 01524720 _____ C:\Users\Brian\Desktop\Heidelberg - Edutainment.pdf
2016-04-08 04:54 - 2016-04-08 04:54 - 02419276 _____ C:\Users\Brian\Desktop\The college sports reform movement.pdf
2016-04-08 04:38 - 2016-04-08 04:38 - 00133128 _____ C:\Users\Brian\Desktop\RodneyVisualculture.pdf
2016-04-08 04:35 - 2016-04-08 04:35 - 00756896 _____ C:\Users\Brian\Desktop\Addis - New Technologies and cultural consumption - edutainment is born.pdf
2016-04-07 04:20 - 2016-04-07 04:20 - 00349444 _____ C:\Users\Brian\Desktop\Programs for Posterity.pdf
2016-04-06 20:42 - 2016-04-06 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-04-06 20:42 - 2016-04-06 20:42 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-04-06 20:39 - 2016-04-06 20:39 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-06 20:39 - 2016-04-06 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-06 20:39 - 2016-04-06 20:39 - 00000000 ____D C:\Program Files\iTunes
2016-04-06 20:39 - 2016-04-06 20:39 - 00000000 ____D C:\Program Files\iPod
2016-04-06 20:39 - 2016-04-06 20:39 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-04-06 20:37 - 2016-04-06 20:37 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-04-06 20:37 - 2016-04-06 20:37 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-04-04 23:37 - 2016-04-05 21:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-04-04 06:12 - 2016-04-04 06:13 - 01978415 _____ C:\Users\Brian\Desktop\2nd round interview strategy guide.pdf
2016-03-27 17:55 - 2016-03-27 17:55 - 00044863 _____ C:\Users\Brian\Desktop\03_27_16 - system process.txt
2016-03-26 16:50 - 2016-03-26 16:43 - 00300832 _____ (Sysinternals - www.sysinternals.com) C:\Users\Brian\Desktop\Tcpview.exe
2016-03-26 15:26 - 2016-03-26 15:27 - 00678708 ____T C:\Users\Brian\Desktop\NYtimes - Why We Think We're Better Investors than we are.pdf
2016-03-26 14:39 - 2014-04-08 15:20 - 00232721 _____ C:\Users\Brian\Desktop\Brian C. Gregory _ Educational Technologies and Listening as Media Literacy_final.pdf
2016-03-25 16:18 - 2016-03-25 16:18 - 00229690 ____T C:\Users\Brian\Desktop\Brian Gregory_Contigo Autoseal Randolph Stainless Steel Travel Mug - Purchased from Amazon.pdf
2016-03-20 10:41 - 2016-03-20 10:41 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-20 10:41 - 2016-01-24 19:45 - 00170696 _____ (Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
2016-03-20 10:41 - 2016-01-24 19:45 - 00081096 _____ (Lenovo.) C:\WINDOWS\system32\ibmpmctl.exe
2016-03-20 10:41 - 2016-01-24 19:45 - 00072808 _____ (Lenovo.) C:\WINDOWS\system32\Drivers\ibmpmdrv.sys
2016-03-20 10:41 - 2016-01-24 19:45 - 00050888 _____ (Lenovo.) C:\WINDOWS\system32\tpinspm.dll
2016-03-20 10:40 - 2016-03-20 10:40 - 00000000 ____D C:\Users\Brian\AppData\LocalLow\Intel
2016-03-20 10:39 - 2016-03-20 10:39 - 00000000 ____D C:\Users\Brian\Intel
2016-03-20 10:37 - 2016-03-20 10:37 - 00000000 ____D C:\Users\Brian\AppData\Local\Tvsukernel
2016-03-20 10:12 - 2016-03-20 10:12 - 00231760 _____ C:\Users\Brian\Downloads\CrucialScan.exe
2016-03-20 09:13 - 2016-03-22 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-19 21:01 - 2016-03-19 21:01 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-18 13:47 - 2016-03-18 13:53 - 00000000 ____D C:\Users\Brian\Desktop\Backup from Samsung S2
2016-03-17 14:14 - 2016-03-17 14:14 - 00267338 _____ C:\Users\Brian\Downloads\VoiceMessage.wav
2016-03-13 09:31 - 2016-03-13 09:31 - 00073100 _____ C:\Users\Brian\Desktop\March 2016 - T-mobile bill.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-09 08:44 - 2014-03-19 12:10 - 00000000 ____D C:\FRST
2016-04-09 07:03 - 2015-12-05 11:50 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-09 06:58 - 2015-06-18 09:30 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4266057503-3983920057-3671705298-1000UA.job
2016-04-09 06:50 - 2014-04-11 18:54 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-09 06:02 - 2015-11-22 15:20 - 00003152 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1448220056
2016-04-09 06:02 - 2015-11-22 15:20 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-04-09 05:57 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-09 05:57 - 2014-04-20 07:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-08 20:27 - 2012-10-14 00:27 - 00000000 ___RD C:\Users\Brian\Desktop\Dropbox
