Hi Kevin,
Thanks very much for the prompt reply. Think I've done everything you said but Malwarebytes is still showing the same infections - here's the logs you asked to see.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Dave (administrator) on DAVE-THINK (05-09-2016 21:05:19)
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave (Available Profiles: Dave & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe
(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe
(Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
(Dragon Global) C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\FighterSuiteService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\x64\LiveKitLoader64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrcui.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrsysinfocpu_x86.p5x
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-19] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [377304 2009-05-25] (Acronis)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-28] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [146600 2015-07-28] (Synaptics)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)
HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo Group Limited)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4359776 2009-05-25] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [960616 2009-05-25] (Acronis)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-03-21] ()
HKLM-x32\...\Run: [CommonToolkitTray] => C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1696288 2015-02-27] (SPAMfighter ApS)
HKLM-x32\...\Run: [sfagent] => C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe [1050656 2015-12-03] (SPAMfighter ApS)
HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {3f802dee-6919-11e2-a303-e89a8ffca9b0} - "D:\AutoRun.exe"
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {d83995d4-6138-11e6-bdeb-9439e5917cfa} - "D:\AutoRun.exe"
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-03-20]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2030d55d-3156-470a-89b6-c023b848a1ef}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{83b2351b-def0-4a36-bbe7-bfa19d316a79}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enGB465
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enGB465
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {E5469FAC-5226-4BB3-87EA-F4C75B15AA0D} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-21] (Wondershare)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-04] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-04] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
FireFox:
========
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918
FF DefaultSearchEngine: Yahoo.co.uk
FF Homepage: hxxps://www.google.co.uk/?gfe_rd=cr&ei=8eixVYD7KMOHOraeqJgO
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3195402160-3620752181-2962431074-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-18] (Cisco WebEx LLC)
FF Extension: (No Name) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [not found]
FF Extension: (No Name) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [not found]
FF Extension: (No Name) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [not found]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-09-02] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-09-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on => not found
Chrome:
=======
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default
CHR HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gmdfpnpdmnjaffhcdbobdjpolhpacaem] - C:\Program Files (x86)\ReImageCompanion\blabbers-ch.crx [2012-02-10]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] ()
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-01-13] (Macrovision Europe Ltd.) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MCEBuddy2x; C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe [34304 2015-12-23] () [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor)
R2 Sage 50 Accounts Control v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe [2396672 2016-05-16] (Sage (UK) Ltd.) [File not signed]
R2 Sage 50 Accounts Service v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe [3474944 2016-05-16] (Sage (UK) Ltd.) [File not signed]
R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed]
R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2015-02-06] (Sage (UK) Limited) [File not signed]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC)
R2 ShowAnalyzerMaster; C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe [2136576 2010-06-05] (Dragon Global) [File not signed]
R2 SPAMfighter Update Service; C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [216608 2015-12-03] (SPAMfighter ApS)
R2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1282592 2015-11-13] (SPAMfighter ApS)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-28] (Synaptics Incorporated)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [256000 2010-12-22] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-28] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [1462304 2015-11-19] (Acronis)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-09-05] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-05] (Zemana Ltd.)
