Jump to content

DaiDawes

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Cardiff, UK
  1. Hi Kevin, I asked for this thread to be re-opened as I have a problem with my CPU usage being continually very high - running at 100% sometimes. This is what originally prompted me to run the MWB scan that detected the original infection and it improved after the Mindspark infection was removed. I'm not even sure I still have a problem but obviously something is causing the high CPU usage so would just like the benefit of your experience as I troubleshoot this problem. Here's the logs from the FRST scan I ran this morning. Regards Dave Addition.txt FRST.txt
  2. All sorted thanks Kevin, just made a small donation through Paypal so please keep an eye out for it.
  3. Hi Kevin, I think we're there now, been surfing for the last hour and monitoring the spyware, ran MBAM and it came out clean. Thanks very much for your help, couldn't have done it without you. Regards Dave
  4. Hi Kevin, Thanks for your continued support - looks like we still have 1 issue. Here's the logs you asked for, please let me know if you need anything else. Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016 Ran by Dave (06-09-2016 07:57:28) Run:1 Running from C:\Users\Dave\Desktop Loaded Profiles: Dave (Available Profiles: Dave & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: GHKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {3f802dee-6919-11e2-a303-e89a8ffca9b0} - "D:\AutoRun.exe" HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {d83995d4-6138-11e6-bdeb-9439e5917cfa} - "D:\AutoRun.exe" Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File U3 idsvc; no ImagePath R3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X] U3 wpcsvc; no ImagePath C:\Users\Dave\AppData\LocalLow\WinZipBar C:\Users\Dave\AppData\Local\Temp\iv_uninstall.exe EmptyTemp: Hosts: end ***************** Restore point was successfully created. Processes closed successfully. HKU\GS-1-5-21-3195402160-3620752181-2962431074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f802dee-6919-11e2-a303-e89a8ffca9b0} => key not found. HKCR\CLSID\{3f802dee-6919-11e2-a303-e89a8ffca9b0} => key not found. "HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d83995d4-6138-11e6-bdeb-9439e5917cfa}" => key removed successfully HKCR\CLSID\{d83995d4-6138-11e6-bdeb-9439e5917cfa} => key not found. HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. "HKCR\PROTOCOLS\Handler\WSWSVCUchrome" => key removed successfully idsvc => service removed successfully PCDSRVC{127174DC-C366ED8B-06020200}_0 => Unable to stop service. PCDSRVC{127174DC-C366ED8B-06020200}_0 => service removed successfully wpcsvc => service removed successfully C:\Users\Dave\AppData\LocalLow\WinZipBar => moved successfully C:\Users\Dave\AppData\Local\Temp\iv_uninstall.exe => moved successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24730772 B Java, Flash, Steam htmlcache => 24918 B Windows/system/drivers => 430499536 B Edge => 346655 B Chrome => 383499518 B Firefox => 396251612 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 48505115 B systemprofile32 => 128 B LocalService => 3273014 B NetworkService => 23431404 B Dave => 591542748 B DefaultAppPool => 0 B RecycleBin => 13769524959 B EmptyTemp: => 14.6 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 08:00:48 ==== # AdwCleaner v6.010 - Logfile created 06/09/2016 at 08:17:10 # Updated on 12/08/2016 by ToolsLib # Database : 2016-09-05.1 [Server] # Operating System : Windows 10 Pro (X64) # Username : Dave - DAVE-THINK # Running from : C:\Users\Dave\Desktop\AdwCleaner.exe # Mode: Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** [-] Service deleted: Suite Service ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Dave\AppData\Local\YSearchUtil [-] Folder deleted: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\FromDocToPDF_65 [-] Folder deleted: C:\ProgramData\apn [-] Folder deleted: C:\ProgramData\Ask [-] Folder deleted: C:\ProgramData\Partner [#] Folder deleted on reboot: C:\ProgramData\Application Data\apn [#] Folder deleted on reboot: C:\ProgramData\Application Data\Ask [#] Folder deleted on reboot: C:\ProgramData\Application Data\Partner [-] Folder deleted: C:\Program Files (x86)\ReImageCompanion [-] Folder deleted: C:\Program Files (x86)\Yahoo!\yset ***** [ Files ] ***** [-] File deleted: C:\WINDOWS\Reimage.ini ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\wit4ie.WitBHO [-] Key deleted: HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2 [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939} [-] Key deleted: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\BrowserCompanion [-] Key deleted: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Reimage [-] Key deleted: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\AppDataLow\Toolbar [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Blabbers [#] Key deleted on reboot: HKCU\Software\BrowserCompanion [#] Key deleted on reboot: HKCU\Software\Reimage [#] Key deleted on reboot: HKCU\Software\AppDataLow\Toolbar [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89EA4F1B8FBCDEF47AE328E455E28AA0 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97ECFF59EE08D4F47BB1464DEC37DA87 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CB937199A57E748B6AC433DA453EE2 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4E78E12704AFCE408C7FBE501F1AA0A [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0390A76D28822743A68D7F1AB22E6D0 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A5AC497E6BBC8D45BE8AD6619DA8217 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF [-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [CommonToolkitTray] [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CommonToolkitTray] [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\updatebho.DLL [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe [-] Key deleted: HKLM\SOFTWARE\Classes\f ***** [ Web browsers ] ***** [-] Chrome preferences cleaned: "extensions.toolbar.mindspark.lastInstalled" - "fromdoctopdf@mindspark.com" [-] [uk.ask.com] [Search Provider] Deleted: uk.ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [7510 Bytes] - [06/09/2016 08:17:10] C:\AdwCleaner\AdwCleaner[S0].txt - [7551 Bytes] - [06/09/2016 08:16:02] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7656 Bytes] ########## Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 06/09/2016 Scan Time: 08:23 Logfile: MBAM.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.09.06.02 Rootkit Database: v2016.08.15.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Dave Scan Type: Threat Scan Result: Completed Objects Scanned: 377911 Time Elapsed: 13 min, 6 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.MindSpark.Generic, C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\prefs.js, Good: (), Bad: (user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1437072598476");), Replaced,[eefc8de12278a4924477dbfea85c5ca4] Physical Sectors: 0 (No malicious items detected) (end)
  5. Hi Kevin, Thanks very much for the prompt reply. Think I've done everything you said but Malwarebytes is still showing the same infections - here's the logs you asked to see. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016 Ran by Dave (administrator) on DAVE-THINK (05-09-2016 21:05:19) Running from C:\Users\Dave\Desktop Loaded Profiles: Dave (Available Profiles: Dave & DefaultAppPool) Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe (Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe (Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe (Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe (Dragon Global) C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\FighterSuiteService.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\x64\LiveKitLoader64.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrcui.exe (PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrsysinfocpu_x86.p5x () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\System32\LockAppHost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-19] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [377304 2009-05-25] (Acronis) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-28] (Synaptics Incorporated) HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [146600 2015-07-28] (Synaptics) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.) HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo Group Limited) HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4359776 2009-05-25] (Acronis) HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [960616 2009-05-25] (Acronis) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-03-21] () HKLM-x32\...\Run: [CommonToolkitTray] => C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1696288 2015-02-27] (SPAMfighter ApS) HKLM-x32\...\Run: [sfagent] => C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe [1050656 2015-12-03] (SPAMfighter ApS) HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC) HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google) HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {3f802dee-6919-11e2-a303-e89a8ffca9b0} - "D:\AutoRun.exe" HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {d83995d4-6138-11e6-bdeb-9439e5917cfa} - "D:\AutoRun.exe" HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-03-20] ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{2030d55d-3156-470a-89b6-c023b848a1ef}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{83b2351b-def0-4a36-bbe7-bfa19d316a79}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enGB465 SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enGB465 SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {E5469FAC-5226-4BB3-87EA-F4C75B15AA0D} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-21] (Wondershare) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-04] (Oracle Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-04] (Oracle Corporation) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File FireFox: ======== FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918 FF DefaultSearchEngine: Yahoo.co.uk FF Homepage: hxxps://www.google.co.uk/?gfe_rd=cr&ei=8eixVYD7KMOHOraeqJgO FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] () FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.) FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-04] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3195402160-3620752181-2962431074-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-18] (Cisco WebEx LLC) FF Extension: (No Name) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [not found] FF Extension: (No Name) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [not found] FF Extension: (No Name) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [not found] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-09-02] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-09-02] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi => not found FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on => not found Chrome: ======= CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default CHR HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gmdfpnpdmnjaffhcdbobdjpolhpacaem] - C:\Program Files (x86)\ReImageCompanion\blabbers-ch.crx [2012-02-10] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] () S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.) R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-01-13] (Macrovision Europe Ltd.) [File not signed] R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 MCEBuddy2x; C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe [34304 2015-12-23] () [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor) R2 Sage 50 Accounts Control v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe [2396672 2016-05-16] (Sage (UK) Ltd.) [File not signed] R2 Sage 50 Accounts Service v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe [3474944 2016-05-16] (Sage (UK) Ltd.) [File not signed] R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed] R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2015-02-06] (Sage (UK) Limited) [File not signed] R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC) R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC) R2 ShowAnalyzerMaster; C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe [2136576 2010-06-05] (Dragon Global) [File not signed] R2 SPAMfighter Update Service; C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [216608 2015-12-03] (SPAMfighter ApS) R2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1282592 2015-11-13] (SPAMfighter ApS) R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-28] (Synaptics Incorporated) R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed] S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation) R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed] R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [256000 2010-12-22] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-05] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-28] (Synaptics Incorporated) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.) R0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [1462304 2015-11-19] (Acronis) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-09-05] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-05] (Zemana Ltd.) U3 idsvc; no ImagePath R3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X] U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-05 21:01 - 2016-09-05 21:01 - 00018394 _____ C:\Users\Dave\Desktop\Zemana20160905.txt 2016-09-05 19:07 - 2016-09-05 19:07 - 00002076 _____ C:\Users\Dave\Desktop\rkill.txt 2016-09-05 19:03 - 2016-09-05 19:04 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\iExplore.exe 2016-09-05 19:02 - 2016-09-05 19:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\rkill.com 2016-09-05 18:57 - 2016-09-05 18:58 - 00063502 _____ C:\Users\Dave\Desktop\Addition.txt 2016-09-05 18:56 - 2016-09-05 21:05 - 00027087 _____ C:\Users\Dave\Desktop\FRST.txt 2016-09-05 17:45 - 2016-09-05 17:45 - 02397696 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe 2016-09-05 17:26 - 2016-09-05 21:05 - 00301862 _____ C:\WINDOWS\ZAM.krnl.trace 2016-09-05 17:26 - 2016-09-05 21:05 - 00296305 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2016-09-05 17:26 - 2016-09-05 17:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2016-09-05 17:26 - 2016-09-05 17:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys 2016-09-05 17:26 - 2016-09-05 17:26 - 00001232 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2016-09-05 17:26 - 2016-09-05 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2016-09-05 17:26 - 2016-09-05 17:26 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2016-09-05 17:25 - 2016-09-05 17:25 - 00000000 ____D C:\Users\Dave\AppData\Local\Zemana 2016-09-05 17:24 - 2016-09-05 17:24 - 05292304 _____ ( ) C:\Users\Dave\Desktop\Zemana.AntiMalware.Setup.exe 2016-09-05 17:20 - 2016-09-05 17:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\rkill.exe 2016-09-05 06:41 - 2016-09-05 06:42 - 00065951 _____ C:\Users\Dave\Downloads\Addition.txt 2016-09-05 06:40 - 2016-09-05 21:04 - 00000000 ____D C:\FRST 2016-09-05 06:40 - 2016-09-05 06:42 - 00052321 _____ C:\Users\Dave\Downloads\FRST.txt 2016-09-05 06:38 - 2016-09-05 06:39 - 02397696 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe 2016-09-02 12:07 - 2016-09-04 11:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-09-01 14:50 - 2016-09-01 14:50 - 00801692 _____ C:\Users\Dave\Downloads\2016_FFS_Catalogue_page_101_Standard_Bag_Range_-_SB.pdf 2016-08-26 07:40 - 2016-08-26 07:40 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task 2016-08-26 07:39 - 2016-08-26 07:39 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Skype 2016-08-22 15:53 - 2016-08-22 15:53 - 00000010 _____ C:\Users\Dave\Desktop\Blas a Fronlas.txt 2016-08-11 15:24 - 2016-08-11 15:25 - 00111224 _____ C:\Users\Dave\Downloads\3196 Beveridge.pdf 2016-08-10 15:41 - 2016-08-10 15:41 - 04927969 _____ C:\Users\Dave\Downloads\Joint Administrators Progress Report 14.11.15 to 13.05.16.pdf 2016-08-10 15:29 - 2016-08-10 15:29 - 05081674 _____ C:\Users\Dave\Downloads\Joint Administrators Statement of Proposals.pdf 2016-08-10 11:33 - 2016-08-10 11:33 - 00059010 _____ C:\Users\Dave\Downloads\downloadfile(10).PDF 2016-08-10 11:32 - 2016-08-10 11:32 - 00058476 _____ C:\Users\Dave\Downloads\downloadfile(9).PDF 2016-08-10 11:31 - 2016-08-10 11:31 - 00060543 _____ C:\Users\Dave\Downloads\downloadfile(8).PDF 2016-08-10 11:29 - 2016-08-10 11:29 - 00058883 _____ C:\Users\Dave\Downloads\downloadfile(7).PDF 2016-08-10 11:28 - 2016-08-10 11:28 - 00054927 _____ C:\Users\Dave\Downloads\downloadfile(6).PDF 2016-08-10 10:14 - 2016-08-10 10:14 - 00000000 ____D C:\Users\Default\AppData\Local\Google 2016-08-10 10:14 - 2016-08-10 10:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Google 2016-08-10 10:11 - 2016-08-03 12:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-08-10 10:11 - 2016-08-03 12:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-08-10 10:11 - 2016-08-03 12:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-08-10 10:11 - 2016-08-03 11:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-08-10 10:11 - 2016-08-03 11:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-08-10 10:11 - 2016-08-03 11:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2016-08-10 10:11 - 2016-08-03 11:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-08-10 10:11 - 2016-08-03 11:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-08-10 10:11 - 2016-08-03 11:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-08-10 10:11 - 2016-08-03 11:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-08-10 10:11 - 2016-08-03 11:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-08-10 10:11 - 2016-08-03 11:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2016-08-10 10:11 - 2016-08-03 11:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-08-10 10:11 - 2016-08-03 11:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll 2016-08-10 10:11 - 2016-08-03 11:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-08-10 10:11 - 2016-08-03 11:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-08-10 10:11 - 2016-08-03 11:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-08-10 10:11 - 2016-08-03 11:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-08-10 10:11 - 2016-08-03 11:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2016-08-10 10:11 - 2016-08-03 11:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2016-08-10 10:11 - 2016-08-03 11:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-08-10 10:11 - 2016-08-03 11:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-08-10 10:11 - 2016-08-03 11:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-08-10 10:11 - 2016-08-03 11:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-08-10 10:11 - 2016-08-03 11:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-08-10 10:11 - 2016-08-03 11:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-08-10 10:11 - 2016-08-03 10:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe 2016-08-10 10:11 - 2016-08-03 10:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-08-10 10:11 - 2016-08-03 10:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-08-10 10:11 - 2016-08-03 10:45 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys 2016-08-10 10:11 - 2016-08-03 10:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-08-10 10:11 - 2016-08-03 10:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll 2016-08-10 10:11 - 2016-08-03 10:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2016-08-10 10:11 - 2016-08-03 10:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-08-10 10:11 - 2016-08-03 10:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys 2016-08-10 10:11 - 2016-08-03 10:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2016-08-10 10:11 - 2016-08-03 10:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2016-08-10 10:11 - 