2016-04-08 20:27 - 2012-10-14 00:25 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Dropbox
2016-04-08 20:23 - 2015-12-05 11:50 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-08 06:59 - 2016-01-26 05:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-08 06:59 - 2012-10-13 19:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-08 06:58 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-08 04:27 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-06 20:40 - 2015-08-26 06:54 - 00000000 ____D C:\Users\Brian\.oracle_jre_usage
2016-04-06 20:40 - 2014-08-08 12:03 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-04-06 20:40 - 2014-08-08 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-06 20:40 - 2013-07-09 08:42 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-06 20:39 - 2012-10-14 12:11 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-04-06 20:37 - 2012-10-14 12:11 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-06 20:24 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-03 21:57 - 2016-01-26 05:21 - 00000000 ____D C:\Users\Brian
2016-04-03 21:13 - 2012-10-12 17:39 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Nitro PDF
2016-04-03 21:06 - 2015-12-05 18:57 - 00000000 ____D C:\Users\Brian\AppData\Local\Packages
2016-04-03 18:01 - 2015-03-15 11:47 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-03-31 21:04 - 2015-12-05 11:50 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-31 21:04 - 2015-12-05 11:50 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-26 16:54 - 2015-12-05 18:17 - 00948146 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-26 07:58 - 2015-06-18 09:30 - 00000866 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4266057503-3983920057-3671705298-1000Core.job
2016-03-25 06:42 - 2014-04-20 07:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-25 06:42 - 2014-04-20 07:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-25 06:42 - 2014-03-16 10:05 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-25 05:48 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-20 10:41 - 2012-10-07 01:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-20 10:41 - 2012-10-07 01:34 - 00000000 ____D C:\Program Files\Intel
2016-03-20 10:40 - 2012-10-07 01:35 - 00000000 ____D C:\ProgramData\Intel
2016-03-20 10:40 - 2012-10-07 01:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-03-20 09:08 - 2015-12-05 19:06 - 00002411 _____ C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-20 09:08 - 2015-12-05 19:06 - 00000000 ___RD C:\Users\Brian\OneDrive
2016-03-18 08:28 - 2015-01-10 12:27 - 00002308 ____H C:\Users\Brian\Documents\Default.rdp
2016-03-18 08:20 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-03-17 13:47 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-17 13:42 - 2014-01-28 11:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-12 15:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-12 10:45 - 2016-01-26 05:14 - 02301784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-12 10:42 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-12 10:42 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-12 10:42 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-12 10:42 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-11 05:46 - 2013-07-15 03:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-11 05:46 - 2012-10-14 12:40 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-10 14:09 - 2014-04-20 07:31 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2014-04-20 07:31 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2014-03-16 10:04 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-10 07:04 - 2015-11-12 13:13 - 00000000 ___HD C:\Users\Public\Documents\.adata
2016-03-10 07:04 - 2015-11-12 13:09 - 00000000 ____D C:\ProgramData\SofTest
2016-03-10 07:04 - 2015-11-12 13:09 - 00000000 ____D C:\Program Files (x86)\Examsoft
2016-03-10 07:00 - 2015-03-15 11:47 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-03-10 07:00 - 2015-03-15 11:47 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys

==================== Files in the root of some directories =======

2012-10-17 12:17 - 2012-10-17 12:17 - 0030570 _____ () C:\Program Files (x86)\INSTALL.LOG
2014-04-21 09:43 - 2015-03-15 12:28 - 0000600 _____ () C:\Users\Brian\AppData\Roaming\winscp.rnd
2013-04-02 16:09 - 2013-10-02 07:19 - 0008192 ____R () C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-02 16:05 - 2014-03-02 16:05 - 0007607 ____R () C:\Users\Brian\AppData\Local\Resmon.ResmonCfg
2015-03-15 12:23 - 2015-02-03 15:49 - 0010240 ____R () C:\Users\Brian\AppData\Local\Z@!-9f740ce6-3ae3-433a-9e95-5d9fe9122117.tmp
2015-03-15 12:23 - 2015-02-03 15:49 - 0010240 ____R () C:\Users\Brian\AppData\Local\Z@!-efaa47ce-2f32-4391-894e-feadfdb80f3d.tmp
2015-03-15 12:23 - 2015-02-03 15:49 - 0009216 ____R () C:\Users\Brian\AppData\Local\Z@S!-a68f0749-c976-4df1-9e68-874af07e90c7.tmp
2016-01-26 05:18 - 2016-01-26 05:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-10-15 16:08 - 2016-02-25 08:25 - 0012451 _____ () C:\ProgramData\hpzinstall.log
2014-06-24 10:05 - 2014-08-01 20:45 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\Brian\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Brian\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Brian\AppData\Local\Temp\{7A34EA5A-1677-427B-B587-3AAB1A13B9F9}-48.0.2564.103_48.0.2564.97_chrome_updater_3stage.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-03 18:22

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Brian (2016-04-09 08:45:05)
Running from C:\Users\Brian\Downloads
Windows 10 Home Version 1511 (X64) (2016-01-26 09:53:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4266057503-3983920057-3671705298-500 - Administrator - Disabled)
Brian (S-1-5-21-4266057503-3983920057-3671705298-1000 - Administrator - Enabled) => C:\Users\Brian
DefaultAccount (S-1-5-21-4266057503-3983920057-3671705298-503 - Limited - Disabled)
Guest (S-1-5-21-4266057503-3983920057-3671705298-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4266057503-3983920057-3671705298-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