U3 idsvc; no ImagePath
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-05 21:01 - 2016-09-05 21:01 - 00018394 _____ C:\Users\Dave\Desktop\Zemana20160905.txt
2016-09-05 19:07 - 2016-09-05 19:07 - 00002076 _____ C:\Users\Dave\Desktop\rkill.txt
2016-09-05 19:03 - 2016-09-05 19:04 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\iExplore.exe
2016-09-05 19:02 - 2016-09-05 19:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\rkill.com
2016-09-05 18:57 - 2016-09-05 18:58 - 00063502 _____ C:\Users\Dave\Desktop\Addition.txt
2016-09-05 18:56 - 2016-09-05 21:05 - 00027087 _____ C:\Users\Dave\Desktop\FRST.txt
2016-09-05 17:45 - 2016-09-05 17:45 - 02397696 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2016-09-05 17:26 - 2016-09-05 21:05 - 00301862 _____ C:\WINDOWS\ZAM.krnl.trace
2016-09-05 17:26 - 2016-09-05 21:05 - 00296305 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-09-05 17:26 - 2016-09-05 17:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-09-05 17:26 - 2016-09-05 17:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-09-05 17:26 - 2016-09-05 17:26 - 00001232 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-09-05 17:26 - 2016-09-05 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-09-05 17:26 - 2016-09-05 17:26 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-09-05 17:25 - 2016-09-05 17:25 - 00000000 ____D C:\Users\Dave\AppData\Local\Zemana
2016-09-05 17:24 - 2016-09-05 17:24 - 05292304 _____ ( ) C:\Users\Dave\Desktop\Zemana.AntiMalware.Setup.exe
2016-09-05 17:20 - 2016-09-05 17:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\rkill.exe
2016-09-05 06:41 - 2016-09-05 06:42 - 00065951 _____ C:\Users\Dave\Downloads\Addition.txt
2016-09-05 06:40 - 2016-09-05 21:04 - 00000000 ____D C:\FRST
2016-09-05 06:40 - 2016-09-05 06:42 - 00052321 _____ C:\Users\Dave\Downloads\FRST.txt
2016-09-05 06:38 - 2016-09-05 06:39 - 02397696 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe
2016-09-02 12:07 - 2016-09-04 11:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-01 14:50 - 2016-09-01 14:50 - 00801692 _____ C:\Users\Dave\Downloads\2016_FFS_Catalogue_page_101_Standard_Bag_Range_-_SB.pdf
2016-08-26 07:40 - 2016-08-26 07:40 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-26 07:39 - 2016-08-26 07:39 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Skype
2016-08-22 15:53 - 2016-08-22 15:53 - 00000010 _____ C:\Users\Dave\Desktop\Blas a Fronlas.txt
2016-08-11 15:24 - 2016-08-11 15:25 - 00111224 _____ C:\Users\Dave\Downloads\3196 Beveridge.pdf
2016-08-10 15:41 - 2016-08-10 15:41 - 04927969 _____ C:\Users\Dave\Downloads\Joint Administrators Progress Report 14.11.15 to 13.05.16.pdf
2016-08-10 15:29 - 2016-08-10 15:29 - 05081674 _____ C:\Users\Dave\Downloads\Joint Administrators Statement of Proposals.pdf
2016-08-10 11:33 - 2016-08-10 11:33 - 00059010 _____ C:\Users\Dave\Downloads\downloadfile(10).PDF
2016-08-10 11:32 - 2016-08-10 11:32 - 00058476 _____ C:\Users\Dave\Downloads\downloadfile(9).PDF
2016-08-10 11:31 - 2016-08-10 11:31 - 00060543 _____ C:\Users\Dave\Downloads\downloadfile(8).PDF
2016-08-10 11:29 - 2016-08-10 11:29 - 00058883 _____ C:\Users\Dave\Downloads\downloadfile(7).PDF
2016-08-10 11:28 - 2016-08-10 11:28 - 00054927 _____ C:\Users\Dave\Downloads\downloadfile(6).PDF
2016-08-10 10:14 - 2016-08-10 10:14 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-08-10 10:14 - 2016-08-10 10:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-08-10 10:11 - 2016-08-03 12:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 10:11 - 2016-08-03 12:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 10:11 - 2016-08-03 12:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 10:11 - 2016-08-03 11:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 10:11 - 2016-08-03 11:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 10:11 - 2016-08-03 11:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 10:11 - 2016-08-03 11:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 10:11 - 2016-08-03 11:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 10:11 - 2016-08-03 11:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 10:11 - 2016-08-03 11:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 10:11 - 2016-08-03 11:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 10:11 - 2016-08-03 11:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 10:11 - 2016-08-03 11:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 10:11 - 2016-08-03 11:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 10:11 - 2016-08-03 11:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 10:11 - 2016-08-03 11:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 10:11 - 2016-08-03 11:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 10:11 - 2016-08-03 11:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 10:11 - 2016-08-03 11:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 10:11 - 2016-08-03 11:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 10:11 - 2016-08-03 11:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 10:11 - 2016-08-03 11:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 10:11 - 2016-08-03 11:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 10:11 - 2016-08-03 11:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 10:11 - 2016-08-03 11:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 10:11 - 2016-08-03 11:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 10:11 - 2016-08-03 10:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 10:11 - 2016-08-03 10:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 10:11 - 2016-08-03 10:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 10:11 - 2016-08-03 10:45 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2016-08-10 10:11 - 2016-08-03 10:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 10:11 - 2016-08-03 10:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 10:11 - 2016-08-03 10:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 10:11 - 2016-08-03 10:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 10:11 - 2016-08-03 10:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-10 10:11 - 2016-08-03 10:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-10 10:11 - 2016-08-03 10:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 10:11 - 2016-08-03 10:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 10:11 - 2016-08-03 10:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-10 10:11 - 2016-08-03 10:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 10:11 - 2016-08-03 10:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 10:11 - 2016-08-03 10:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 10:11 - 2016-08-03 10:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 10:11 - 2016-08-03 10:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 10:11 - 2016-08-03 10:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 10:11 - 2016-08-03 10:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 10:11 - 2016-08-03 10:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 10:11 - 2016-08-03 10:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 10:11 - 2016-08-03 10:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 10:11 - 2016-08-03 10:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 10:11 - 2016-08-03 10:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 10:11 - 2016-08-03 10:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 10:11 - 2016-08-03 10:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 10:11 - 2016-08-03 10:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 10:11 - 2016-08-03 10:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 10:11 - 2016-08-03 10:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 10:11 - 2016-08-03 10:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 10:11 - 2016-08-03 10:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 10:11 - 2016-08-03 10:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 10:11 - 2016-08-03 10:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 10:11 - 2016-08-03 10:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 10:11 - 2016-08-03 10:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 10:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 10:11 - 2016-08-03 10:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 10:11 - 2016-08-03 10:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 10:11 - 2016-08-03 10:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 10:11 - 2016-08-03 10:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-10 10:11 - 2016-08-03 10:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 10:11 - 2016-08-03 10:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-10 10:11 - 2016-08-03 10:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 10:11 - 2016-08-03 10:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 10:11 - 2016-08-03 10:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 10:11 - 2016-08-03 10:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 10:11 - 2016-08-03 10:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 10:11 - 2016-08-03 10:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 10:11 - 2016-08-03 10:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 10:11 - 2016-08-03 10:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 10:11 - 2016-08-03 10:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 10:11 - 2016-08-03 10:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 10:11 - 2016-08-03 10:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 10:11 - 2016-08-03 10:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 10:11 - 2016-08-03 10:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 10:11 - 2016-08-03 10:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 10:11 - 2016-08-03 10:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 10:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 10:11 - 2016-08-03 10:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 10:11 - 2016-08-03 10:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 10:11 - 2016-08-03 10:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 10:11 - 2016-08-03 06:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 10:11 - 2016-08-03 06:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 10:11 - 2016-08-03 06:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 10:11 - 2016-08-03 06:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 10:11 - 2016-08-03 06:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 10:11 - 2016-08-03 06:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 10:11 - 2016-08-03 06:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 10:11 - 2016-08-03 06:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 10:11 - 2016-08-03 06:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 10:11 - 2016-08-03 06:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 10:11 - 2016-08-03 05:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 10:11 - 2016-08-03 05:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 10:11 - 2016-08-03 05:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 10:11 - 2016-08-03 05:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 10:11 - 2016-08-03 05:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 10:11 - 2016-08-03 05:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 10:11 - 2016-08-03 05:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 10:11 - 2016-08-03 05:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 10:11 - 2016-08-03 05:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 10:11 - 2016-08-03 05:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 10:11 - 2016-08-03 05:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 10:11 - 2016-08-03 05:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 10:11 - 2016-08-03 05:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 10:11 - 2016-08-03 05:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 05:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 10:11 - 2016-08-03 05:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 10:11 - 2016-08-03 05:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 10:11 - 2016-08-03 05:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 10:11 - 2016-08-03 05:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 10:11 - 2016-08-03 05:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 10:11 - 2016-08-03 05:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 10:11 - 2016-08-03 05:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 10:11 - 2016-08-03 05:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 10:11 - 2016-08-03 05:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 10:11 - 2016-08-03 05:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 10:11 - 2016-08-03 05:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 10:11 - 2016-08-03 05:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 10:11 - 2016-08-03 05:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 05:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-05 21:00 - 2012-03-21 17:22 - 00000000 ____D C:\Users\Dave\AppData\LocalLow\WinZipBar