2016-08-03 10:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll 2016-08-10 10:11 - 2016-08-03 10:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys 2016-08-10 10:11 - 2016-08-03 10:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll 2016-08-10 10:11 - 2016-08-03 10:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll 2016-08-10 10:11 - 2016-08-03 10:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2016-08-10 10:11 - 2016-08-03 10:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2016-08-10 10:11 - 2016-08-03 10:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-08-10 10:11 - 2016-08-03 10:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2016-08-10 10:11 - 2016-08-03 10:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-08-10 10:11 - 2016-08-03 10:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-08-10 10:11 - 2016-08-03 10:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2016-08-10 10:11 - 2016-08-03 10:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-08-10 10:11 - 2016-08-03 10:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-08-10 10:11 - 2016-08-03 10:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2016-08-10 10:11 - 2016-08-03 10:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-08-10 10:11 - 2016-08-03 10:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2016-08-10 10:11 - 2016-08-03 10:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-08-10 10:11 - 2016-08-03 10:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2016-08-10 10:11 - 2016-08-03 10:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2016-08-10 10:11 - 2016-08-03 10:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2016-08-10 10:11 - 2016-08-03 10:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2016-08-10 10:11 - 2016-08-03 10:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe 2016-08-10 10:11 - 2016-08-03 10:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-08-10 10:11 - 2016-08-03 10:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-08-10 10:11 - 2016-08-03 10:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-08-10 10:11 - 2016-08-03 10:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-08-10 10:11 - 2016-08-03 10:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-08-10 10:11 - 2016-08-03 10:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2016-08-10 10:11 - 2016-08-03 10:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-08-10 10:11 - 2016-08-03 10:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2016-08-10 10:11 - 2016-08-03 10:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-08-10 10:11 - 2016-08-03 10:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2016-08-10 10:11 - 2016-08-03 10:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-08-10 10:11 - 2016-08-03 10:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-08-10 10:11 - 2016-08-03 10:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-08-10 10:11 - 2016-08-03 10:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2016-08-10 10:11 - 2016-08-03 10:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-08-10 10:11 - 2016-08-03 10:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-08-10 10:11 - 2016-08-03 10:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-08-10 10:11 - 2016-08-03 10:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-08-10 10:11 - 2016-08-03 10:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-08-10 10:11 - 2016-08-03 10:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-08-10 10:11 - 2016-08-03 10:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-08-10 10:11 - 2016-08-03 10:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-08-10 10:11 - 2016-08-03 10:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2016-08-10 10:11 - 2016-08-03 10:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-08-10 10:11 - 2016-08-03 10:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-08-10 10:11 - 2016-08-03 10:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-08-10 10:11 - 2016-08-03 10:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-08-10 10:11 - 2016-08-03 10:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-08-10 10:11 - 2016-08-03 10:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2016-08-10 10:11 - 2016-08-03 10:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-08-10 10:11 - 2016-08-03 10:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-08-10 10:11 - 2016-08-03 10:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2016-08-10 10:11 - 2016-08-03 10:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-08-10 10:11 - 2016-08-03 06:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2016-08-10 10:11 - 2016-08-03 06:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-08-10 10:11 - 2016-08-03 06:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-08-10 10:11 - 2016-08-03 06:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll 2016-08-10 10:11 - 2016-08-03 06:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-08-10 10:11 - 2016-08-03 06:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-08-10 10:11 - 2016-08-03 06:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-08-10 10:11 - 2016-08-03 06:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-08-10 10:11 - 2016-08-03 06:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-08-10 10:11 - 2016-08-03 06:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-08-10 10:11 - 2016-08-03 05:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe 2016-08-10 10:11 - 2016-08-03 05:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll 2016-08-10 10:11 - 2016-08-03 05:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-08-10 10:11 - 2016-08-03 05:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll 2016-08-10 10:11 - 2016-08-03 05:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll 2016-08-10 10:11 - 2016-08-03 05:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2016-08-10 10:11 - 2016-08-03 05:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll 2016-08-10 10:11 - 2016-08-03 05:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-08-10 10:11 - 2016-08-03 05:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-08-10 10:11 - 2016-08-03 05:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-08-10 10:11 - 2016-08-03 05:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2016-08-10 10:11 - 2016-08-03 05:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe 2016-08-10 10:11 - 2016-08-03 05:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-08-10 10:11 - 2016-08-03 05:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-08-10 10:11 - 2016-08-03 05:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-08-10 10:11 - 2016-08-03 05:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-08-10 10:11 - 2016-08-03 05:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-08-10 10:11 - 2016-08-03 05:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-08-10 10:11 - 2016-08-03 05:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-08-10 10:11 - 2016-08-03 05:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-08-10 10:11 - 2016-08-03 05:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-08-10 10:11 - 2016-08-03 05:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2016-08-10 10:11 - 2016-08-03 05:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-08-10 10:11 - 2016-08-03 05:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-08-10 10:11 - 2016-08-03 05:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-08-10 10:11 - 2016-08-03 05:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-08-10 10:11 - 2016-08-03 05:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2016-08-10 10:11 - 2016-08-03 05:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-08-10 10:11 - 2016-08-03 05:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-08-10 10:11 - 2016-08-03 05:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-08-10 10:11 - 2016-08-03 05:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-08-10 10:11 - 2016-08-03 05:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2016-08-10 10:11 - 2016-08-03 05:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-05 21:00 - 2012-03-21 17:22 - 00000000 ____D C:\Users\Dave\AppData\LocalLow\WinZipBar 2016-09-05 21:00 - 2012-02-16 18:05 - 00000000 ____D C:\Program Files (x86)\ReImageCompanion 2016-09-05 20:54 - 2012-01-06 00:01 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job 2016-09-05 20:09 - 2012-04-10 11:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-09-05 19:53 - 2014-05-19 10:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-09-05 19:28 - 2012-01-06 04:42 - 00000000 ____D C:\Users\Dave\Documents\Outlook Files 2016-09-05 19:28 - 2012-01-06 03:22 - 00000000 ____D C:\Users\Dave\Documents\Email Folders 2016-09-05 19:07 - 2016-04-16 02:31 - 00000000 ____D C:\Users\Dave 2016-09-05 19:00 - 2012-01-06 00:01 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job 2016-09-05 18:59 - 2014-10-17 15:47 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA.job 2016-09-05 18:53 - 2016-02-09 15:57 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-05 18:25 - 2016-05-10 14:32 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E5A19858-B5EF-4BC6-82B9-E98777E8C8AB} 2016-09-05 17:47 - 2016-07-28 17:23 - 00000000 ____D C:\Users\Dave\AppData\Local\Deployment 2016-09-05 15:59 - 2014-10-17 15:47 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core.job 2016-09-05 12:51 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-05 11:52 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-05 10:33 - 2016-04-16 02:31 - 01013760 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-09-05 10:33 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2016-09-04 11:20 - 2012-04-26 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-09-02 22:29 - 2016-07-05 06:42 - 00000000 ____D C:\Users\Dave\AppData\Roaming\foobar2000 2016-09-01 16:40 - 2012-01-05 20:30 - 00000000 ____D C:\Users\Dave\Documents\Pop's 2016-09-01 12:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-09-01 12:06 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-08-26 07:40 - 2016-04-16 07:30 - 00002416 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-26 07:40 - 2016-04-16 07:30 - 00000000 ___RD C:\Users\Dave\OneDrive 2016-08-24 11:50 - 2012-01-05 20:30 - 00000000 ____D C:\Users\Dave\Documents\QUOTES 2016-08-22 11:42 - 2016-06-01 15:20 - 00000000 ____D C:\Users\Dave\AppData\Local\HTC MediaHub 2016-08-22 11:41 - 2016-02-13 14:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-08-18 10:09 - 2016-04-28 15:54 - 00000000 ____D C:\Users\Dave\Desktop\Dave Poole 2016-08-17 09:04 - 2011-11-01 23:03 - 00000000 ____D C:\ProgramData\PCDr 2016-08-15 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache 2016-08-13 10:33 - 2016-02-13 14:22 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-08-12 10:11 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-08-12 10:10 - 2016-02-13 14:04 - 00000000 ____D C:\Program Files\Windows Journal 2016-08-12 10:10 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-08-10 10:20 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2016-08-10 10:20 - 2013-08-15 03:02 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-08-10 10:15 - 2012-01-07 17:55 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-08-10 10:14 - 2016-06-13 15:30 - 00002126 _____ C:\Users\Public\Desktop\Google Slides.lnk 2016-08-10 10:14 - 2016-06-13 15:30 - 00002124 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2016-08-10 10:14 - 2016-06-13 15:30 - 00002114 _____ C:\Users\Public\Desktop\Google Docs.lnk 2016-08-10 10:14 - 2016-06-13 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-08-08 20:16 - 2016-02-09 15:57 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ==================== Files in the root of some directories ======= 2012-01-09 12:59 - 2016-04-14 15:11 - 0079200 __RSH () C:\Program Files (x86)\DLS8Uninstall.log 2016-01-01 21:21 - 2016-02-28 23:10 - 0003584 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-01-20 10:27 - 2016-01-20 10:27 - 0000852 _____ () C:\Users\Dave\AppData\Local\recently-used.xbel 2015-09-21 14:51 - 2015-09-21 14:51 - 0007605 _____ () C:\Users\Dave\AppData\Local\Resmon.ResmonCfg 2012-08-16 11:49 - 2015-02-03 18:58 - 0006536 _____ () C:\ProgramData\hpzinstall.log 2013-03-24 21:15 - 2016-03-19 18:42 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys Some files in TEMP: ==================== C:\Users\Dave\AppData\Local\Temp\iv_uninstall.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-05 06:22 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016 Ran by Dave (05-09-2016 18:57:17) Running from C:\Users\Dave\Desktop Windows 10 Pro Version 1511 (X64) (2016-04-16 06:27:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3195402160-3620752181-2962431074-500 - Administrator - Disabled) Dave (S-1-5-21-3195402160-3620752181-2962431074-1000 - Administrator - Enabled) => C:\Users\Dave DefaultAccount (S-1-5-21-3195402160-3620752181-2962431074-503 - Limited - Disabled) Guest (S-1-5-21-3195402160-3620752181-2962431074-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3195402160-3620752181-2962431074-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3Connect (HKLM-x32\...\{A899DA1F-D626-401C-8651-F2921E3B4CB3}) (Version: 3.0.0 - 3 Mobile Broadband) 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden 7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov) Accounts (x32 Version: 15.0.11.159 - Sage (UK) Ltd) Hidden Accounts (x32 Version: 22.0.8.191 - Sage (UK) Ltd) Hidden Acronis True Image Home (HKLM-x32\...\{D1E0E859-F46D-4708-A41D-ED90C0C1822A}) (Version: 12.0.9770.9 - Acronis) Adobe Acrobat 8.1.0 Standard (HKLM-x32\...\Adobe Acrobat 8 Standard) (Version: 8.1.0 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Amazon Kindle (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) BBC iPlayer Downloads (HKLM-x32\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.910 - Broadcom Corporation) Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.882 - Corel Inc.) Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited) Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.) Email Verifier (HKLM-x32\...\Email Verifier) (Version: - Live Software Inc) Email Verifier (x32 Version: 6.2 - Live Software Inc) Hidden Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version: - ) Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION) Epson Network Guide WF-2540 Series (HKLM-x32\...\WF-2540 Series Netg) (Version: - ) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{C7AA3D65-1F84-4590-AFAA-0777A04B6687}) (Version: 4.4.1 - SEIKO EPSON CORPORATION) Epson User's Guide WF-2540 Series (HKLM-x32\...\WF-2540 Series Useg) (Version: - ) EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.) Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) ffdshow x64 v1.2.4422 [2012-04-09] (HKLM\...\ffdshow64_is1) (Version: 1.2.4422.0 - ) FileZilla Client 3.15.0.2 (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\FileZilla Client) (Version: 3.15.0.2 - Tim Kosse) Flixster Video (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\5cdf686a56bda3b1) (Version: 2.6.5.532 - Flixster Video) foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden GoToMeeting 5.1.0.880 (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline) Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - ) HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - ) HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard) HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation) HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.72.3 - HTC) Huawei modem (HKLM-x32\...\Huawei Modems) (Version: - ) Integrated Camera Driver Installer Package Ver.1.1.0.1132 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1132 - RICOH) Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.8.601 - Chicony Electronics Co.,Ltd.) Intel PROSet Wireless (x32 Version: - ) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) join.me (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\JoinMe) (Version: 1.5.2.225 - LogMeIn, Inc.) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - ) Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo) Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.) Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited) Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - ) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo) Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo) Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo) Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MCEBuddy 2.x (HKLM\...\{0D3796AA-D867-4278-AEBC-3616AD1F7C3A}) (Version: 2.4.3 - MCEBuddy) Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 48.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-GB)) (Version: 48.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.50.00 - ) OpenOffice.org 3.3 (HKLM-x32\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org) Parrot Software Update Tool (HKLM-x32\...\Parrot Flash Update Wizard) (Version: - ) Python 3.4.0 (64-bit) (HKLM\...\{863162a8-ecc2-35ea-bdf7-e09ac456e164}) (Version: 3.4.150 - Python Software Foundation) RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6418 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.) Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - ) ReImageCompanion (HKLM-x32\...\ReImageCompanion) (Version: - ) Sage 50 Accounts 2016 (HKLM-x32\...\InstallShield_{12CE83F7-1A7F-4728-91CA-99E7DF84B2DC}) (Version: 22.0.8.191 - Sage (UK) Ltd) Sage Report Designer Service Pack (HKLM-x32\...\{808E694F-2A5F-44A7-BA82-8431B866B2C1}) (Version: 1.00.0000 - Sage (UK) Ltd.) SBDDesktopUpdateInstaller (x32 Version: 12.1.586.0 - SBDDesktopUpdateInstaller) Hidden SDataConfigAddInInstaller (x32 Version: 12.1.586.0 - SDataConfigAddInInstaller) Hidden Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.2102.0 - Seagate) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) ShowAnalyzerSuite (HKLM-x32\...\{07C1B166-AAF2-4456-AE5F-48B20FD3124C}) (Version: 1.1.0.825 - Dragon Global) SPAMfighter (HKLM-x32\...\SPAMfighter) (Version: 7.6.127 - Spamfighter ApS) SPAMfighter (x32 Version: 7.6.127 - Spamfighter ApS) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated) System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.910 - Broadcom Corporation) ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - ) ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - ) ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo) ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo) ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo) ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo) ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL)) Windows Driver Package - Intel (iaStor) hdc (04/26/2011 10.5.0.1026) (HKLM\...\95D0E47871170F0763151CFD697BBAB47A5794F7) (Version: 04/26/2011 10.5.0.1026 - Intel) Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo) Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. ) Wondershare Video Converter Pro(Build 5.1.2.1) (HKLM-x32\...\Wondershare Video Converter Pro_is1) (Version: - Wondershare Software) Wondershare Video Converter Ultimate(Build 8.6.0.0) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.6.0.0 - Wondershare Software) Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.) Zebra Font Downloader (HKLM-x32\...\Zebra Font Downloader_is1) (Version: - Zebra Technologies Corporation) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.30.75 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\880\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {025100CE-B40D-4D78-8C2E-A6758C60EA3A} - System32\Tasks\{2FA8FDB8-84B2-407E-AC1A-8875605519FC} => pcalua.exe -a C:\Users\Dave\Downloads\iview433_setup.