5600 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acronis True Image 2014 (HKLM-x32\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Add or Remove Adobe Creative Suite 3 Design Premium (HKLM-x32\...\Adobe_498b43b77cac072081a5692bfc52804) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
avast! EasyPass (HKLM-x32\...\AI RoboForm) (Version: 7-9-7-133 - AVAST Software)
Blackboard Collaborate Launcher (HKLM-x32\...\{C4F79F84-C509-48B0-81B8-3C2FA2182406}) (Version: 1.6.0.0 - Blackboard)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brownstone Equation Editor 5 (HKLM-x32\...\BREE5) (Version: 5.2 - Design Science, Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version:  - )
CanoScan LiDE 700F Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq9601) (Version:  - )
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05182 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05182 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.392 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
EndNote X6 (HKLM-x32\...\{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}) (Version: 16.0.1.6599 - Thomson Reuters)
Evernote v. 5.9.1 (HKLM-x32\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.11.08 - Lenovo)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Lync 2010 (HKLM\...\{11849FBC-C416-4742-8279-17C3A2C85F72}) (Version: 4.0.7577.4486 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{DD3A1267-1A98-4332-BE1A-1D415C2CC1D8}) (Version: 15.8.8308.815 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Mozilla Thunderbird 38.7.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.7.2 (x86 en-US)) (Version: 38.7.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nitro Pro 7 (HKLM\...\{8E0790DA-185E-4DC1-8A88-750B2A6218FD}) (Version: 7.4.1.4 - Nitro PDF Software)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - )
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7614 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeZone Stable 1.48.2066.95 (x32 Version: 1.48.2066.95 - Avast Software) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SofTest v11 (HKLM-x32\...\InstallShield_{AAC04390-34C3-4CDF-ADA8-AA9DE5CEC66F}) (Version: 11.26.1 - Examsoft)
SofTest v11 (x32 Version: 11.26.1 - Examsoft) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.27 - Synaptics Incorporated)
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0031.1 - REALTEK Semiconductor Corp.)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.34.0 - Lenovo)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wimba Diploma 6 (HKLM-x32\...\Wimba Diploma 6) (Version: 6.72.0143 - Wimba)
Wimba Diploma 6 (x32 Version: 6.72.0143 - Wimba) Hidden
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (03/10/2011 9.2.0.1026) (HKLM\...\9BC1D406C7F459937934ABBF1D718304962F15C8) (Version: 03/10/2011 9.2.0.1026 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Brian\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06324F1F-75B9-4E43-B592-EC65E9BD95E0} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
Task: {07B9F7DD-B024-4026-AFCB-6D4A4734F986} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {1070E797-9B84-4D24-AB2B-F4062D03A2E5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {16A642ED-3112-48A9-B00B-710911471033} - \PMTask -> No File <==== ATTENTION
Task: {190CEED6-F462-4FAF-92B5-AA08D8299C04} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {1CE74941-AC01-4789-A981-60BAC20C46A0} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {227F3B0E-0ADB-42B3-A46C-ABEF8F48EF25} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {23A2E8C9-E1D6-4190-87DB-F2A2DA9C3871} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {246CD4D3-33B0-4A3F-90CF-528DF0DCDBD8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {289B343E-7780-4E8E-BFBF-0382BB9DA71B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {2C5FBF34-3F61-405A-BCFD-932C1EAAD553} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {2DE5B1D1-4B41-4470-8855-86ECDC98F359} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {33FC8F33-F326-4029-A80B-2E3640DC32EB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {342F1C49-1EBB-44D0-8A6D-D9F170A9FD1C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {3A2FF5FC-3504-4163-B20D-3E0298321644} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {3D40DD66-8341-4B3B-B865-7FB7BC19A0D7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4266057503-3983920057-3671705298-1000UA => C:\Users\Brian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {3F6AB3EC-7E91-4F10-9420-9C549F0A4DA4} - \Lenovo\SimpleTap\Start SimpleTap for BG.Brian -> No File <==== ATTENTION
Task: {43E579F7-C75E-4263-A170-07687064BDE2} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
Task: {4591FCE9-E10A-4D59-A621-B6BE3A74B5D6} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {46FC228A-5D87-48DA-BDB2-A0D9B0623416} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {4A61E6A0-2BFF-4FE8-8FAD-881BD692A345} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] ()
Task: {4B0F4B9E-892F-49B9-8775-2F96B075B7F6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {54B7E4D7-E4F2-4865-99D2-2EF8C57F528C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5843B1D6-30CE-4F4B-8261-8D2DF9F4AD64} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {63BB2C79-08BD-4AE2-8055-E9900868EFFE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {69919796-BB8A-4F48-982A-0788B39E9735} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2015-12-10] (Lenovo)
Task: {6F5D5B84-2FBE-443E-8B08-D2E57218CC47} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {7937AA97-3A8E-4540-A785-010C9DB4BCEB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {7F1C341C-0CD9-4492-A684-AEDCF225240D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {80438DF2-09A5-4B01-9AE8-EA3FB14A897B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {8D25F37F-9815-49FF-A806-91297AD0FAFD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {91866D7B-86B2-4E27-A795-219C988EC9E0} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A0F1C34C-54F0-4094-ADAA-8CDF8700E67F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {AB373F90-9C5E-47FE-915B-B17E41A39BC3} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {AF07C980-C7AF-4355-9484-2CBFB056B824} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4266057503-3983920057-3671705298-1000Core => C:\Users\Brian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {B4CC5A6F-9ECE-45B4-AF9C-AA4E700526F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B9FA8972-9000-4644-AA60-0579F4F2CAAF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {BDE94857-32A6-49C2-8BDC-C765940913A7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {BE85F8D1-F1FA-41B7-9265-404CCD68A5B6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {C0085FE1-8595-4227-8FD0-8E2E427CFB73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {C0C15E23-6A43-410D-8952-AD50A59E316D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {C18288D9-416E-4A7D-A955-8970D2BB644F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {C53ABBFC-9F3F-4A18-BBF7-3574B0FB09A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {C982AB7D-9ED7-4F7C-89F2-2A79CDAD79FB} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-06-19] (AVAST Software)