2016-09-05 21:00 - 2012-02-16 18:05 - 00000000 ____D C:\Program Files (x86)\ReImageCompanion
2016-09-05 20:54 - 2012-01-06 00:01 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2016-09-05 20:09 - 2012-04-10 11:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-05 19:53 - 2014-05-19 10:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-05 19:28 - 2012-01-06 04:42 - 00000000 ____D C:\Users\Dave\Documents\Outlook Files
2016-09-05 19:28 - 2012-01-06 03:22 - 00000000 ____D C:\Users\Dave\Documents\Email Folders
2016-09-05 19:07 - 2016-04-16 02:31 - 00000000 ____D C:\Users\Dave
2016-09-05 19:00 - 2012-01-06 00:01 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2016-09-05 18:59 - 2014-10-17 15:47 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA.job
2016-09-05 18:53 - 2016-02-09 15:57 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-05 18:25 - 2016-05-10 14:32 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E5A19858-B5EF-4BC6-82B9-E98777E8C8AB}
2016-09-05 17:47 - 2016-07-28 17:23 - 00000000 ____D C:\Users\Dave\AppData\Local\Deployment
2016-09-05 15:59 - 2014-10-17 15:47 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core.job
2016-09-05 12:51 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-05 11:52 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-05 10:33 - 2016-04-16 02:31 - 01013760 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-05 10:33 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-04 11:20 - 2012-04-26 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-02 22:29 - 2016-07-05 06:42 - 00000000 ____D C:\Users\Dave\AppData\Roaming\foobar2000
2016-09-01 16:40 - 2012-01-05 20:30 - 00000000 ____D C:\Users\Dave\Documents\Pop's
2016-09-01 12:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-01 12:06 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-26 07:40 - 2016-04-16 07:30 - 00002416 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-26 07:40 - 2016-04-16 07:30 - 00000000 ___RD C:\Users\Dave\OneDrive
2016-08-24 11:50 - 2012-01-05 20:30 - 00000000 ____D C:\Users\Dave\Documents\QUOTES
2016-08-22 11:42 - 2016-06-01 15:20 - 00000000 ____D C:\Users\Dave\AppData\Local\HTC MediaHub
2016-08-22 11:41 - 2016-02-13 14:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-18 10:09 - 2016-04-28 15:54 - 00000000 ____D C:\Users\Dave\Desktop\Dave Poole
2016-08-17 09:04 - 2011-11-01 23:03 - 00000000 ____D C:\ProgramData\PCDr
2016-08-15 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-13 10:33 - 2016-02-13 14:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-12 10:11 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-12 10:10 - 2016-02-13 14:04 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-12 10:10 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 10:20 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 10:20 - 2013-08-15 03:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 10:15 - 2012-01-07 17:55 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 10:14 - 2016-06-13 15:30 - 00002126 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-08-10 10:14 - 2016-06-13 15:30 - 00002124 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-08-10 10:14 - 2016-06-13 15:30 - 00002114 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-08-10 10:14 - 2016-06-13 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-08 20:16 - 2016-02-09 15:57 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
==================== Files in the root of some directories =======
2012-01-09 12:59 - 2016-04-14 15:11 - 0079200 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2016-01-01 21:21 - 2016-02-28 23:10 - 0003584 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-20 10:27 - 2016-01-20 10:27 - 0000852 _____ () C:\Users\Dave\AppData\Local\recently-used.xbel
2015-09-21 14:51 - 2015-09-21 14:51 - 0007605 _____ () C:\Users\Dave\AppData\Local\Resmon.ResmonCfg
2012-08-16 11:49 - 2015-02-03 18:58 - 0006536 _____ () C:\ProgramData\hpzinstall.log
2013-03-24 21:15 - 2016-03-19 18:42 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
Some files in TEMP:
====================
C:\Users\Dave\AppData\Local\Temp\iv_uninstall.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-09-05 06:22
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Dave (05-09-2016 18:57:17)
Running from C:\Users\Dave\Desktop
Windows 10 Pro Version 1511 (X64) (2016-04-16 06:27:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3195402160-3620752181-2962431074-500 - Administrator - Disabled)
Dave (S-1-5-21-3195402160-3620752181-2962431074-1000 - Administrator - Enabled) => C:\Users\Dave
DefaultAccount (S-1-5-21-3195402160-3620752181-2962431074-503 - Limited - Disabled)
Guest (S-1-5-21-3195402160-3620752181-2962431074-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3195402160-3620752181-2962431074-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3Connect (HKLM-x32\...\{A899DA1F-D626-401C-8651-F2921E3B4CB3}) (Version: 3.0.0 - 3 Mobile Broadband)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Accounts (x32 Version: 15.0.11.159 - Sage (UK) Ltd) Hidden
Accounts (x32 Version: 22.0.8.191 - Sage (UK) Ltd) Hidden
Acronis True Image Home (HKLM-x32\...\{D1E0E859-F46D-4708-A41D-ED90C0C1822A}) (Version: 12.0.9770.9 - Acronis)
Adobe Acrobat 8.1.0 Standard (HKLM-x32\...\Adobe Acrobat 8 Standard) (Version: 8.1.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
BBC iPlayer Downloads (HKLM-x32\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.910 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.882 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.)