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {026C9C4D-4FB8-4B5C-9319-0579BAA87555} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {0A7E75F5-E831-4DB9-B61E-CDB39D6902A6} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe Task: {0A8AB43F-6889-4148-9675-F22349318104} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) Task: {0CEB39A4-E2EE-404A-89D1-64ADBEEA8C5C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {0D12E138-D7F3-4DE3-851F-896D8297FD0E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {0E9F1406-6743-4497-85B5-7AF39793C57B} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited) Task: {0EFA0EAC-0540-4137-BBF5-2F3859A5661E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {0F3D2144-5143-4334-B51F-E209ADA72B68} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {0FE1D425-1D15-43F8-8EA5-7695EC49DFB1} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {14C099FC-B7D4-42F2-9A48-05F2B786D68F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {19B9ABF8-BC5F-445E-AA77-287D5DBA0497} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Task: {1E99479F-3750-4C72-9176-1E117EE9961A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {3EAC044C-C34E-455E-B719-F8F6C34B741D} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] () Task: {43C70501-D3D4-4D08-8501-E10BD4F89756} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {4CB00FE0-BAAF-46A8-A3C2-F73C69316F1C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {4E03F021-2B72-473C-AE44-F804F8DAEC70} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {51376539-ABC9-4D03-BA8C-B8967D76978B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {55241966-A525-483A-80B3-912957AB1D5B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {56619721-81E9-49ED-A050-5094B93782BB} - System32\Tasks\Dave Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC) Task: {5BA07DE9-AFE8-4F78-BA8C-DD084C955095} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {5D5CEC7B-FC3A-4AAF-9C92-77DF02A658C0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {61417B3F-2CC4-4FA8-B26F-D9C44F81318C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {65DB5A20-74D3-46BB-A32A-9BDA3F100D58} - System32\Tasks\Dave DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-04-01] (Seagate Technology LLC) Task: {6620AE60-7FD9-4C82-852A-4C59BE211304} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {662ECEAF-F6BA-481B-A344-7AA752D9490C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated) Task: {6D8247F1-2793-44EA-8594-F74737F2A75E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {6DCB8BD8-D83A-4FAE-84EA-FEF20138898F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {771C96B0-BC46-464D-BCB1-C4AF59762D9D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {7E1AFEE1-5456-4446-A289-F41BACA1048A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-17] (Facebook Inc.) Task: {81B9AE31-23E3-4E62-BCFF-F4E245BF02F6} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {83B34BC5-9FCE-462B-ACEB-592DB222E2E0} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe Task: {85D9FB2A-01B3-4DA1-8DAA-1EF2938CE7C1} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.) Task: {8A6F6665-22CB-4A09-87C6-E04B977D0151} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {8D992057-8332-4078-8BDE-FC3A0D83F724} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {8DE947D3-87DC-41DD-B782-A39D05263B9D} - System32\Tasks\{BDF3DD27-5A11-4B25-89A9-4CEBDE54BF79} => pcalua.exe -a C:\Users\Dave\Downloads\irfanview_plugins_433_setup.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {91514B03-773A-4B09-B637-F20DB0705B70} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-04-01] (Seagate Technology LLC) Task: {9A10568E-EB4E-42D6-AB55-366BD62AE7A8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {9E93A860-00F8-4062-8F99-75269EBAE193} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.) Task: {A1B491D2-3F94-4DA5-950F-B488DE727980} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {A57CDDA4-929F-4106-A334-0367875C4063} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {A77339F7-9E91-45E2-81FF-D30DFAFEB80C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {B98AD9BE-6531-4B0B-B301-990AD31F4EBD} - System32\Tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeReminderTask => C:\Windows\System32\GWX\GWX.exe Task: {BD0F2DBF-36AA-4CD1-86B5-0758730FD504} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {BD13DE06-B699-47D0-9469-B0D784E0E16C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {BEACC2AB-B5D6-4D05-9E9D-B26FEC6ADFEA} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-26] (Microsoft Corporation) Task: {C1C3DBB7-C0B9-4B42-81DE-B2CBFFA219D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.) Task: {C1EFA083-82CB-48E2-AFA6-EF54CD6BD435} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-17] (Facebook Inc.) Task: {C421AFD3-E9F2-44A7-BEC8-03ACB2E8E28C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {C45474CF-15F0-49CD-BF60-72A528EEF111} - System32\Tasks\Dave => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC) Task: {C74BCBA9-4357-4035-BB16-6475F1BE322D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {CBF5BBC6-8397-42A6-8C88-968311A3945A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {CE47A082-0881-4AA7-A508-83DDCD3488D0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {CF1FD201-2A91-48C3-AB31-C90B2F545229} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-23] (Lenovo) Task: {D12D668E-7504-4B5B-8A9D-4613DDA2EAB1} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.) Task: {D409AD90-4D25-425E-87E3-FAA0945408F3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {D8D937D2-8E84-4F41-AA15-368D19A4AD0A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {D98C6D61-054B-41BE-BF91-67CCD7846385} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {DCBC3E82-9F51-4DC6-98B2-385D39468667} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {E8C08136-AC9B-4B45-981B-62FEB3BB1B71} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {EF19F11F-F341-48CA-B4EF-EE727F3EC5D8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {F030A6A8-E074-454D-B7A5-A6AB8E738883} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {F18F7729-813E-4E68-A7A9-6640A12FDF5F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {FD6F1A6C-4A40-4B8E-BBB6-1704E1DA0857} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-01-11 13:42 - 2010-01-28 14:47 - 01737464 _____ () C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe 2015-12-23 18:59 - 2015-12-23 18:59 - 00034304 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe 2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-07-13 12:42 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2011-11-01 22:54 - 2011-08-31 19:03 - 00045568 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL 2016-07-13 12:42 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-08-26 07:40 - 2016-08-26 07:40 - 01864384 _____ () C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll 2016-02-13 13:54 - 2016-02-13 13:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-13 12:43 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-07-13 12:42 - 2016-07-01 04:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-13 12:42 - 2016-07-01 04:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-13 12:42 - 2016-07-01 04:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-13 12:42 - 2016-07-01 04:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2011-11-01 22:51 - 2010-10-26 21:40 - 00049056 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe 2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-04-19 10:26 - 2016-04-19 10:26 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-03-09 14:40 - 2016-03-09 14:40 - 00030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll 2016-06-03 15:37 - 2016-06-03 15:37 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll 2016-03-09 14:40 - 2016-03-09 14:40 - 00059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll 2016-03-09 14:40 - 2016-03-09 14:40 - 00035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll 2016-03-09 14:40 - 2016-03-09 14:40 - 00079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll 2016-03-09 14:41 - 2016-03-09 14:41 - 00129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll 2016-03-09 14:42 - 2016-03-09 14:42 - 00223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll 2015-08-13 17:21 - 2016-05-16 16:52 - 01382048 ____N () C:\Program Files (x86)\Sage\AccountsServiceV22\cpprest100_1_2.dll 2011-11-01 22:54 - 2011-08-31 19:03 - 00081920 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMROV.DLL 2016-08-26 07:39 - 2016-08-26 07:39 - 01383616 _____ () C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll 2016-08-26 07:40 - 2016-08-26 07:40 - 00118976 _____ () C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll 2015-12-03 11:29 - 2015-12-03 11:29 - 00541216 _____ () C:\Program Files (x86)\Fighters\SPAMfighter\sfsg.dll 2015-12-03 11:28 - 2015-12-03 11:28 - 00966688 _____ () C:\Program Files (x86)\Fighters\SPAMfighter\sfse.dll 2016-04-19 10:26 - 2016-04-19 10:26 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 10:26 - 2016-04-19 10:26 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2016-02-12 16:50 - 00000851 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Think\Think_Blue.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ALCKRESI.EXE => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: DBAgent => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart MSCONFIG\startupreg: DLSService => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" MSCONFIG\startupreg: DymoQuickPrint => "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: Facebook Update => "C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe MSCONFIG\startupreg: LTT => C:\Program Files\PC-Doctor\EnableToolbarW32.exe MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TpShocks => TpShocks.exe MSCONFIG\startupreg: Uploader => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe HKLM\...\StartupApproved\Run32: => "PWMTRV" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\StartupApproved\Run: => "Uploader" HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\StartupApproved\Run: => "GoogleDriveSync" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [UDP Query User{E2FBDC54-2BD2-4FD3-83B9-89925871466F}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe FirewallRules: [TCP Query User{F03878F2-D27A-455D-9C1D-17ADE2CDC137}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe FirewallRules: [UDP Query User{B566473A-961C-475B-9D48-65FE51766D54}C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe] => (Block) C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe FirewallRules: [TCP Query User{00164986-4ED2-4D0A-99F4-AD34190C1CA8}C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe] => (Block) C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe FirewallRules: [{6AD08CC3-B4C6-45AA-BC35-C35AD9F27AF5}] => (Block) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe FirewallRules: [{57D6181C-9E90-46CF-AAD8-69045167EF34}] => (Block) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe FirewallRules: [UDP Query User{9B650AB8-D643-479D-A632-1AF4891871FC}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe FirewallRules: [TCP Query User{AA1A1DE4-CD34-40F9-A0D2-8F5EBF02FAA3}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe FirewallRules: [{3B105B4A-6DB1-4561-9B19-9E842D49014D}] => (Block) C:\xampp\apache\bin\httpd.exe FirewallRules: [{A5175E7B-DA04-4DE9-AEFE-E909E6A8EB27}] => (Block) C:\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{E6BA0614-CA91-4274-B02E-1EDC42F145B1}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{F54E9E43-78D0-4A94-AD26-6F31DB412C51}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [{C2553B23-8199-4F41-B792-A7F71D7A298D}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe FirewallRules: [{4D60A337-930B-4A77-8FA9-FA0D31C78D71}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe FirewallRules: [UDP Query User{1BA5E64F-1CAD-45CD-9537-B22B723D525A}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\medialibserver.exe FirewallRules: [TCP Query User{B0EC78D1-D462-4D9F-BA1B-8EB4D252B467}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\medialibserver.exe FirewallRules: [UDP Query User{BA841123-3947-4841-95D8-EE33E87B11BA}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe FirewallRules: [TCP Query User{BB885D48-C5AB-4121-A4E0-58D9D8EAB17B}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe FirewallRules: [{C93C135A-3482-479B-87C5-1795DA23D5C6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B4AB97BC-DC0B-4DD4-B16B-A76032398898}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{19AFD58A-3067-4E57-8C4A-840B35BB1818}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C9E630E1-0810-4385-89E3-96F4C5B08FB1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{0733DDB6-B2AD-4FEA-A22E-E7C2B7B56346}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A30DB4AF-CB2A-4DC3-9624-125CBFA22728}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{F20D6ABD-07EC-4F8D-A72D-D005E494A2EA}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe FirewallRules: [TCP Query User{97F3A88A-1414-4D35-8AF2-F6BDD4B6F359}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe FirewallRules: [{68E306F1-9816-4C84-BBFB-1C9E602C8607}] => (Allow) LPort=8888 FirewallRules: [UDP Query User{C3631B32-6194-4B92-A2B0-CE9E1E559D0F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{3B06458C-2AAB-434C-B167-36091779A20D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{1705E34A-85E2-4F96-A769-C327FB10BBFD}C:\users\dave\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dave\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{821E65EC-3B6D-4DEF-95A9-78004FFE9160}C:\users\dave\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dave\appdata\roaming\spotify\spotify.exe FirewallRules: [{AB45CA04-0DE9-46FA-8FE9-294238B2F34E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{36FB540E-8280-4AA6-BB81-1623E15DACFB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{94AC206C-61AF-4B4A-A56D-20B5D1800CBB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{F8E78B8E-D59F-44FE-9319-6584D2C3090A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{C7C33E5D-1098-4623-9C5B-F83D7290D0BB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{31363357-B278-4306-B6DC-BF50EA8C6EF0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{DA00CE47-176C-495F-ADCC-ECCE207A1990}] => (Allow) G:\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [{F7A7A8C2-C96D-4831-A45F-A764F87592DD}] => (Allow) G:\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [{2541487E-5EDB-4CC7-BB13-63BF356F41C2}] => (Allow) C:\Users\Dave\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{8D6AD0CD-234C-4D29-973A-335962ADD84D}] => (Allow) LPort=8888 FirewallRules: [UDP Query User{31D7E403-50B4-417D-A6A1-9815278C42AD}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe FirewallRules: [TCP Query User{2CA8C855-19B9-476C-9A6C-912F88E0A842}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe FirewallRules: [UDP Query User{684C0FB3-876E-4F35-8270-9C14ACDF7CAB}C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe FirewallRules: [TCP Query User{83B9B898-3962-4CBB-8746-CBE6AC3728F7}C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe FirewallRules: [{EDDADA75-5EBF-4697-BC46-F01BF22B77D4}] => (Allow) C:\Users\Dave\AppData\Local\Temp\7zS4A15\HPDiagnosticCoreUI.exe FirewallRules: [{7D2E151C-EA7A-44CD-89CE-863DC3E874F2}] => (Allow) C:\Users\Dave\AppData\Local\Temp\7zS4A15\HPDiagnosticCoreUI.exe FirewallRules: [UDP Query User{DA04391C-5E3C-4662-A160-E8024F42A0C9}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe FirewallRules: [TCP Query User{6E0C638D-BC1A-431E-97FF-5C3DD3B44EA2}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe FirewallRules: [{062E0EC3-1A5D-45AC-8DE3-E4FDC5C4CB49}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{C628E08C-AB5D-45B6-8300-D07D87441395}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{FFF66738-8DDD-4122-A03D-1BEB25CB8450}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{8E54B49A-B4CE-4AD9-A46B-87676F6EE16B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{65B33B26-6A29-4604-AE59-039308C46B5E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{970AB776-EF40-4358-BFBD-86CCC1064300}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{1DBA06E0-8C69-432B-B8C1-EF95C60D1BDD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe FirewallRules: [{49E373F4-5F6E-46A5-BF2F-C24C8E8621C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe FirewallRules: [{DC466A1D-6C59-4D68-BED4-904090D4B094}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe FirewallRules: [{093D17F8-A204-4A34-90B9-AC10DC25D21C}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe FirewallRules: [{6D46DE04-5A8A-400A-B3E3-08F3462B3B24}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{9FBD5A68-D783-4173-BCC8-8036DDAFC5D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{911D4B1F-41C5-4DA7-87C0-E34BFA47AF80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{D1DCBE46-027B-49C2-A8E3-0E06B1D647E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [TCP Query User{7B8D5D5C-220B-4B70-ADC8-EA529F9AFAA3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [UDP Query User{71D2E034-7422-4C84-B9D3-49CBB270E735}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [TCP Query User{24D50A94-0B6C-4C21-951A-D95E146F7302}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe FirewallRules: [UDP Query User{67D20E17-D1C3-4153-99A4-6B0599FE1DB7}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe FirewallRules: [TCP Query User{C10FC48D-E6E5-480E-B34A-620C92CD2DE9}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu\medialibserver.exe FirewallRules: [UDP Query User{DFB80BC7-2950-429C-A878-8960CCAE140B}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu\medialibserver.exe FirewallRules: [{DA843970-1DAF-465E-853D-B3B512DD701D}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe FirewallRules: [{5495F6C3-AA50-4FB3-9CAB-D0CACDA0A72A}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe FirewallRules: [{A19FB1B6-43DD-4EFB-B153-F6DBCD0F4B45}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{9453DA5B-57C5-4A7F-ACAE-275F60D97764}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe FirewallRules: [{6DE4A561-BE88-44CC-B95A-91D362DDECE7}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe ==================== Restore Points ========================= 18-08-2016 09:35:42 Scheduled Checkpoint 26-08-2016 07:43:52 Windows Update 01-09-2016 12:06:48 Windows Update ==================== Faulty Device Manager Devices ============= Name: Unknown USB Device (Device Descriptor Request Failed) Description: Unknown USB Device (Device Descriptor Request Failed) Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (09/05/2016 05:49:07 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:07:0000)(214504) enumerator - Error -- 116 pcdrsysinfosystemboard: Module timed out after 120895 milliseconds and was terminated Error: (09/05/2016 05:49:07 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:07:0000)(214504) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec. Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:06:9960)(214504) libCommon.System.Windows - Error -- 726 execAndGetPipeData(./pcdrsysinfosystemboard.p5x) readFromPipeTimed failed, killing: 211080 Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:06:9960)(214504) libCommon.System.Windows - Error -- 635 readFromPipeTimed(1200) timed out after 119998 totalBytes: 0 Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:06:9250)(214504) enumerator - Error -- 116 pcdrsysinfodirect: Module timed out after 120820 milliseconds and was terminated Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:06:9250)(214504) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec. Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:06:9210)(214504) libCommon.System.Windows - Error -- 726 execAndGetPipeData(./pcdrsysinfodirect.p5x) readFromPipeTimed failed, killing: 208504 Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:06:9210)(214504) libCommon.System.Windows - Error -- 635 readFromPipeTimed(1208) timed out after 119999 totalBytes: 0 Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:06:9090)(214504) enumerator - Error -- 116 pcdrsysinfocpu_x86: Module timed out after 120803 milliseconds and was terminated Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:06:9080)(214504) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec. System errors: ============= Error: (09/05/2016 06:43:28 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 Error: (09/05/2016 06:43:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_10af742e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/05/2016 06:43:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_10af742e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/05/2016 06:43:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_10af742e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/05/2016 06:43:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_10af742e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/04/2016 10:03:55 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_f7aacdd service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_f7aacdd service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_f7aacdd service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_f7aacdd service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-09-05 18:17:57.757 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 18:17:57.744 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 18:17:51.818 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 18:17:51.805 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 18:17:50.396 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 18:17:50.383 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 18:17:50.364 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 18:17:50.352 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 18:17:48.343 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 18:17:48.328 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz Percentage of memory in use: 50% Total physical RAM: 8032.48 MB Available physical RAM: 4010.78 MB Total Virtual: 16224.48 MB Available Virtual: 11537.36 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:221.31 GB) (Free:59.51 GB) NTFS ==>[system with boot components (obtained from drive)] Drive y: () (Network) (Total:2778.53 GB) (Free:1336.9 GB) Drive z: () (Network) (Total:2778.53 GB) (Free:1336.9 GB) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 223.6 GB) (Disk ID: 000297F0) Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=221.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Rkill 2.8.4 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2016 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 09/05/2016 07:06:36 PM in x64 mode. Windows Version: Windows 10 Pro Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 09/05/2016 07:06:43 PM Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s) Zemana AntiMalware 2.30.2.75 (Installed) ------------------------------------------------------- Scan Result : Terminated Scan Date : 2016/9/5 Operating System : Windows 10 64-bit Processor : 4X Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz BIOS Mode : Legacy CUID : 121DDA6369C1AD6D3CE737 Scan Type : Deep Scan Duration : 112m 43s Scanned Objects : 255132 Detected Objects : 38 Excluded Objects : 0 Read Level : SCSI Auto Upload : Enabled Detect All Extensions : Enabled Scan Documents : Disabled Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- Firefox Hello Beta Status : Scanned Object : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\loop@mozilla.org.xpi MD5 : 8923003ACCA092A8EE8939B52C7531B0 Publisher : - Size : 2034437 Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Firefox Hello Beta File - %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\loop@mozilla.org.xpi Pocket Status : Scanned Object : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\firefox@getpocket.com.xpi MD5 : 42910AD54D5C1E030808FE0871BF87B1 Publisher : - Size : 781661 Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Pocket File - %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\firefox@getpocket.com.xpi Multi-process staged rollout Status : Scanned Object : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\e10srollout@mozilla.org.xpi MD5 : 57E44B5FBC1A39AEAFF4371DDF725E6D Publisher : - Size : 6321 Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Multi-process staged rollout File - %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\e10srollout@mozilla.org.xpi Default Status : Scanned Object : %programfiles%\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi MD5 : 5F6005F321AB0B2E80B661E6DFFD6934 Publisher : - Size : 4854 Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Default File - %programfiles%\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi Pocket Status : Scanned Object : %programfiles%\mozilla firefox\browser\features\firefox@getpocket.com.xpi MD5 : 2C73674F65CCD66C8B610A5CCDA038C2 Publisher : - Size : 671328 Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Pocket File - %programfiles%\mozilla firefox\browser\features\firefox@getpocket.com.xpi Multi-process staged rollout Status : Scanned Object : %programfiles%\mozilla firefox\browser\features\e10srollout@mozilla.org.xpi MD5 : E62C969ACC15E9815778D3D036407775 Publisher : - Size : 2306 Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Multi-process staged rollout File - %programfiles%\mozilla firefox\browser\features\e10srollout@mozilla.org.xpi Firefox Hello Status : Scanned Object : %programfiles%\mozilla firefox\browser\features\loop@mozilla.org.xpi MD5 : 18791CC68C80EA2D72E5D8051515E742 Publisher : - Size : 1668877 Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Firefox Hello File - %programfiles%\mozilla firefox\browser\features\loop@mozilla.org.xpi Awesome Screenshot - Capture, Annotate & More Status : Scanned Object : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\extensions\jid0-gxjllfbcoax0lcltedfrekqdqpi@jetpack.xpi MD5 : 184025D226B688B5439012DBDF0372D9 Publisher : - Size : 1935062 Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Awesome Screenshot - Capture, Annotate & More File - %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\extensions\jid0-gxjllfbcoax0lcltedfrekqdqpi@jetpack.xpi E-Web Print Status : Scanned Object : %programfiles%\epson software\e-web print\firefox add-on MD5 : - Publisher : - Size : - Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - E-Web Print Wondershare Video Converter Ultimate Status : Scanned Object : %allusersprofile%\wondershare\video converter ultimate\wsvcu@wondershare.com_xpi MD5 : - Publisher : - Size : - Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Wondershare Video Converter Ultimate MeasureIt Status : Scanned Object : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\extensions\{75ceee46-9b64-46f8-94bf-54012de155f0}.xpi MD5 : E1C03C04E1B6E8C5D1FFFADB1B120899 Publisher : - Size : 35538 Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - MeasureIt File - %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\extensions\{75ceee46-9b64-46f8-94bf-54012de155f0}.xpi ColorZilla Status : Scanned Object : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326} MD5 : - Publisher : - Size : - Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - ColorZilla Logitech SetPoint Status : Scanned Object : %programw6432%\logitech\setpointp\logismoothfirefoxext MD5 : - Publisher : - Size : - Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Logitech SetPoint Chrome Media Router Status : Scanned Object : %localappdata%\google\chrome\user data\default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm MD5 : - Publisher : - Size : - Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Chrome Media Router Gmail Status : Scanned Object : %localappdata%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia MD5 : - Publisher : - Size : - Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Gmail Chrome Web Store Payments Status : Scanned Object : %localappdata%\google\chrome\user data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda MD5 : - Publisher : - Size : - Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Chrome Web Store Payments Google Docs Offline Status : Scanned Object : %localappdata%\google\chrome\user data\default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi MD5 : - Publisher : - Size : - Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Google Docs Offline Google Sheets Status : Scanned Object : %localappdata%\google\chrome\user data\default\extensions\felcaaldnbdncclmgdcncolpebgiejap MD5 : - Publisher : - Size : - Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Google Sheets Google Search Status : Scanned Object : %localappdata%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf MD5 : - Publisher : - Size : - Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Google Search YouTube Status : Scanned Object : %localappdata%\google\chrome\user data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo MD5 : - Publisher : - Size : - Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - YouTube Google Drive Status : Scanned Object : %localappdata%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf MD5 : - Publisher : - Size : - Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Google Drive Google Docs Status : Scanned Object : %localappdata%\google\chrome\user data\default\extensions\aohghmighlieiainnegkcijnfilokake MD5 : - Publisher : - Size : - Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Google Docs Google Slides Status : Scanned Object : %localappdata%\google\chrome\user data\default\extensions\aapocclcgogkmnckokdopfmhonfmgoek MD5 : - Publisher : - Size : - Version : - Detection : Browser Extension Cleaning Action : Repair Related Objects : Browser Extension - Google Slides hk64tbWin2.dll Status : Scanned Object : %localappdata%\low\winzipbar\hk64tbwin2.dll MD5 : 0CDCB4B27180B1E7106CA7807B944454 Publisher : Conduit Ltd. Size : 1255712 Version : 6.17.0.33 Detection : Win32/Adware.Conduit!Ep Cleaning Action : Quarantine Related Objects : File - %localappdata%\low\winzipbar\hk64tbwin2.dll tbWinZ.dll Status : Scanned Object : %localappdata%\low\winzipbar\tbwinz.dll MD5 : 2D2894581D355D5F44EAE38898A66846 Publisher : Conduit Ltd. Size : 4398888 Version : 6.8.5.1 Detection : Win32/Adware.Conduit!Ep Cleaning Action : Quarantine Related Objects : File - %localappdata%\low\winzipbar\tbwinz.dll tbWin2.dll Status : Scanned Object : %localappdata%\low\winzipbar\tbwin2.dll MD5 : 01799DEF4EE217264F0ABD2CCF1BEFF5 Publisher : Conduit Ltd. Size : 5171488 Version : 6.17.0.33 Detection : Win32/Adware.Conduit!Ep Cleaning Action : Quarantine Related Objects : File - %localappdata%\low\winzipbar\tbwin2.dll tbWin1.dll Status : Scanned Object : %localappdata%\low\winzipbar\tbwin1.dll MD5 : 0F8BB38E6192828380AF1773C03442E9 Publisher : Conduit Ltd. Size : 2914080 Version : 6.17.0.33 Detection : Win32/Adware.Conduit!Ep Cleaning Action : Quarantine Related Objects : File - %localappdata%\low\winzipbar\tbwin1.dll tbWin0.dll Status : Scanned Object : %localappdata%\low\winzipbar\tbwin0.dll MD5 : 73406FA9287B36CA4163797C73A2CD04 Publisher : Conduit Ltd. Size : 4451144 Version : 6.9.0.16 Detection : Win32/Adware.Conduit!Ep Cleaning Action : Quarantine Related Objects : File - %localappdata%\low\winzipbar\tbwin0.dll ldrtbWinZ.dll Status : Scanned Object : %localappdata%\low\winzipbar\ldrtbwinz.dll MD5 : 76B3946090C94BB38DBBCA54AC8FF9F7 Publisher : Conduit Ltd. Size : 263464 Version : 1.0.4.1 Detection : Win32/Adware.Conduit!Ep Cleaning Action : Quarantine Related Objects : File - %localappdata%\low\winzipbar\ldrtbwinz.dll ldrtbWin2.dll Status : Scanned Object : %localappdata%\low\winzipbar\ldrtbwin2.dll MD5 : 2A48A0CD819728A99B8EA8114F84FED1 Publisher : Conduit Ltd. Size : 333088 Version : 6.17.0.33 Detection : Win32/Adware.Conduit!Ep Cleaning Action : Quarantine Related Objects : File - %localappdata%\low\winzipbar\ldrtbwin2.dll ldrtbWin0.dll Status : Scanned Object : %localappdata%\low\winzipbar\ldrtbwin0.dll MD5 : CE49528C9B0B3B3018EE2F70E76B362A Publisher : Conduit Ltd. Size : 267592 Version : 2.1.0.11 Detection : Win32/Adware.Conduit!Ep Cleaning Action : Quarantine Related Objects : File - %localappdata%\low\winzipbar\ldrtbwin0.dll hktbWin2.dll Status : Scanned Object : %localappdata%\low\winzipbar\hktbwin2.dll MD5 : B4AC04FF97BCF208B4C6074423349C78 Publisher : Conduit Ltd. Size : 1058592 Version : 6.17.0.33 Detection : Win32/Adware.Conduit!Ep Cleaning Action : Quarantine Related Objects : File - %localappdata%\low\winzipbar\hktbwin2.dll chromeNPAPI.dll Status : Scanned Object : %temp%\scoped_dir_244152_22576\crx_install\chromenpapi.dll MD5 : 4C2F5C8A58562D7A362FF1020320618E Publisher : Blabbers Communications Ltd Size : 97072 Version : 1.0.0.0 Detection : Adware:Win32/Blabber!Ep Cleaning Action : Quarantine Related Objects : File - %temp%\scoped_dir_244152_22576\crx_install\chromenpapi.dll prxtbWinZ.dll Status : Scanned Object : %programfiles%\winzipbar\prxtbwinz.dll MD5 : 4C163BD2A5905D18893EE311608E8C54 Publisher : Conduit Ltd. Size : 176936 Version : 6.4.0.0 Detection : Win32/Adware.Conduit!Ep Cleaning Action : Quarantine Related Objects : File - %programfiles%\winzipbar\prxtbwinz.dll toolbar.dll Status : Scanned Object : %programfiles%\reimagecompanion\toolbar.dll MD5 : AF584069AB7A0C6FD1CB8012D35137F8 Publisher : Reimage Limited Size : 127864 Version : 1.0.2.1 Detection : Scareware:Win32/NonBeneficialOptimizer!Ep Cleaning Action : Quarantine Related Objects : File - %programfiles%\reimagecompanion\toolbar.dll widgetserv.exe Status : Scanned Object : %programfiles%\reimagecompanion\widgetserv.exe MD5 : EEC50AD751919DA5C0B8EC3EEC2A996F Publisher : Reimage Limited Size : 219000 Version : 1.0.2.2 Detection : Scareware:Win32/NonBeneficialOptimizer!Ep Cleaning Action : Quarantine Related Objects : File - %programfiles%\reimagecompanion\widgetserv.exe sqlite3.dll Status : Scanned Object : %programfiles%\reimagecompanion\sqlite3.dll MD5 : C658763A2328B37B505071499BC72202 Publisher : Reimage Limited Size : 367528 Version : - Detection : Scareware:Win32/NonBeneficialOptimizer!Ep Cleaning Action : Quarantine Related Objects : File - %programfiles%\reimagecompanion\sqlite3.dll SARegProxy.exe Status : Scanned Object : %programfiles%\dragon global\showanalyzersuite\saregproxy.exe MD5 : 20A31030102828C1430C14D991193DB1 Publisher : - Size : 1627136 Version : - Detection : Malware:Win32/Tamaca!Ikea Cleaning Action : Quarantine Related Objects : File - %programfiles%\dragon global\showanalyzersuite\saregproxy.exe Cleaning Result ------------------------------------------------------- Cleaned : 38 Reported as safe : 0 Failed : 0 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016 Ran by Dave (administrator) on DAVE-THINK (05-09-2016 21:05:19) Running from C:\Users\Dave\Desktop Loaded Profiles: Dave (Available Profiles: Dave & DefaultAppPool) Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe (Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe (Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe (Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe (Dragon Global) C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\FighterSuiteService.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\x64\LiveKitLoader64.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrcui.exe (PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrsysinfocpu_x86.p5x () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\System32\LockAppHost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-19] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [377304 2009-05-25] (Acronis) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-28] (Synaptics Incorporated) HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [146600 2015-07-28] (Synaptics) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.) HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo Group Limited) HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4359776 2009-05-25] (Acronis) HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [960616 2009-05-25] (Acronis) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-03-21] () HKLM-x32\...\Run: [CommonToolkitTray] => C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1696288 2015-02-27] (SPAMfighter ApS) HKLM-x32\...\Run: [sfagent] => C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe [1050656 2015-12-03] (SPAMfighter ApS) HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC) HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google) HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {3f802dee-6919-11e2-a303-e89a8ffca9b0} - "D:\AutoRun.exe" HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {d83995d4-6138-11e6-bdeb-9439e5917cfa} - "D:\AutoRun.exe" HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-03-20] ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{2030d55d-3156-470a-89b6-c023b848a1ef}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{83b2351b-def0-4a36-bbe7-bfa19d316a79}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enGB465 SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enGB465 SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {E5469FAC-5226-4BB3-87EA-F4C75B15AA0D} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-21] (Wondershare) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-04] (Oracle Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-04] (Oracle Corporation) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File FireFox: ======== FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918 FF DefaultSearchEngine: Yahoo.co.uk FF Homepage: hxxps://www.google.co.uk/?gfe_rd=cr&ei=8eixVYD7KMOHOraeqJgO FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] () FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.) FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-04] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3195402160-3620752181-2962431074-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-18] (Cisco WebEx LLC) FF Extension: (No Name) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [not found] FF Extension: (No Name) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [not found] FF Extension: (No Name) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [not found] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-09-02] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-09-02] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi => not found FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on => not found Chrome: ======= CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default CHR HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gmdfpnpdmnjaffhcdbobdjpolhpacaem] - C:\Program Files (x86)\ReImageCompanion\blabbers-ch.crx [2012-02-10] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] () S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.) R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-01-13] (Macrovision Europe Ltd.) [File not signed] R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 MCEBuddy2x; C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe [34304 2015-12-23] () [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor) R2 Sage 50 Accounts Control v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe [2396672 2016-05-16] (Sage (UK) Ltd.) [File not signed] R2 Sage 50 Accounts Service v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe [3474944 2016-05-16] (Sage (UK) Ltd.) [File not signed] R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed] R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2015-02-06] (Sage (UK) Limited) [File not signed] R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC) R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC) R2 ShowAnalyzerMaster; C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe [2136576 2010-06-05] (Dragon Global) [File not signed] R2 SPAMfighter Update Service; C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [216608 2015-12-03] (SPAMfighter ApS) R2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1282592 2015-11-13] (SPAMfighter ApS) R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-28] (Synaptics