Task: {C989D8B7-4399-467A-B96F-58C54A6F2E44} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C9FD6C60-7924-4B97-AD7B-B88A9C21BAE5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {CB2ED866-D21D-428E-97DC-1792DDD8A9A5} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {CD4832CD-8221-4ACA-8835-C0D5659B1488} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-07] (AVAST Software)
Task: {D1BAA1BA-2766-4927-BE0D-4A6D2293E814} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {D4FAE3F6-1D19-4EC7-BC40-10E74BE34F70} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {D673A145-DB60-4FE9-B785-7C91487C5D45} - System32\Tasks\SafeZone scheduled Autoupdate 1448220056 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-08] (Avast Software)
Task: {D82C50C3-E28C-4BC1-B411-08D0C91A997E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DA081D00-CF58-4AA5-B751-CDAB6DA461ED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E450C898-470B-49A7-8282-01673BD1D75F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F110B929-5F6E-43EE-B40C-8BF85C111093} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F5C6F0E9-ADA3-40A4-9BF7-B2C16F489A93} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {F6CD8C18-42DA-4B92-A1E7-00CE7A56CF0D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-12-10] (Lenovo)
Task: {F6EADECD-FA30-4F13-A29A-E569F76F4B62} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F727790E-8A24-40F0-AE62-3E5DA4E4AFDC} - System32\Tasks\{D2F4A1A1-79D8-4599-AE73-10ED9BC5638B} => pcalua.exe -a C:\Users\Brian\Downloads\AdobeAIRInstaller.exe -d C:\Users\Brian\Downloads
Task: {F839821F-2CBC-40F1-8E75-1F4E17E01241} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {F9CF0DED-CBED-4315-B0EC-5A310DF73705} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FB52EBD5-4962-4FE5-9EF7-878BF1DFD9E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-11] (Microsoft Corporation)
Task: {FCD8B955-D473-4D4F-A110-3BBCA44370CD} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4266057503-3983920057-3671705298-1000Core.job => C:\Users\Brian\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4266057503-3983920057-3671705298-1000UA.job => C:\Users\Brian\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-25 17:09 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-03-02 21:27 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 21:27 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-28 19:52 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-01 10:26 - 2013-10-01 10:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2012-05-24 02:04 - 2012-05-24 02:04 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2016-01-30 07:41 - 2016-01-30 07:42 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-26 07:56 - 2016-01-26 07:56 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 07:54 - 2016-02-23 04:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-06-01 22:00 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-22 14:17 - 2013-05-22 14:17 - 00400704 _____ () C:\Users\Brian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2016-01-26 07:56 - 2016-01-26 07:56 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-26 07:56 - 2016-01-26 07:56 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-30 07:34 - 2016-01-16 01:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-30 07:35 - 2016-01-16 01:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 02100064 _____ () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
2014-08-15 14:25 - 2014-08-15 14:25 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-02-07 10:47 - 2016-02-07 10:47 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-07 10:47 - 2016-02-07 10:47 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-06 19:52 - 2016-04-06 19:52 - 02853376 _____ () C:\Program Files\AVAST Software\Avast\defs\16040603\algo.dll
2016-02-07 10:47 - 2016-02-07 10:47 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-08 20:24 - 2016-04-08 20:24 - 02876416 _____ () C:\Program Files\AVAST Software\Avast\defs\16040802\algo.dll
2016-02-07 10:47 - 2016-02-07 10:47 - 00307808 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2012-10-07 01:45 - 2012-01-17 02:29 - 00030512 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2015-10-28 19:52 - 2015-09-01 08:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-01-30 07:41 - 2016-01-30 07:42 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-30 07:41 - 2016-01-30 07:42 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-03-19 21:00 - 2016-02-23 14:19 - 00034768 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-03-19 21:00 - 2016-02-23 14:20 - 00019408 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-03-19 21:00 - 2016-02-23 14:19 - 00116688 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-03-19 21:00 - 2016-02-23 14:19 - 00093640 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-03-19 21:00 - 2016-02-23 14:19 - 00018376 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\select.