Email Verifier (HKLM-x32\...\Email Verifier) (Version: - Live Software Inc)
Email Verifier (x32 Version: 6.2 - Live Software Inc) Hidden
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version: - )
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Network Guide WF-2540 Series (HKLM-x32\...\WF-2540 Series Netg) (Version: - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{C7AA3D65-1F84-4590-AFAA-0777A04B6687}) (Version: 4.4.1 - SEIKO EPSON CORPORATION)
Epson User's Guide WF-2540 Series (HKLM-x32\...\WF-2540 Series Useg) (Version: - )
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
ffdshow x64 v1.2.4422 [2012-04-09] (HKLM\...\ffdshow64_is1) (Version: 1.2.4422.0 - )
FileZilla Client 3.15.0.2 (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\FileZilla Client) (Version: 3.15.0.2 - Tim Kosse)
Flixster Video (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\5cdf686a56bda3b1) (Version: 2.6.5.532 - Flixster Video)
foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.72.3 - HTC)
Huawei modem (HKLM-x32\...\Huawei Modems) (Version: - )
Integrated Camera Driver Installer Package Ver.1.1.0.1132 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1132 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.8.601 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
join.me (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\JoinMe) (Version: 1.5.2.225 - LogMeIn, Inc.)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MCEBuddy 2.x (HKLM\...\{0D3796AA-D867-4278-AEBC-3616AD1F7C3A}) (Version: 2.4.3 - MCEBuddy)
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-GB)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.50.00 - )
OpenOffice.org 3.3 (HKLM-x32\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
Parrot Software Update Tool (HKLM-x32\...\Parrot Flash Update Wizard) (Version: - )
Python 3.4.0 (64-bit) (HKLM\...\{863162a8-ecc2-35ea-bdf7-e09ac456e164}) (Version: 3.4.150 - Python Software Foundation)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6418 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
ReImageCompanion (HKLM-x32\...\ReImageCompanion) (Version: - )
Sage 50 Accounts 2016 (HKLM-x32\...\InstallShield_{12CE83F7-1A7F-4728-91CA-99E7DF84B2DC}) (Version: 22.0.8.191 - Sage (UK) Ltd)
Sage Report Designer Service Pack (HKLM-x32\...\{808E694F-2A5F-44A7-BA82-8431B866B2C1}) (Version: 1.00.0000 - Sage (UK) Ltd.)
SBDDesktopUpdateInstaller (x32 Version: 12.1.586.0 - SBDDesktopUpdateInstaller) Hidden
SDataConfigAddInInstaller (x32 Version: 12.1.586.0 - SDataConfigAddInInstaller) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.2102.0 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
ShowAnalyzerSuite (HKLM-x32\...\{07C1B166-AAF2-4456-AE5F-48B20FD3124C}) (Version: 1.1.0.825 - Dragon Global)
SPAMfighter (HKLM-x32\...\SPAMfighter) (Version: 7.6.127 - Spamfighter ApS)
SPAMfighter (x32 Version: 7.6.127 - Spamfighter ApS) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.910 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
Windows Driver Package - Intel (iaStor) hdc (04/26/2011 10.5.0.1026) (HKLM\...\95D0E47871170F0763151CFD697BBAB47A5794F7) (Version: 04/26/2011 10.5.0.1026 - Intel)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )
Wondershare Video Converter Pro(Build 5.1.2.1) (HKLM-x32\...\Wondershare Video Converter Pro_is1) (Version: - Wondershare Software)
Wondershare Video Converter Ultimate(Build 8.6.0.0) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.6.0.0 - Wondershare Software)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
Zebra Font Downloader (HKLM-x32\...\Zebra Font Downloader_is1) (Version: - Zebra Technologies Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.30.75 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\880\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {025100CE-B40D-4D78-8C2E-A6758C60EA3A} - System32\Tasks\{2FA8FDB8-84B2-407E-AC1A-8875605519FC} => pcalua.exe -a C:\Users\Dave\Downloads\iview433_setup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {026C9C4D-4FB8-4B5C-9319-0579BAA87555} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0A7E75F5-E831-4DB9-B61E-CDB39D6902A6} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {0A8AB43F-6889-4148-9675-F22349318104} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {0CEB39A4-E2EE-404A-89D1-64ADBEEA8C5C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {0D12E138-D7F3-4DE3-851F-896D8297FD0E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0E9F1406-6743-4497-85B5-7AF39793C57B} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited)