Incorporated) R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed] S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation) R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed] R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [256000 2010-12-22] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-05] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-28] (Synaptics Incorporated) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.) R0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [1462304 2015-11-19] (Acronis) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-09-05] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-05] (Zemana Ltd.) U3 idsvc; no ImagePath R3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X] U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-05 21:01 - 2016-09-05 21:01 - 00018394 _____ C:\Users\Dave\Desktop\Zemana20160905.txt 2016-09-05 19:07 - 2016-09-05 19:07 - 00002076 _____ C:\Users\Dave\Desktop\rkill.txt 2016-09-05 19:03 - 2016-09-05 19:04 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\iExplore.exe 2016-09-05 19:02 - 2016-09-05 19:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\rkill.com 2016-09-05 18:57 - 2016-09-05 18:58 - 00063502 _____ C:\Users\Dave\Desktop\Addition.txt 2016-09-05 18:56 - 2016-09-05 21:05 - 00027087 _____ C:\Users\Dave\Desktop\FRST.txt 2016-09-05 17:45 - 2016-09-05 17:45 - 02397696 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe 2016-09-05 17:26 - 2016-09-05 21:05 - 00301862 _____ C:\WINDOWS\ZAM.krnl.trace 2016-09-05 17:26 - 2016-09-05 21:05 - 00296305 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2016-09-05 17:26 - 2016-09-05 17:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2016-09-05 17:26 - 2016-09-05 17:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys 2016-09-05 17:26 - 2016-09-05 17:26 - 00001232 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2016-09-05 17:26 - 2016-09-05 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2016-09-05 17:26 - 2016-09-05 17:26 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2016-09-05 17:25 - 2016-09-05 17:25 - 00000000 ____D C:\Users\Dave\AppData\Local\Zemana 2016-09-05 17:24 - 2016-09-05 17:24 - 05292304 _____ ( ) C:\Users\Dave\Desktop\Zemana.AntiMalware.Setup.exe 2016-09-05 17:20 - 2016-09-05 17:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\rkill.exe 2016-09-05 06:41 - 2016-09-05 06:42 - 00065951 _____ C:\Users\Dave\Downloads\Addition.txt 2016-09-05 06:40 - 2016-09-05 21:04 - 00000000 ____D C:\FRST 2016-09-05 06:40 - 2016-09-05 06:42 - 00052321 _____ C:\Users\Dave\Downloads\FRST.txt 2016-09-05 06:38 - 2016-09-05 06:39 - 02397696 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe 2016-09-02 12:07 - 2016-09-04 11:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-09-01 14:50 - 2016-09-01 14:50 - 00801692 _____ C:\Users\Dave\Downloads\2016_FFS_Catalogue_page_101_Standard_Bag_Range_-_SB.pdf 2016-08-26 07:40 - 2016-08-26 07:40 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task 2016-08-26 07:39 - 2016-08-26 07:39 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Skype 2016-08-22 15:53 - 2016-08-22 15:53 - 00000010 _____ C:\Users\Dave\Desktop\Blas a Fronlas.txt 2016-08-11 15:24 - 2016-08-11 15:25 - 00111224 _____ C:\Users\Dave\Downloads\3196 Beveridge.pdf 2016-08-10 15:41 - 2016-08-10 15:41 - 04927969 _____ C:\Users\Dave\Downloads\Joint Administrators Progress Report 14.11.15 to 13.05.16.pdf 2016-08-10 15:29 - 2016-08-10 15:29 - 05081674 _____ C:\Users\Dave\Downloads\Joint Administrators Statement of Proposals.pdf 2016-08-10 11:33 - 2016-08-10 11:33 - 00059010 _____ C:\Users\Dave\Downloads\downloadfile(10).PDF 2016-08-10 11:32 - 2016-08-10 11:32 - 00058476 _____ C:\Users\Dave\Downloads\downloadfile(9).PDF 2016-08-10 11:31 - 2016-08-10 11:31 - 00060543 _____ C:\Users\Dave\Downloads\downloadfile(8).PDF 2016-08-10 11:29 - 2016-08-10 11:29 - 00058883 _____ C:\Users\Dave\Downloads\downloadfile(7).PDF 2016-08-10 11:28 - 2016-08-10 11:28 - 00054927 _____ C:\Users\Dave\Downloads\downloadfile(6).PDF 2016-08-10 10:14 - 2016-08-10 10:14 - 00000000 ____D C:\Users\Default\AppData\Local\Google 2016-08-10 10:14 - 2016-08-10 10:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Google 2016-08-10 10:11 - 2016-08-03 12:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-08-10 10:11 - 2016-08-03 12:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-08-10 10:11 - 2016-08-03 12:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-08-10 10:11 - 2016-08-03 11:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-08-10 10:11 - 2016-08-03 11:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-08-10 10:11 - 2016-08-03 11:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2016-08-10 10:11 - 2016-08-03 11:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-08-10 10:11 - 2016-08-03 11:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-08-10 10:11 - 2016-08-03 11:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-08-10 10:11 - 2016-08-03 11:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-08-10 10:11 - 2016-08-03 11:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-08-10 10:11 - 2016-08-03 11:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2016-08-10 10:11 - 2016-08-03 11:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-08-10 10:11 - 2016-08-03 11:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll 2016-08-10 10:11 - 2016-08-03 11:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-08-10 10:11 - 2016-08-03 11:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-08-10 10:11 - 2016-08-03 11:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-08-10 10:11 - 2016-08-03 11:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-08-10 10:11 - 2016-08-03 11:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2016-08-10 10:11 - 2016-08-03 11:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2016-08-10 10:11 - 2016-08-03 11:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-08-10 10:11 - 2016-08-03 11:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-08-10 10:11 - 2016-08-03 11:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-08-10 10:11 - 2016-08-03 11:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-08-10 10:11 - 2016-08-03 11:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-08-10 10:11 - 2016-08-03 11:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-08-10 10:11 - 2016-08-03 10:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe 2016-08-10 10:11 - 2016-08-03 10:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-08-10 10:11 - 2016-08-03 10:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-08-10 10:11 - 2016-08-03 10:45 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys 2016-08-10 10:11 - 2016-08-03 10:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-08-10 10:11 - 2016-08-03 10:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll 2016-08-10 10:11 - 2016-08-03 10:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2016-08-10 10:11 - 2016-08-03 10:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-08-10 10:11 - 2016-08-03 10:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys 2016-08-10 10:11 - 2016-08-03 10:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2016-08-10 10:11 - 2016-08-03 10:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2016-08-10 10:11 - 2016-08-03 10:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll 2016-08-10 10:11 - 2016-08-03 10:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys 2016-08-10 10:11 - 2016-08-03 10:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll 2016-08-10 10:11 - 2016-08-03 10:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll 2016-08-10 10:11 - 2016-08-03 10:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2016-08-10 10:11 - 2016-08-03 10:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2016-08-10 10:11 - 2016-08-03 10:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-08-10 10:11 - 2016-08-03 10:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2016-08-10 10:11 - 2016-08-03 10:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-08-10 10:11 - 2016-08-03 10:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-08-10 10:11 - 2016-08-03 10:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2016-08-10 10:11 - 2016-08-03 10:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-08-10 10:11 - 2016-08-03 10:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-08-10 10:11 - 2016-08-03 10:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2016-08-10 10:11 - 2016-08-03 10:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-08-10 10:11 - 2016-08-03 10:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2016-08-10 10:11 - 2016-08-03 10:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-08-10 10:11 - 2016-08-03 10:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2016-08-10 10:11 - 2016-08-03 10:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2016-08-10 10:11 - 2016-08-03 10:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2016-08-10 10:11 - 2016-08-03 10:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2016-08-10 10:11 - 2016-08-03 10:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe 2016-08-10 10:11 - 2016-08-03 10:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-08-10 10:11 - 2016-08-03 10:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-08-10 10:11 - 2016-08-03 10:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-08-10 10:11 - 2016-08-03 10:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-08-10 10:11 - 2016-08-03 10:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-08-10 10:11 - 2016-08-03 10:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2016-08-10 10:11 - 2016-08-03 10:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-08-10 10:11 - 2016-08-03 10:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2016-08-10 10:11 - 2016-08-03 10:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-08-10 10:11 - 2016-08-03 10:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2016-08-10 10:11 - 2016-08-03 10:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-08-10 10:11 - 2016-08-03 10:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-08-10 10:11 - 2016-08-03 10:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-08-10 10:11 - 2016-08-03 10:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2016-08-10 10:11 - 2016-08-03 10:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-08-10 10:11 - 2016-08-03 10:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-08-10 10:11 - 2016-08-03 10:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-08-10 10:11 - 2016-08-03 10:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-08-10 10:11 - 2016-08-03 10:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-08-10 10:11 - 2016-08-03 10:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-08-10 10:11 - 2016-08-03 10:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-08-10 10:11 - 2016-08-03 10:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-08-10 10:11 - 2016-08-03 10:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2016-08-10 10:11 - 2016-08-03 10:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-08-10 10:11 - 2016-08-03 10:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-08-10 10:11 - 2016-08-03 10:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-08-10 10:11 - 2016-08-03 10:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-08-10 10:11 - 2016-08-03 10:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-08-10 10:11 - 2016-08-03 10:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2016-08-10 10:11 - 2016-08-03 10:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-08-10 10:11 - 2016-08-03 10:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-08-10 10:11 - 2016-08-03 10:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2016-08-10 10:11 - 2016-08-03 10:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-08-10 10:11 - 2016-08-03 06:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2016-08-10 10:11 - 2016-08-03 06:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-08-10 10:11 - 2016-08-03 06:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-08-10 10:11 - 2016-08-03 06:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll 2016-08-10 10:11 - 2016-08-03 06:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-08-10 10:11 - 2016-08-03 06:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-08-10 10:11 - 2016-08-03 06:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-08-10 10:11 - 2016-08-03 06:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-08-10 10:11 - 2016-08-03 06:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-08-10 10:11 - 2016-08-03 06:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-08-10 10:11 - 2016-08-03 05:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe 2016-08-10 10:11 - 2016-08-03 05:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll 2016-08-10 10:11 - 2016-08-03 05:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-08-10 10:11 - 2016-08-03 05:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll 2016-08-10 10:11 - 2016-08-03 05:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll 2016-08-10 10:11 - 2016-08-03 05:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2016-08-10 10:11 - 2016-08-03 05:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll 2016-08-10 10:11 - 2016-08-03 05:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-08-10 10:11 - 2016-08-03 05:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-08-10 10:11 - 2016-08-03 05:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-08-10 10:11 - 2016-08-03 05:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2016-08-10 10:11 - 2016-08-03 05:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe 2016-08-10 10:11 - 2016-08-03 05:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-08-10 10:11 - 2016-08-03 05:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-08-10 10:11 - 2016-08-03 05:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-08-10 10:11 - 2016-08-03 05:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-08-10 10:11 - 2016-08-03 05:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-08-10 10:11 - 2016-08-03 05:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-08-10 10:11 - 2016-08-03 05:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-08-10 10:11 - 2016-08-03 05:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-08-10 10:11 - 2016-08-03 05:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-08-10 10:11 - 2016-08-03 05:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2016-08-10 10:11 - 2016-08-03 05:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-08-10 10:11 - 2016-08-03 05:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-08-10 10:11 - 2016-08-03 05:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-08-10 10:11 - 2016-08-03 05:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-08-10 10:11 - 2016-08-03 05:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2016-08-10 10:11 - 2016-08-03 05:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-08-10 10:11 - 2016-08-03 05:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-08-10 10:11 - 2016-08-03 05:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-08-10 10:11 - 2016-08-03 05:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-08-10 10:11 - 2016-08-03 05:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2016-08-10 10:11 - 2016-08-03 05:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-05 21:00 - 2012-03-21 17:22 - 00000000 ____D C:\Users\Dave\AppData\LocalLow\WinZipBar 2016-09-05 21:00 - 2012-02-16 18:05 - 00000000 ____D C:\Program Files (x86)\ReImageCompanion 2016-09-05 20:54 - 2012-01-06 00:01 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job 2016-09-05 20:09 - 2012-04-10 11:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-09-05 19:53 - 2014-05-19 10:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-09-05 19:28 - 2012-01-06 04:42 - 00000000 ____D C:\Users\Dave\Documents\Outlook Files 2016-09-05 19:28 - 2012-01-06 03:22 - 00000000 ____D C:\Users\Dave\Documents\Email Folders 2016-09-05 19:07 - 2016-04-16 02:31 - 00000000 ____D C:\Users\Dave 2016-09-05 19:00 - 2012-01-06 00:01 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job 2016-09-05 18:59 - 2014-10-17 15:47 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA.job 2016-09-05 18:53 - 2016-02-09 15:57 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-05 18:25 - 2016-05-10 14:32 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E5A19858-B5EF-4BC6-82B9-E98777E8C8AB} 2016-09-05 17:47 - 2016-07-28 17:23 - 00000000 ____D C:\Users\Dave\AppData\Local\Deployment 2016-09-05 15:59 - 2014-10-17 15:47 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core.job 2016-09-05 12:51 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-05 11:52 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-05 10:33 - 2016-04-16 02:31 - 01013760 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-09-05 10:33 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2016-09-04 11:20 - 2012-04-26 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-09-02 22:29 - 2016-07-05 06:42 - 00000000 ____D C:\Users\Dave\AppData\Roaming\foobar2000 2016-09-01 16:40 - 2012-01-05 20:30 - 00000000 ____D C:\Users\Dave\Documents\Pop's 2016-09-01 12:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-09-01 12:06 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-08-26 07:40 - 2016-04-16 07:30 - 00002416 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-26 07:40 - 2016-04-16 07:30 - 00000000 ___RD C:\Users\Dave\OneDrive 2016-08-24 11:50 - 2012-01-05 20:30 - 00000000 ____D C:\Users\Dave\Documents\QUOTES 2016-08-22 11:42 - 2016-06-01 15:20 - 00000000 ____D C:\Users\Dave\AppData\Local\HTC MediaHub 2016-08-22 11:41 - 2016-02-13 14:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-08-18 10:09 - 2016-04-28 15:54 - 00000000 ____D C:\Users\Dave\Desktop\Dave Poole 2016-08-17 09:04 - 2011-11-01 23:03 - 00000000 ____D C:\ProgramData\PCDr 2016-08-15 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache 2016-08-13 10:33 - 2016-02-13 14:22 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-08-12 10:11 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-08-12 10:10 - 2016-02-13 14:04 - 00000000 ____D C:\Program Files\Windows Journal 2016-08-12 10:10 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-08-10 10:20 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2016-08-10 10:20 - 2013-08-15 03:02 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-08-10 10:15 - 2012-01-07 17:55 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-08-10 10:14 - 2016-06-13 15:30 - 00002126 _____ C:\Users\Public\Desktop\Google Slides.lnk 2016-08-10 10:14 - 2016-06-13 15:30 - 00002124 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2016-08-10 10:14 - 2016-06-13 15:30 - 00002114 _____ C:\Users\Public\Desktop\Google Docs.lnk 2016-08-10 10:14 - 2016-06-13 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-08-08 20:16 - 2016-02-09 15:57 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ==================== Files in the root of some directories ======= 2012-01-09 12:59 - 2016-04-14 15:11 - 0079200 __RSH () C:\Program Files (x86)\DLS8Uninstall.log 2016-01-01 21:21 - 2016-02-28 23:10 - 0003584 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-01-20 10:27 - 2016-01-20 10:27 - 0000852 _____ () C:\Users\Dave\AppData\Local\recently-used.xbel 2015-09-21 14:51 - 2015-09-21 14:51 - 0007605 _____ () C:\Users\Dave\AppData\Local\Resmon.ResmonCfg 2012-08-16 11:49 - 2015-02-03 18:58 - 0006536 _____ () C:\ProgramData\hpzinstall.log 2013-03-24 21:15 - 2016-03-19 18:42 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys Some files in TEMP: ==================== C:\Users\Dave\AppData\Local\Temp\iv_uninstall.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-05 06:22 ==================== End of FRST.txt ============================ Any other suggestions please?