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00019760 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00105928 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-03-19 21:00 - 2016-02-23 14:19 - 00392144 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-03-19 21:00 - 2016-03-11 20:18 - 00381752 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-03-19 21:00 - 2016-02-23 14:19 - 00692688 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00020816 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-03-19 21:00 - 2016-02-23 14:20 - 00112592 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 01682760 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00020808 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00020800 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00021840 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00038696 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00020936 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00024528 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00114640 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00124880 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00021832 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00024016 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00175560 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00030160 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00043472 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00028616 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00048592 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00026456 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00057808 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00024016 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00117056 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00024392 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00036296 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\librsync.dll
2016-03-19 21:00 - 2016-03-11 20:18 - 00031568 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2016-03-19 21:00 - 2016-02-12 20:24 - 00293392 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2016-03-19 21:00 - 2016-03-11 20:18 - 00023376 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-03-19 21:00 - 2016-02-23 14:19 - 00134608 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-03-19 21:00 - 2016-02-23 14:19 - 00134088 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-03-19 21:00 - 2016-02-23 14:20 - 00240584 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00052024 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00020800 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00021824 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00019776 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00020800 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00020280 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-03-19 21:00 - 2016-02-23 14:21 - 00350152 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00022352 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00084792 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-03-19 21:00 - 2016-03-11 20:18 - 01826096 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-03-19 21:00 - 2016-02-23 14:20 - 00083912 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\sip.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 03928880 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 01971504 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00531248 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00132912 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00223544 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00207672 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00158008 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00042808 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-03-19 21:00 - 2016-02-23 14:23 - 00017864 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-03-19 21:00 - 2016-02-23 14:23 - 01631184 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-03-19 21:00 - 2016-03-11 20:18 - 00024904 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00546096 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-03-19 21:00 - 2016-03-11 20:18 - 00357680 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-03-19 21:00 - 2016-02-23 14:25 - 00697304 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-06 20:36 - 2015-07-06 20:36 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-10-07 01:49 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2014-02-04 18:28 - 2014-02-04 18:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-12-06 11:17 - 2015-12-06 11:17 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-04-04 23:37 - 2016-04-04 23:37 - 00153032 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2016-04-04 23:37 - 2016-04-04 23:37 - 00022472 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-02-02 11:48 - 00450856 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15462 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5849DA7A-7651-42A0-AE27-47B535423D9C}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{9143AB46-648A-4610-9B43-DA2B202B20DA}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{2904C90D-C309-4742-9E70-215CCFAC0C2C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{884AB406-6122-4215-BAA3-30F97FBAB87A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C67CF34D-6CFA-46BB-924E-DEA63E985FD5}] => (Allow) LPort=2869
FirewallRules: [{E1E88EF4-0503-4E65-9A50-50474A740FFB}] => (Allow) LPort=1900
FirewallRules: [{FAD7C97B-246B-4095-AB97-C1A902F1E38C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{033CF988-56E2-4C1C-83A3-B409FBFC4466}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{2770B272-CA87-42ED-947E-E4A0A3A68672}] => (Allow) C:\Users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5E0E7975-D350-42FE-9653-1E0C190221CF}] => (Allow) C:\Users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{674C1761-3DD2-420D-9CF5-E07D8616967C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3035677A-DA15-4F2C-9353-058866690DA0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{A217A5F7-42AE-465B-8E5B-91CAA3663C6E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{7506F602-2B2D-44FC-AEEF-B25C949AB8E1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{5D08D90E-E3D3-4080-B3B5-42D75C1B091F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{1D126AEE-BDBC-4355-B6B8-7F0F374B31FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{D1F4FEDD-079E-4116-B604-E8925FA1080A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{AD43DB9E-5C4E-4B7C-AA35-A8DAE0AB5196}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{5582B9F1-A184-41D0-A31D-4C3BFF954D62}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{54E501E0-00DB-4E90-A186-0F55224911B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{0FBDEE12-28B9-4912-81B5-E039BF9A7D10}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{19347D05-092A-45C1-AABB-