  6. Thanks to Pondus for the info regarding the log files - think these are the right ones now. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016 Ran by Dave (administrator) on DAVE-THINK (05-09-2016 06:40:41) Running from C:\Users\Dave\Downloads Loaded Profiles: Dave (Available Profiles: Dave & DefaultAppPool) Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe (Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe (Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe (Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe (Dragon Global) C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\FighterSuiteService.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\x64\LiveKitLoader64.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrcui.exe (Microsoft Corporation) C:\Windows\System32\LockAppHost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-19] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [377304 2009-05-25] (Acronis) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-28] (Synaptics Incorporated) HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [146600 2015-07-28] (Synaptics) HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo Group Limited) HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4359776 2009-05-25] (Acronis) HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [960616 2009-05-25] (Acronis) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-03-21] () HKLM-x32\...\Run: [CommonToolkitTray] => C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1696288 2015-02-27] (SPAMfighter ApS) HKLM-x32\...\Run: [sfagent] => C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe [1050656 2015-12-03] (SPAMfighter ApS) HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC) HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google) HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {3f802dee-6919-11e2-a303-e89a8ffca9b0} - "D:\AutoRun.exe" HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {d83995d4-6138-11e6-bdeb-9439e5917cfa} - "D:\AutoRun.exe" HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-03-20] ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{2030d55d-3156-470a-89b6-c023b848a1ef}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{83b2351b-def0-4a36-bbe7-bfa19d316a79}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enGB465 SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enGB465 SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {E5469FAC-5226-4BB3-87EA-F4C75B15AA0D} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-21] (Wondershare) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-04] (Oracle Corporation) BHO-x32: ReImage Browser Helper -> {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} -> C:\Program Files (x86)\ReImageCompanion\jsloader.dll [2012-02-09] (ReImage) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-04] (Oracle Corporation) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File FireFox: ======== FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918 FF DefaultSearchEngine: Yahoo.co.uk FF Homepage: hxxps://www.google.co.uk/?gfe_rd=cr&ei=8eixVYD7KMOHOraeqJgO FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] () FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.) FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-04] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3195402160-3620752181-2962431074-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-18] (Cisco WebEx LLC) FF Extension: (ColorZilla) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-09-06] FF Extension: (MeasureIt) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2016-03-16] FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2016-04-16] FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-08-03] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-09-02] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-09-02] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-25] [not signed] FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-07-05] [not signed] Chrome: ======= CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-09] CHR Extension: (Google Docs) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-09] CHR Extension: (Google Drive) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-09] CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-09] CHR Extension: (Google Search) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09] CHR Extension: (Google Sheets) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-09] CHR Extension: (Google Docs Offline) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-04] CHR Extension: (ReImage Browser Helper) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmdfpnpdmnjaffhcdbobdjpolhpacaem [2016-02-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-04] CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-09] CHR Extension: (Chrome Media Router) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-02] CHR HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gmdfpnpdmnjaffhcdbobdjpolhpacaem] - C:\Program Files (x86)\ReImageCompanion\blabbers-ch.crx [2012-02-10] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] () S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.) R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-01-13] (Macrovision Europe Ltd.) [File not signed] R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 MCEBuddy2x; C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe [34304 2015-12-23] () [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor) R2 Sage 50 Accounts Control v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe [2396672 2016-05-16] (Sage (UK) Ltd.) [File not signed] R2 Sage 50 Accounts Service v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe [3474944 2016-05-16] (Sage (UK) Ltd.) [File not signed] R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed] R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2015-02-06] (Sage (UK) Limited) [File not signed] R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC) R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC) R2 ShowAnalyzerMaster; C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe [2136576 2010-06-05] (Dragon Global) [File not signed] R2 SPAMfighter Update Service; C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [216608 2015-12-03] (SPAMfighter ApS) R2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1282592 2015-11-13] (SPAMfighter ApS) R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-28] (Synaptics Incorporated) R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed] S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation) R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [256000 2010-12-22] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-05] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-28] (Synaptics Incorporated) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.) R0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [1462304 2015-11-19] (Acronis) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare) U3 idsvc; no ImagePath R3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X] U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-05 06:40 - 2016-09-05 06:41 - 00029037 _____ C:\Users\Dave\Downloads\FRST.txt 2016-09-05 06:40 - 2016-09-05 06:40 - 00000000 ____D C:\FRST 2016-09-05 06:38 - 2016-09-05 06:39 - 02397696 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe 2016-09-02 12:07 - 2016-09-04 11:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-09-01 14:50 - 2016-09-01 14:50 - 00801692 _____ C:\Users\Dave\Downloads\2016_FFS_Catalogue_page_101_Standard_Bag_Range_-_SB.pdf 2016-08-26 07:40 - 2016-08-26 07:40 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task 2016-08-26 07:39 - 2016-08-26 07:39 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Skype 2016-08-22 15:53 - 2016-08-22 15:53 - 00000010 _____ C:\Users\Dave\Desktop\Blas a Fronlas.txt 2016-08-11 15:24 - 2016-08-11 15:25 - 00111224 _____ C:\Users\Dave\Downloads\3196 Beveridge.pdf 2016-08-10 15:41 - 2016-08-10 15:41 - 04927969 _____ C:\Users\Dave\Downloads\Joint Administrators Progress Report 14.11.15 to 13.05.16.pdf 2016-08-10 15:29 - 2016-08-10 15:29 - 05081674 _____ C:\Users\Dave\Downloads\Joint Administrators Statement of Proposals.pdf 2016-08-10 11:33 - 2016-08-10 11:33 - 00059010 _____ C:\Users\Dave\Downloads\downloadfile(10).PDF 2016-08-10 11:32 - 2016-08-10 11:32 - 00058476 _____ C:\Users\Dave\Downloads\downloadfile(9).PDF 2016-08-10 11:31 - 2016-08-10 11:31 - 00060543 _____ C:\Users\Dave\Downloads\downloadfile(8).PDF 2016-08-10 11:29 - 2016-08-10 11:29 - 00058883 _____ C:\Users\Dave\Downloads\downloadfile(7).PDF 2016-08-10 11:28 - 2016-08-10 11:28 - 00054927 _____ C:\Users\Dave\Downloads\downloadfile(6).PDF 2016-08-10 10:14 - 2016-08-10 10:14 - 00000000 ____D C:\Users\Default\AppData\Local\Google 2016-08-10 10:14 - 2016-08-10 10:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Google 2016-08-10 10:11 - 2016-08-03 12:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-08-10 10:11 - 2016-08-03 12:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-08-10 10:11 - 2016-08-03 12:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-08-10 10:11 - 2016-08-03 11:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-08-10 10:11 - 2016-08-03 11:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-08-10 10:11 - 2016-08-03 11:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2016-08-10 10:11 - 2016-08-03 11:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-08-10 10:11 - 2016-08-03 11:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-08-10 10:11 - 2016-08-03 11:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-08-10 10:11 - 2016-08-03 11:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-08-10 10:11 - 2016-08-03 11:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-08-10 10:11 - 2016-08-03 11:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2016-08-10 10:11 - 2016-08-03 11:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-08-10 10:11 - 2016-08-03 11:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll 2016-08-10 10:11 - 2016-08-03 11:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-08-10 10:11 - 2016-08-03 11:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-08-10 10:11 - 2016-08-03 11:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-08-10 10:11 - 2016-08-03 11:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-08-10 10:11 - 2016-08-03 11:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2016-08-10 10:11 - 2016-08-03 11:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2016-08-10 10:11 - 2016-08-03 11:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-08-10 10:11 - 2016-08-03 11:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-08-10 10:11 - 2016-08-03 11:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-08-10 10:11 - 2016-08-03 11:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-08-10 10:11 - 2016-08-03 11:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-08-10 10:11 - 2016-08-03 11:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-08-10 10:11 - 2016-08-03 10:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe 2016-08-10 10:11 - 2016-08-03 10:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-08-10 10:11 - 2016-08-03 10:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-08-10 10:11 - 2016-08-03 10:45 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys 2016-08-10 10:11 - 2016-08-03 10:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-08-10 10:11 - 2016-08-03 10:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll 2016-08-10 10:11 - 2016-08-03 10:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2016-08-10 10:11 - 2016-08-03 10:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-08-10 10:11 - 2016-08-03 10:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys 2016-08-10 10:11 - 2016-08-03 10:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2016-08-10 10:11 - 2016-08-03 10:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2016-08-10 10:11 - 2016-08-03 10:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll 2016-08-10 10:11 - 2016-08-03 10:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys 2016-08-10 10:11 - 2016-08-03 10:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll 2016-08-10 10:11 - 2016-08-03 10:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll 2016-08-10 10:11 - 2016-08-03 10:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2016-08-10 10:11 - 2016-08-03 10:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2016-08-10 10:11 - 2016-08-03 10:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-08-10 10:11 - 2016-08-03 10:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2016-08-10 10:11 - 2016-08-03 10:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-08-10 10:11 - 2016-08-03 10:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-08-10 10:11 - 2016-08-03 10:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2016-08-10 10:11 - 2016-08-03 10:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-08-10 10:11 - 2016-08-03 10:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-08-10 10:11 - 2016-08-03 10:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2016-08-10 10:11 - 2016-08-03 10:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-08-10 10:11 - 2016-08-03 10:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2016-08-10 10:11 - 2016-08-03 10:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-08-10 10:11 - 2016-08-03 10:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2016-08-10 10:11 - 2016-08-03 10:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2016-08-10 10:11 - 2016-08-03 10:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2016-08-10 10:11 - 2016-08-03 10:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2016-08-10 10:11 - 2016-08-03 10:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe 2016-08-10 10:11 - 2016-08-03 10:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-08-10 10:11 - 2016-08-03 10:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-08-10 10:11 - 2016-08-03 10:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-08-10 10:11 - 2016-08-03 10:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-08-10 10:11 - 2016-08-03 10:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-08-10 10:11 - 2016-08-03 10:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2016-08-10 10:11 - 2016-08-03 10:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-08-10 10:11 - 2016-08-03 10:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2016-08-10 10:11 - 2016-08-03 10:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-08-10 10:11 - 2016-08-03 10:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2016-08-10 10:11 - 2016-08-03 10:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-08-10 10:11 - 2016-08-03 10:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-08-10 10:11 - 2016-08-03 10:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-08-10 10:11 - 2016-08-03 10:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2016-08-10 10:11 - 2016-08-03 10:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-08-10 10:11 - 2016-08-03 10:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-08-10 10:11 - 2016-08-03 10:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-08-10 10:11 - 2016-08-03 10:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-08-10 10:11 - 2016-08-03 10:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-08-10 10:11 - 2016-08-03 10:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-08-10 10:11 - 2016-08-03 10:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-08-10 10:11 - 2016-08-03 10:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-08-10 10:11 - 2016-08-03 10:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2016-08-10 10:11 - 2016-08-03 10:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-08-10 10:11 - 2016-08-03 10:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-08-10 10:11 - 2016-08-03 10:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-08-10 10:11 - 2016-08-03 10:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-08-10 10:11 - 2016-08-03 10:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-08-10 10:11 - 2016-08-03 10:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2016-08-10 10:11 - 2016-08-03 10:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-08-10 10:11 - 2016-08-03 10:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-08-10 10:11 - 2016-08-03 10:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2016-08-10 10:11 - 2016-08-03 10:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-08-10 10:11 - 2016-08-03 06:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2016-08-10 10:11 - 2016-08-03 06:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-08-10 10:11 - 2016-08-03 06:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-08-10 10:11 - 2016-08-03 06:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll 2016-08-10 10:11 - 2016-08-03 06:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-08-10 10:11 - 2016-08-03 06:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-08-10 10:11 - 2016-08-03 06:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-08-10 10:11 - 2016-08-03 06:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-08-10 10:11 - 2016-08-03 06:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-08-10 10:11 - 2016-08-03 06:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-08-10 10:11 - 2016-08-03 05:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe 2016-08-10 10:11 - 2016-08-03 05:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll 2016-08-10 10:11 - 2016-08-03 05:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-08-10 10:11 - 2016-08-03 05:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll 2016-08-10 10:11 - 2016-08-03 05:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll 2016-08-10 10:11 - 2016-08-03 05:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2016-08-10 10:11 - 2016-08-03 05:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll 2016-08-10 10:11 - 2016-08-03 05:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-08-10 10:11 - 2016-08-03 05:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-08-10 10:11 - 2016-08-03 05:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-08-10 10:11 - 2016-08-03 05:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2016-08-10 10:11 - 2016-08-03 05:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe 2016-08-10 10:11 - 2016-08-03 05:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-08-10 10:11 - 2016-08-03 05:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-08-10 10:11 - 2016-08-03 05:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-08-10 10:11 - 2016-08-03 05:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-08-10 10:11 - 2016-08-03 05:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-08-10 10:11 - 2016-08-03 05:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-08-10 10:11 - 2016-08-03 05:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-08-10 10:11 - 2016-08-03 05:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-08-10 10:11 - 2016-08-03 05:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-08-10 10:11 - 2016-08-03 05:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2016-08-10 10:11 - 2016-08-03 05:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-08-10 10:11 - 2016-08-03 05:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-08-10 10:11 - 2016-08-03 05:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-08-10 10:11 - 2016-08-03 05:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-08-10 10:11 - 2016-08-03 05:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2016-08-10 10:11 - 2016-08-03 05:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-08-10 10:11 - 2016-08-03 05:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-08-10 10:11 - 2016-08-03 05:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-08-10 10:11 - 2016-08-03 05:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-08-10 10:11 - 2016-08-03 05:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2016-08-10 10:11 - 2016-08-03 05:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-05 06:39 - 2012-01-06 00:01 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job 2016-09-05 06:37 - 2012-01-06 04:42 - 00000000 ____D C:\Users\Dave\Documents\Outlook Files 2016-09-05 06:09 - 2012-04-10 11:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-09-05 05:49 - 2012-01-06 00:01 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job 2016-09-05 05:38 - 2016-05-10 14:32 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E5A19858-B5EF-4BC6-82B9-E98777E8C8AB} 2016-09-05 05:38 - 2014-05-19 10:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-09-05 05:36 - 2012-01-06 03:22 - 00000000 ____D C:\Users\Dave\Documents\Email Folders 2016-09-05 05:35 - 2016-02-09 15:57 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-04 21:59 - 2014-10-17 15:47 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA.job 2016-09-04 11:28 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-04 11:28 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-04 11:20 - 2012-04-26 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-09-02 22:29 - 2016-07-05 06:42 - 00000000 ____D C:\Users\Dave\AppData\Roaming\foobar2000 2016-09-02 15:59 - 2014-10-17 15:47 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core.job 2016-09-02 14:40 - 2016-04-16 02:31 - 01013760 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-09-02 14:40 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2016-09-01 16:40 - 2012-01-05 20:30 - 00000000 ____D C:\Users\Dave\Documents\Pop's 2016-09-01 12:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-09-01 12:06 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-08-26 07:40 - 2016-04-16 07:30 - 00002416 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-26 07:40 - 2016-04-16 07:30 - 00000000 ___RD C:\Users\Dave\OneDrive 2016-08-24 11:50 - 2012-01-05 20:30 - 00000000 ____D C:\Users\Dave\Documents\QUOTES 2016-08-22 11:50 - 2016-04-16 02:31 - 00000000 ____D C:\Users\Dave 2016-08-22 11:42 - 2016-06-01 15:20 - 00000000 ____D C:\Users\Dave\AppData\Local\HTC MediaHub 2016-08-22 11:41 - 2016-02-13 14:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-08-18 10:09 - 2016-04-28 15:54 - 00000000 ____D C:\Users\Dave\Desktop\Dave Poole 2016-08-17 09:04 - 2011-11-01 23:03 - 00000000 ____D C:\ProgramData\PCDr 2016-08-15 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache 2016-08-13 10:33 - 2016-02-13 14:22 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-08-12 10:11 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-08-12 10:10 - 2016-02-13 14:04 - 00000000 ____D C:\Program Files\Windows Journal 2016-08-12 10:10 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-08-10 10:20 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2016-08-10 10:20 - 2013-08-15 03:02 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-08-10 10:15 - 2012-01-07 17:55 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-08-10 10:14 - 2016-06-13 15:30 - 00002126 _____ C:\Users\Public\Desktop\Google Slides.lnk 2016-08-10 10:14 - 2016-06-13 15:30 - 00002124 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2016-08-10 10:14 - 2016-06-13 15:30 - 00002114 _____ C:\Users\Public\Desktop\Google Docs.lnk 2016-08-10 10:14 - 2016-06-13 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-08-08 20:16 - 2016-02-09 15:57 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ==================== Files in the root of some directories ======= 2012-01-09 12:59 - 2016-04-14 15:11 - 0079200 __RSH () C:\Program Files (x86)\DLS8Uninstall.log 2016-01-01 21:21 - 2016-02-28 23:10 - 0003584 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-01-20 10:27 - 2016-01-20 10:27 - 0000852 _____ () C:\Users\Dave\AppData\Local\recently-used.xbel 2015-09-21 14:51 - 2015-09-21 14:51 - 0007605 _____ () C:\Users\Dave\AppData\Local\Resmon.ResmonCfg 2012-08-16 11:49 - 2015-02-03 18:58 - 0006536 _____ () C:\ProgramData\hpzinstall.log 2013-03-24 21:15 - 2016-03-19 18:42 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys Some files in TEMP: ==================== C:\Users\Dave\AppData\Local\Temp\iv_uninstall.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-05 06:22 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016 Ran by Dave (05-09-2016 06:41:30) Running from C:\Users\Dave\Downloads Windows 10 Pro Version 1511 (X64) (2016-04-16 06:27:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3195402160-3620752181-2962431074-500 - Administrator - Disabled) Dave (S-1-5-21-3195402160-3620752181-2962431074-1000 - Administrator - Enabled) => C:\Users\Dave DefaultAccount (S-1-5-21-3195402160-3620752181-2962431074-503 - Limited - Disabled) Guest (S-1-5-21-3195402160-3620752181-2962431074-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3195402160-3620752181-2962431074-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3Connect (HKLM-x32\...\{A899DA1F-D626-401C-8651-F2921E3B4CB3}) (Version: 3.0.0 - 3 Mobile Broadband) 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden 7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov) Accounts (x32 Version: 15.0.11.159 - Sage (UK) Ltd) Hidden Accounts (x32 Version: 22.0.8.191 - Sage (UK) Ltd) Hidden Acronis True Image Home (HKLM-x32\...\{D1E0E859-F46D-4708-A41D-ED90C0C1822A}) (Version: 12.0.9770.9 - Acronis) Adobe Acrobat 8.1.0 Standard (HKLM-x32\...\Adobe Acrobat 8 Standard) (Version: 8.1.0 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Amazon Kindle (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) BBC iPlayer Downloads (HKLM-x32\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.910 - Broadcom Corporation) Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.882 - Corel Inc.) Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited) Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.) Email Verifier (HKLM-x32\...\Email Verifier) (Version: - Live Software Inc) Email Verifier (x32 Version: 6.2 - Live Software Inc) Hidden Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version: - ) Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION) Epson Network Guide WF-2540 Series (HKLM-x32\...\WF-2540 Series Netg) (Version: - ) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{C7AA3D65-1F84-4590-AFAA-0777A04B6687}) (Version: 4.4.1 - SEIKO EPSON CORPORATION) Epson User's Guide WF-2540 Series (HKLM-x32\...\WF-2540 Series Useg) (Version: - ) EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.) Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) ffdshow x64 v1.2.4422 [2012-04-09] (HKLM\...\ffdshow64_is1) (Version: 1.2.4422.0 - ) FileZilla Client 3.15.0.2 (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\FileZilla Client) (Version: 3.15.0.2 - Tim Kosse) Flixster Video (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\5cdf686a56bda3b1) (Version: 2.6.5.532 - Flixster Video) foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden GoToMeeting 5.1.0.880 (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline) Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - ) HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - ) HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard) HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation) HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.72.3 - HTC) Huawei modem (HKLM-x32\...\Huawei Modems) (Version: - ) Integrated Camera Driver Installer Package Ver.1.1.0.1132 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1132 - RICOH) Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.8.601 - Chicony Electronics Co.,Ltd.) Intel PROSet Wireless (x32 Version: - ) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) join.me (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\JoinMe) (Version: 1.5.2.225 - LogMeIn, Inc.) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - ) Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo) Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.) Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited) Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - ) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo) Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo) Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo) Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MCEBuddy 2.x (HKLM\...\{0D3796AA-D867-4278-AEBC-3616AD1F7C3A}) (Version: 2.4.3 - MCEBuddy) Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 48.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-GB)) (Version: 48.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.50.00 - ) OpenOffice.org 3.3 (HKLM-x32\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org) Parrot Software Update Tool (HKLM-x32\...\Parrot Flash Update Wizard) (Version: - ) Python 3.4.0 (64-bit) (HKLM\...\{863162a8-ecc2-35ea-bdf7-e09ac456e164}) (Version: 3.4.150 - Python Software Foundation) RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6418 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.) Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - ) ReImageCompanion (HKLM-x32\...\ReImageCompanion) (Version: - ) Sage 50 Accounts 2016 (HKLM-x32\...\InstallShield_{12CE83F7-1A7F-4728-91CA-99E7DF84B2DC}) (Version: 22.0.8.191 - Sage (UK) Ltd) Sage Report Designer Service Pack (HKLM-x32\...\{808E694F-2A5F-44A7-BA82-8431B866B2C1}) (Version: 1.00.0000 - Sage (UK) Ltd.) SBDDesktopUpdateInstaller (x32 Version: 12.1.586.0 - SBDDesktopUpdateInstaller) Hidden SDataConfigAddInInstaller (x32 Version: 12.1.586.0 - SDataConfigAddInInstaller) Hidden Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.2102.0 - Seagate) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) ShowAnalyzerSuite (HKLM-x32\...\{07C1B166-AAF2-4456-AE5F-48B20FD3124C}) (Version: 1.1.0.825 - Dragon Global) SPAMfighter (HKLM-x32\...\SPAMfighter) (Version: 7.6.127 - Spamfighter ApS) SPAMfighter (x32 Version: 7.6.127 - Spamfighter ApS) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated) System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.910 - Broadcom Corporation) ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - ) ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - ) ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo) ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo) ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo) ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo) ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL)) Windows Driver Package - Intel (iaStor) hdc (04/26/2011 10.5.0.1026) (HKLM\...\95D0E47871170F0763151CFD697BBAB47A5794F7) (Version: 04/26/2011 10.5.0.1026 - Intel) Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo) Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. ) Wondershare Video Converter Pro(Build 5.1.2.1) (HKLM-x32\...\Wondershare Video Converter Pro_is1) (Version: - Wondershare Software) Wondershare Video Converter Ultimate(Build 8.6.0.0) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.6.0.0 - Wondershare Software) Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.) Zebra Font Downloader (HKLM-x32\...\Zebra Font Downloader_is1) (Version: - Zebra Technologies Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\880\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {025100CE-B40D-4D78-8C2E-A6758C60EA3A} - System32\Tasks\{2FA8FDB8-84B2-407E-AC1A-8875605519FC} => pcalua.exe -a C:\Users\Dave\Downloads\iview433_setup.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {026C9C4D-4FB8-4B5C-9319-0579BAA87555} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {0A7E75F5-E831-4DB9-B61E-CDB39D6902A6} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe Task: {0A8AB43F-6889-4148-9675-F22349318104} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) Task: {0CEB39A4-E2EE-404A-89D1-64ADBEEA8C5C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {0D12E138-D7F3-4DE3-851F-896D8297FD0E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {0E9F1406-6743-4497-85B5-7AF39793C57B} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited) Task: {0EFA0EAC-0540-4137-BBF5-2F3859A5661E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {0F3D2144-5143-4334-B51F-E209ADA72B68} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {0FE1D425-1D15-43F8-8EA5-7695EC49DFB1} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {14C099FC-B7D4-42F2-9A48-05F2B786D68F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {19B9ABF8-BC5F-445E-AA77-287D5DBA0497} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Task: {1E99479F-3750-4C72-9176-1E117EE9961A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {3EAC044C-C34E-455E-B719-F8F6C34B741D} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] () Task: {43C70501-D3D4-4D08-8501-E10BD4F89756} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {4CB00FE0-BAAF-46A8-A3C2-F73C69316F1C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {4E03F021-2B72-473C-AE44-F804F8DAEC70} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {51376539-ABC9-4D03-BA8C-B8967D76978B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {55241966-A525-483A-80B3-912957AB1D5B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {56619721-81E9-49ED-A050-5094B93782BB} - System32\Tasks\Dave Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC) Task: {5BA07DE9-AFE8-4F78-BA8C-DD084C955095} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {5D5CEC7B-FC3A-4AAF-9C92-77DF02A658C0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {61417B3F-2CC4-4FA8-B26F-D9C44F81318C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {65DB5A20-74D3-46BB-A32A-9BDA3F100D58} - System32\Tasks\Dave DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-04-01] (Seagate Technology LLC) Task: {6620AE60-7FD9-4C82-852A-4C59BE211304} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {662ECEAF-F6BA-481B-A344-7AA752D9490C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated) Task: {6D8247F1-2793-44EA-8594-F74737F2A75E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {6DCB8BD8-D83A-4FAE-84EA-FEF20138898F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {771C96B0-BC46-464D-BCB1-C4AF59762D9D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {7E1AFEE1-5456-4446-A289-F41BACA1048A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-17] (Facebook Inc.) Task: {81B9AE31-23E3-4E62-BCFF-F4E245BF02F6} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {83B34BC5-9FCE-462B-ACEB-592DB222E2E0} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe Task: {85D9FB2A-01B3-4DA1-8DAA-1EF2938CE7C1} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.) Task: {8A6F6665-22CB-4A09-87C6-E04B977D0151} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {8D992057-8332-4078-8BDE-FC3A0D83F724} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {8DE947D3-87DC-41DD-B782-A39D05263B9D} - System32\Tasks\{BDF3DD27-5A11-4B25-89A9-4CEBDE54BF79} => pcalua.exe -a C:\Users\Dave\Downloads\irfanview_plugins_433_setup.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {91514B03-773A-4B09-B637-F20DB0705B70} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-04-01] (Seagate Technology LLC) Task: {9A10568E-EB4E-42D6-AB55-366BD62AE7A8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {9E93A860-00F8-4062-8F99-75269EBAE193} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.) Task: {A1B491D2-3F94-4DA5-950F-B488DE727980} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {A57CDDA4-929F-4106-A334-0367875C4063} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {A77339F7-9E91-45E2-81FF-D30DFAFEB80C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {B98AD9BE-6531-4B0B-B301-990AD31F4EBD} - System32\Tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeReminderTask => C:\Windows\System32\GWX\GWX.exe Task: {BD0F2DBF-36AA-4CD1-86B5-0758730FD504} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {BD13DE06-B699-47D0-9469-B0D784E0E16C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {BEACC2AB-B5D6-4D05-9E9D-B26FEC6ADFEA} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-26] (Microsoft Corporation) Task: {C1C3DBB7-C0B9-4B42-81DE-B2CBFFA219D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.) Task: {C1EFA083-82CB-48E2-AFA6-EF54CD6BD435} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-17] (Facebook Inc.) Task: {C421AFD3-E9F2-44A7-BEC8-03ACB2E8E28C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {C45474CF-15F0-49CD-BF60-72A528EEF111} - System32\Tasks\Dave => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC) Task: {C74BCBA9-4357-4035-BB16-6475F1BE322D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {CBF5BBC6-8397-42A6-8C88-968311A3945A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {CE47A082-0881-4AA7-A508-83DDCD3488D0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {CF1FD201-2A91-48C3-AB31-C90B2F545229} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-23] (Lenovo) Task: {D12D668E-7504-4B5B-8A9D-4613DDA2EAB1} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.) Task: {D409AD90-4D25-425E-87E3-FAA0945408F3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {D8D937D2-8E84-4F41-AA15-368D19A4AD0A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {D98C6D61-054B-41BE-BF91-67CCD7846385} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {DCBC3E82-9F51-4DC6-98B2-385D39468667} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {E8C08136-AC9B-4B45-981B-62FEB3BB1B71} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {EF19F11F-F341-48CA-B4EF-EE727F3EC5D8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {F030A6A8-E074-454D-B7A5-A6AB8E738883} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {F18F7729-813E-4E68-A7A9-6640A12FDF5F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {FD6F1A6C-4A40-4B8E-BBB6-1704E1DA0857} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-01-11 13:42 - 2010-01-28 14:47 - 01737464 _____ () C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe 2015-12-23 18:59 - 2015-12-23 18:59 - 00034304 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe 2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-07-13 12:42 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2011-11-01 22:54 - 2011-08-31 19:03 - 00045568 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL 2016-07-13 12:42 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-08-26 07:40 - 2016-08-26 07:40 - 01864384 _____ () C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll 2016-04-16 12:04 - 2015-02-27 14:38 - 00721263 