EF46AA5CD9FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{A9E138F2-069C-4A8E-BC60-A1E6CEB39EFB}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{B7B710AD-2E9C-4236-87E2-8154D828065E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{8B58EC8A-F0A6-448A-9911-CD4A8DE586D8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{0869A248-C96F-4DBD-AAE8-A001CC2E9BCD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{EB53C540-2D11-4365-BDA9-0CC80826A306}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{D3ACDA1D-86AB-4816-A1E5-7D1B0C664461}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{B615C4DE-B61B-445B-BB83-6300AAAF2A4E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{323E3F37-3016-478F-B2E1-0A7A813E07E3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F9169EDC-694F-4482-8018-D973864DDA7E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E80C2CFB-EBF3-459D-8284-9EB8B2A6D3E3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{9CB796C4-D446-4F88-98F2-351873CC193F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{C66F8599-00AA-450C-AAB3-2C1F515971BA}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{78C630FA-A353-41F5-851A-64A6A551158C}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{E4D28E78-CB13-4773-9367-415F6CE27789}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{F2C17623-CA6B-4B7B-8143-53DBB2F46EED}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{7D47636B-625B-4BEB-8BEA-DFE7E22BA498}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{A303316C-DCCE-453C-B320-0648467EFC22}C:\users\brian\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\brian\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{CC10AEA6-27F3-4B5E-853C-4C499DB96DAB}C:\users\brian\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\brian\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{67F76E68-EDAD-4F59-8266-EFB93E994711}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{448EC3D8-0984-4509-BCCE-2860DDAF3DDD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{3D8C4105-FA55-43E5-BE08-2BFDC2CF35DC}C:\users\brian\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\brian\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8B3723C8-83AB-4840-8FBF-FB01ED5FAF50}C:\users\brian\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\brian\appdata\roaming\spotify\spotify.exe
FirewallRules: [{39F2C296-632C-4BFD-932D-8F70DAE2AA0A}] => (Block) C:\users\brian\appdata\roaming\spotify\spotify.exe
FirewallRules: [{643587B5-9F34-400E-9C9B-099B93293F58}] => (Block) C:\users\brian\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C72DDAE9-0483-4EB8-A4A6-0B89645E05F6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{2A1D1ADF-2332-4085-864E-B86FFDA3F956}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{B1E96839-932E-4544-AFF0-8DAABD69CF79}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{9971130F-A3CB-4DC6-B48D-8AFACC13BFF9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1270FD5D-3E18-488B-B313-6A98C4F0CE2B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{352A6D18-0C4C-4F49-9871-B57440EED50B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{DAF0B341-0A19-4F39-9FFD-81332AB18591}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{79132BC5-5EB9-46A3-80BE-8EF69E852CEE}C:\program files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [UDP Query User{020A02F1-87A5-4474-8D19-51A6DA6E2FF5}C:\program files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [TCP Query User{FABA1BA0-1953-418B-82E4-B1858973FD6E}C:\users\brian\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\brian\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{209D7979-373C-41CD-8317-A9AD93FCCA00}C:\users\brian\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\brian\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{4B63A058-9CFD-43C1-B426-1ED46E64635C}C:\users\brian\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\brian\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [UDP Query User{6F044FA4-9BA3-4A56-B4A0-80F555673C73}C:\users\brian\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\brian\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [{CFD5D39B-F17B-46D0-93B0-E4B5681C9BF4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{943A389E-5BF3-499C-8402-051E3FAFE325}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7EA7A666-5898-445F-82D5-21E4BF12E43A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E5A8A376-F8B2-4363-84ED-CE11CE67DFE8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F98C279F-083E-4526-BF8C-82FB260FE99E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D2C6C896-1924-4B5C-8B2A-A3165799FAF2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F612BE72-90FE-44F6-8A13-0E044532AB5D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2A071B04-AB7A-4F88-BBA0-B7444C7B713F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D45B2A1D-966C-453C-A401-97D1242EC3F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C8EA294-68CA-466D-8A0D-EA9D60CF1D94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1306E8EE-0C1F-437F-8499-24CC6B33CA27}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D450A37D-B105-434F-9110-6AC3410A5231}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E44ABF69-B3AD-4CD3-B4B4-380543072464}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{C63DFD15-1D86-489A-B90B-64E47D6E05F3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{7C28FA5E-70E1-4A94-8F8E-3AB0DA60499D}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{CA9CB561-F2E2-462E-9F29-24E6E6A50A9B}] => (Allow) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
FirewallRules: [{A717FB92-6EEA-46C9-8541-7FA18E83F316}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi64.exe
FirewallRules: [{E4C78DED-1EB3-4BA8-9B30-43901254D354}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{0EDFC878-A7AC-4D08-AFF4-6A02E261A72B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [TCP Query User{E1DC800E-FC4C-4963-88C6-3F116751CC8D}C:\users\brian\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\brian\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{DEAB2D11-A8B8-4516-959E-9130A0A435CF}C:\users\brian\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\brian\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [{32477994-4C0B-45AF-8C49-5E4F799CDFF1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{48E0BEDA-5DBE-45B1-9878-D9587B7C08FD}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

11-03-2016 05:44:03 Windows Update
20-03-2016 08:34:56 Scheduled Checkpoint
25-03-2016 05:48:02 Windows Update
06-04-2016 20:34:08 ASU_MSI_TRAN

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2016 08:33:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3383094

Error: (04/09/2016 08:33:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3383094

Error: (04/09/2016 08:33:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/09/2016 05:57:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BG)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/08/2016 08:27:21 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/08/2016 08:27:21 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/08/2016 05:15:10 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: aspnet_stateaspnet_counters.dll8

Error: (04/08/2016 05:15:10 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_4.0.30319aspnet_counters.dll8

Error: (04/08/2016 05:15:10 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NETaspnet_counters.dll8

Error: (04/08/2016 04:27:51 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (04/09/2016 05:59:29 AM) (Source: DCOM) (EventID: 10016) (User: BG)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}BGBrianS-1-5-21-4266057503-3983920057-3671705298-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (04/09/2016 05:59:16 AM) (Source: DCOM) (EventID: 10016) (User: BG)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}BGBrianS-1-5-21-4266057503-3983920057-3671705298-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (04/09/2016 05:57:25 AM) (Source: DCOM) (EventID: 10010) (User: BG)
Description: App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca

Error: (04/08/2016 08:22:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SoftshieldService service to connect.

Error: (04/08/2016 06:58:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1dfd1b5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/06/2016 06:44:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_e86d0a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/05/2016 09:33:02 PM) (Source: DCOM) (EventID: 10001) (User: BG)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXwmnqm0nvq2b90pwvr42qmtdjp7cj3w82.mca31App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mcaUnavailableUnavailable

Error: (04/04/2016 06:20:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_c4f3b8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/03/2016 09:57:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4e1f3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/03/2016 05:58:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SoftshieldService service to connect.


CodeIntegrity:
===================================
  Date: 2016-03-25 18:31:43.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-13 07:49:39.531
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-12 09:46:43.670
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-04 04:32:28.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-03 04:50:02.872
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-17 18:27:56.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-10 23:25:12.024
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-10 22:04:20.482
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-03 06:42:19.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-31 17:39:49.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 25%
Total physical RAM: 16225.41 MB
Available physical RAM: 12117.68 MB
Total Virtual: 17613.41 MB
Available Virtual: 13638.98 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:451.1 GB) (Free:117.47 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:2.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 017F2DB4)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

Link to post
Share on other sites

Hmm. Thanks for checking.  I recently upgraded to Win 10 (from Win 7) and have noticed that it runs really slow, especially with Firefox, which eats up a lot of memory, so slowly that I have trouble writing emails and scrolling webpages.  I had 4GB of RAM and upgraded to 16GB two weeks ago, but haven't seen much of a difference.  I read this article recently that Windows 10 compresses pages in memory and have looked at Windows forums and there seems to be no solution to this.  Some of the forums I looked at suggested that if FF is using a lot of memory it might also indicate a virus or malware.

Any suggestions on what I should do?  Are there any other sorts of tests that you could help me with (virus or OS) to diagnose what might be happening with my machine?  

Thanks for your help.

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.