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll 2016-02-13 13:54 - 2016-02-13 13:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-13 12:43 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-07-13 12:42 - 2016-07-01 04:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-13 12:42 - 2016-07-01 04:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-13 12:42 - 2016-07-01 04:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-13 12:42 - 2016-07-01 04:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2011-11-01 22:51 - 2010-10-26 21:40 - 00049056 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe 2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-04-19 10:26 - 2016-04-19 10:26 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2009-05-28 06:09 - 2009-05-28 06:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe 2016-08-17 08:55 - 2016-08-17 08:56 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-08-17 08:55 - 2016-08-17 08:56 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-06-03 08:55 - 2016-06-03 08:55 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2016-04-16 08:02 - 2016-04-16 08:02 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2011-06-27 16:06 - 2011-06-27 16:06 - 00502352 _____ () C:\Program Files\PC-Doctor\libAsapiCSharp.dll 2011-06-27 16:06 - 2011-06-27 16:06 - 00100944 _____ () C:\Program Files\PC-Doctor\libCSharpCommonCS.dll 2011-06-27 16:06 - 2011-06-27 16:06 - 00018512 _____ () C:\Program Files\PC-Doctor\libGapiCSharp.dll 2011-06-27 16:06 - 2011-06-27 16:06 - 00029264 _____ () C:\Program Files\PC-Doctor\libDataStoreCSharp.dll 2011-06-27 16:06 - 2011-06-27 16:06 - 00092752 _____ () C:\Program Files\PC-Doctor\libTonopahClientCSharp.dll 2016-03-09 14:40 - 2016-03-09 14:40 - 00030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll 2016-06-03 15:37 - 2016-06-03 15:37 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll 2016-03-09 14:40 - 2016-03-09 14:40 - 00059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll 2016-03-09 14:40 - 2016-03-09 14:40 - 00035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll 2016-03-09 14:40 - 2016-03-09 14:40 - 00079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll 2016-03-09 14:41 - 2016-03-09 14:41 - 00129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll 2016-03-09 14:42 - 2016-03-09 14:42 - 00223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll 2015-08-13 17:21 - 2016-05-16 16:52 - 01382048 ____N () C:\Program Files (x86)\Sage\AccountsServiceV22\cpprest100_1_2.dll 2011-11-01 22:54 - 2011-08-31 19:03 - 00081920 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMROV.DLL 2016-08-26 07:39 - 2016-08-26 07:39 - 01383616 _____ () C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll 2016-08-26 07:40 - 2016-08-26 07:40 - 00118976 _____ () C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll 2015-12-03 11:29 - 2015-12-03 11:29 - 00541216 _____ () C:\Program Files (x86)\Fighters\SPAMfighter\sfsg.dll 2015-12-03 11:28 - 2015-12-03 11:28 - 00966688 _____ () C:\Program Files (x86)\Fighters\SPAMfighter\sfse.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2016-04-16 07:36 - 2016-04-16 07:36 - 00053760 _____ () C:\Users\Dave\AppData\Local\assembly\dl3\E9VX5H0O.X7B\8HXOLOQM.ZEB\d84d4b5d\006b296d_7f44cf01\Outlook07DymoAddIn.DLL 2016-04-16 07:36 - 2016-04-16 07:36 - 00093696 _____ () C:\Users\Dave\AppData\Local\assembly\dl3\E9VX5H0O.X7B\8HXOLOQM.ZEB\88829073\00eae00f_7e44cf01\DYMO.Common.DLL 2015-11-11 03:42 - 2015-11-11 03:42 - 01045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll 2016-04-19 10:26 - 2016-04-19 10:26 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 10:26 - 2016-04-19 10:26 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2016-02-12 16:50 - 00000851 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Think\Think_Blue.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ALCKRESI.EXE => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: DBAgent => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart MSCONFIG\startupreg: DLSService => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" MSCONFIG\startupreg: DymoQuickPrint => "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: Facebook Update => "C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe MSCONFIG\startupreg: LTT => C:\Program Files\PC-Doctor\EnableToolbarW32.exe MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TpShocks => TpShocks.exe MSCONFIG\startupreg: Uploader => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe HKLM\...\StartupApproved\Run32: => "PWMTRV" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\StartupApproved\Run: => "Uploader" HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\StartupApproved\Run: => "GoogleDriveSync" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [UDP Query User{E2FBDC54-2BD2-4FD3-83B9-89925871466F}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe FirewallRules: [TCP Query User{F03878F2-D27A-455D-9C1D-17ADE2CDC137}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe FirewallRules: [UDP Query User{B566473A-961C-475B-9D48-65FE51766D54}C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe] => (Block) C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe FirewallRules: [TCP Query User{00164986-4ED2-4D0A-99F4-AD34190C1CA8}C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe] => (Block) C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe FirewallRules: [{6AD08CC3-B4C6-45AA-BC35-C35AD9F27AF5}] => (Block) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe FirewallRules: [{57D6181C-9E90-46CF-AAD8-69045167EF34}] => (Block) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe FirewallRules: [UDP Query User{9B650AB8-D643-479D-A632-1AF4891871FC}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe FirewallRules: [TCP Query User{AA1A1DE4-CD34-40F9-A0D2-8F5EBF02FAA3}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe FirewallRules: [{3B105B4A-6DB1-4561-9B19-9E842D49014D}] => (Block) C:\xampp\apache\bin\httpd.exe FirewallRules: [{A5175E7B-DA04-4DE9-AEFE-E909E6A8EB27}] => (Block) C:\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{E6BA0614-CA91-4274-B02E-1EDC42F145B1}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{F54E9E43-78D0-4A94-AD26-6F31DB412C51}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [{C2553B23-8199-4F41-B792-A7F71D7A298D}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe FirewallRules: [{4D60A337-930B-4A77-8FA9-FA0D31C78D71}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe FirewallRules: [UDP Query User{1BA5E64F-1CAD-45CD-9537-B22B723D525A}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\medialibserver.exe FirewallRules: [TCP Query User{B0EC78D1-D462-4D9F-BA1B-8EB4D252B467}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\medialibserver.exe FirewallRules: [UDP Query User{BA841123-3947-4841-95D8-EE33E87B11BA}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe FirewallRules: [TCP Query User{BB885D48-C5AB-4121-A4E0-58D9D8EAB17B}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe FirewallRules: [{C93C135A-3482-479B-87C5-1795DA23D5C6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B4AB97BC-DC0B-4DD4-B16B-A76032398898}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{19AFD58A-3067-4E57-8C4A-840B35BB1818}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C9E630E1-0810-4385-89E3-96F4C5B08FB1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{0733DDB6-B2AD-4FEA-A22E-E7C2B7B56346}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A30DB4AF-CB2A-4DC3-9624-125CBFA22728}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{F20D6ABD-07EC-4F8D-A72D-D005E494A2EA}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe FirewallRules: [TCP Query User{97F3A88A-1414-4D35-8AF2-F6BDD4B6F359}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe FirewallRules: [{68E306F1-9816-4C84-BBFB-1C9E602C8607}] => (Allow) LPort=8888 FirewallRules: [UDP Query User{C3631B32-6194-4B92-A2B0-CE9E1E559D0F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{3B06458C-2AAB-434C-B167-36091779A20D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{1705E34A-85E2-4F96-A769-C327FB10BBFD}C:\users\dave\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dave\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{821E65EC-3B6D-4DEF-95A9-78004FFE9160}C:\users\dave\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dave\appdata\roaming\spotify\spotify.exe FirewallRules: [{AB45CA04-0DE9-46FA-8FE9-294238B2F34E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{36FB540E-8280-4AA6-BB81-1623E15DACFB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{94AC206C-61AF-4B4A-A56D-20B5D1800CBB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{F8E78B8E-D59F-44FE-9319-6584D2C3090A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{C7C33E5D-1098-4623-9C5B-F83D7290D0BB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{31363357-B278-4306-B6DC-BF50EA8C6EF0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{DA00CE47-176C-495F-ADCC-ECCE207A1990}] => (Allow) G:\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [{F7A7A8C2-C96D-4831-A45F-A764F87592DD}] => (Allow) G:\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [{2541487E-5EDB-4CC7-BB13-63BF356F41C2}] => (Allow) C:\Users\Dave\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{8D6AD0CD-234C-4D29-973A-335962ADD84D}] => (Allow) LPort=8888 FirewallRules: [UDP Query User{31D7E403-50B4-417D-A6A1-9815278C42AD}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe FirewallRules: [TCP Query User{2CA8C855-19B9-476C-9A6C-912F88E0A842}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe FirewallRules: [UDP Query User{684C0FB3-876E-4F35-8270-9C14ACDF7CAB}C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe FirewallRules: [TCP Query User{83B9B898-3962-4CBB-8746-CBE6AC3728F7}C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe FirewallRules: [{EDDADA75-5EBF-4697-BC46-F01BF22B77D4}] => (Allow) C:\Users\Dave\AppData\Local\Temp\7zS4A15\HPDiagnosticCoreUI.exe FirewallRules: [{7D2E151C-EA7A-44CD-89CE-863DC3E874F2}] => (Allow) C:\Users\Dave\AppData\Local\Temp\7zS4A15\HPDiagnosticCoreUI.exe FirewallRules: [UDP Query User{DA04391C-5E3C-4662-A160-E8024F42A0C9}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe FirewallRules: [TCP Query User{6E0C638D-BC1A-431E-97FF-5C3DD3B44EA2}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe FirewallRules: [{062E0EC3-1A5D-45AC-8DE3-E4FDC5C4CB49}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{C628E08C-AB5D-45B6-8300-D07D87441395}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{FFF66738-8DDD-4122-A03D-1BEB25CB8450}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{8E54B49A-B4CE-4AD9-A46B-87676F6EE16B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{65B33B26-6A29-4604-AE59-039308C46B5E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{970AB776-EF40-4358-BFBD-86CCC1064300}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{1DBA06E0-8C69-432B-B8C1-EF95C60D1BDD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe FirewallRules: [{49E373F4-5F6E-46A5-BF2F-C24C8E8621C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe FirewallRules: [{DC466A1D-6C59-4D68-BED4-904090D4B094}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe FirewallRules: [{093D17F8-A204-4A34-90B9-AC10DC25D21C}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe FirewallRules: [{6D46DE04-5A8A-400A-B3E3-08F3462B3B24}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{9FBD5A68-D783-4173-BCC8-8036DDAFC5D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{911D4B1F-41C5-4DA7-87C0-E34BFA47AF80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{D1DCBE46-027B-49C2-A8E3-0E06B1D647E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [TCP Query User{7B8D5D5C-220B-4B70-ADC8-EA529F9AFAA3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [UDP Query User{71D2E034-7422-4C84-B9D3-49CBB270E735}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [TCP Query User{24D50A94-0B6C-4C21-951A-D95E146F7302}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe FirewallRules: [UDP Query User{67D20E17-D1C3-4153-99A4-6B0599FE1DB7}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe FirewallRules: [TCP Query User{C10FC48D-E6E5-480E-B34A-620C92CD2DE9}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu\medialibserver.exe FirewallRules: [UDP Query User{DFB80BC7-2950-429C-A878-8960CCAE140B}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu\medialibserver.exe FirewallRules: [{DA843970-1DAF-465E-853D-B3B512DD701D}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe FirewallRules: [{5495F6C3-AA50-4FB3-9CAB-D0CACDA0A72A}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe FirewallRules: [{A19FB1B6-43DD-4EFB-B153-F6DBCD0F4B45}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{9453DA5B-57C5-4A7F-ACAE-275F60D97764}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe FirewallRules: [{6DE4A561-BE88-44CC-B95A-91D362DDECE7}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe ==================== Restore Points ========================= 18-08-2016 09:35:42 Scheduled Checkpoint 26-08-2016 07:43:52 Windows Update 01-09-2016 12:06:48 Windows Update ==================== Faulty Device Manager Devices ============= Name: Unknown USB Device (Device Descriptor Request Failed) Description: Unknown USB Device (Device Descriptor Request Failed) Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: Unknown USB Device (Device Descriptor Request Failed) Description: Unknown USB Device (Device Descriptor Request Failed) Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (09/05/2016 05:49:07 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:07:0000)(214504) enumerator - Error -- 116 pcdrsysinfosystemboard: Module timed out after 120895 milliseconds and was terminated Error: (09/05/2016 05:49:07 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:07:0000)(214504) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec. Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:06:9960)(214504) libCommon.System.Windows - Error -- 726 execAndGetPipeData(./pcdrsysinfosystemboard.p5x) readFromPipeTimed failed, killing: 211080 Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:06:9960)(214504) libCommon.System.Windows - Error -- 635 readFromPipeTimed(1200) timed out after 119998 totalBytes: 0 Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:06:9250)(214504) enumerator - Error -- 116 pcdrsysinfodirect: Module timed out after 120820 milliseconds and was terminated Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:06:9250)(214504) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec. Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:06:9210)(214504) libCommon.System.Windows - Error -- 726 execAndGetPipeData(./pcdrsysinfodirect.p5x) readFromPipeTimed failed, killing: 208504 Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:06:9210)(214504) libCommon.System.Windows - Error -- 635 readFromPipeTimed(1208) timed out after 119999 totalBytes: 0 Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:06:9090)(214504) enumerator - Error -- 116 pcdrsysinfocpu_x86: Module timed out after 120803 milliseconds and was terminated Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: ) Description: (214504) Asapi: (05:49:06:9080)(214504) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec. System errors: ============= Error: (09/04/2016 10:03:55 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_f7aacdd service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_f7aacdd service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_f7aacdd service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_f7aacdd service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/04/2016 02:07:50 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 Error: (09/04/2016 02:07:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_e6a6935 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/04/2016 02:07:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_e6a6935 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/04/2016 02:07:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_e6a6935 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/04/2016 02:07:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_e6a6935 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-09-05 06:39:35.054 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 06:39:35.042 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 06:39:35.027 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 06:39:34.681 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 06:39:34.607 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 05:41:22.823 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 05:41:22.809 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 05:41:22.793 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 05:41:16.391 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-05 05:41:16.377 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz Percentage of memory in use: 52% Total physical RAM: 8032.48 MB Available physical RAM: 3816.5 MB Total Virtual: 16224.48 MB Available Virtual: 11201.76 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:221.31 GB) (Free:59.58 GB) NTFS ==>[system with boot components (obtained from drive)] Drive y: () (Network) (Total:2778.53 GB) (Free:1336.9 GB) Drive z: () (Network) (Total:2778.53 GB) (Free:1336.9 GB) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 223.6 GB) (Disk ID: 000297F0) Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=221.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  7. Hi, Malwarebytes detected 2 instances of pup.generic.mindsark last week, looked at the forum topics but some of the tools recommended vary so I'm afraid I need some help. My machine is a Lenovo L520 laptop running Windows 10. Malwarebytes picks up the infection but it reinstalls itself on reboot. Here's the log, can someone help please? Malwarebytes Anti-Malware www.malwarebytes.org Update, 05/09/2016 05:38, SYSTEM, DAVE-THINK, Manual, Malware Database, 2016.9.4.8, 2016.9.5.1, Protection, 05/09/2016 05:38, SYSTEM, DAVE-THINK, Protection, Refresh, Starting, Protection, 05/09/2016 05:38, SYSTEM, DAVE-THINK, Protection, Malicious Website Protection, Stopping, Protection, 05/09/2016 05:38, SYSTEM, DAVE-THINK, Protection, Malicious Website Protection, Stopped, Protection, 05/09/2016 05:38, SYSTEM, DAVE-THINK, Protection, Refresh, Success, Protection, 05/09/2016 05:38, SYSTEM, DAVE-THINK, Protection, Malicious Website Protection, Starting, Protection, 05/09/2016 05:38, SYSTEM, DAVE-THINK, Protection, Malicious Website Protection, Started, (end)
  8. Hi, I've checked the archives and can't find anything regarding my problem - hope I'm not going over old ground here. I downloaded a program MCEBuddy today and since then I've had a new program showing in my start list GDSMux. A quick Google search shows it as a PUP but my antivirus (MS Defender) and malwarebytes program didn't find anything to highlight. Do I need to do something? Google shows I can uninstall it through control panel in the usual way but also points out that other PUPs hiding behind it may keep reinstalling it. Has anyone had any experience of this please?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.