Task: {0EFA0EAC-0540-4137-BBF5-2F3859A5661E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0F3D2144-5143-4334-B51F-E209ADA72B68} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {0FE1D425-1D15-43F8-8EA5-7695EC49DFB1} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {14C099FC-B7D4-42F2-9A48-05F2B786D68F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {19B9ABF8-BC5F-445E-AA77-287D5DBA0497} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {1E99479F-3750-4C72-9176-1E117EE9961A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3EAC044C-C34E-455E-B719-F8F6C34B741D} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {43C70501-D3D4-4D08-8501-E10BD4F89756} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4CB00FE0-BAAF-46A8-A3C2-F73C69316F1C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {4E03F021-2B72-473C-AE44-F804F8DAEC70} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {51376539-ABC9-4D03-BA8C-B8967D76978B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {55241966-A525-483A-80B3-912957AB1D5B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {56619721-81E9-49ED-A050-5094B93782BB} - System32\Tasks\Dave Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {5BA07DE9-AFE8-4F78-BA8C-DD084C955095} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {5D5CEC7B-FC3A-4AAF-9C92-77DF02A658C0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {61417B3F-2CC4-4FA8-B26F-D9C44F81318C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {65DB5A20-74D3-46BB-A32A-9BDA3F100D58} - System32\Tasks\Dave DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-04-01] (Seagate Technology LLC)
Task: {6620AE60-7FD9-4C82-852A-4C59BE211304} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {662ECEAF-F6BA-481B-A344-7AA752D9490C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {6D8247F1-2793-44EA-8594-F74737F2A75E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {6DCB8BD8-D83A-4FAE-84EA-FEF20138898F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {771C96B0-BC46-464D-BCB1-C4AF59762D9D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {7E1AFEE1-5456-4446-A289-F41BACA1048A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-17] (Facebook Inc.)
Task: {81B9AE31-23E3-4E62-BCFF-F4E245BF02F6} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {83B34BC5-9FCE-462B-ACEB-592DB222E2E0} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {85D9FB2A-01B3-4DA1-8DAA-1EF2938CE7C1} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {8A6F6665-22CB-4A09-87C6-E04B977D0151} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8D992057-8332-4078-8BDE-FC3A0D83F724} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {8DE947D3-87DC-41DD-B782-A39D05263B9D} - System32\Tasks\{BDF3DD27-5A11-4B25-89A9-4CEBDE54BF79} => pcalua.exe -a C:\Users\Dave\Downloads\irfanview_plugins_433_setup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {91514B03-773A-4B09-B637-F20DB0705B70} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-04-01] (Seagate Technology LLC)
Task: {9A10568E-EB4E-42D6-AB55-366BD62AE7A8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9E93A860-00F8-4062-8F99-75269EBAE193} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {A1B491D2-3F94-4DA5-950F-B488DE727980} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {A57CDDA4-929F-4106-A334-0367875C4063} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {A77339F7-9E91-45E2-81FF-D30DFAFEB80C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {B98AD9BE-6531-4B0B-B301-990AD31F4EBD} - System32\Tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeReminderTask => C:\Windows\System32\GWX\GWX.exe
Task: {BD0F2DBF-36AA-4CD1-86B5-0758730FD504} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BD13DE06-B699-47D0-9469-B0D784E0E16C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BEACC2AB-B5D6-4D05-9E9D-B26FEC6ADFEA} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-26] (Microsoft Corporation)
Task: {C1C3DBB7-C0B9-4B42-81DE-B2CBFFA219D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)
Task: {C1EFA083-82CB-48E2-AFA6-EF54CD6BD435} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-17] (Facebook Inc.)
Task: {C421AFD3-E9F2-44A7-BEC8-03ACB2E8E28C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {C45474CF-15F0-49CD-BF60-72A528EEF111} - System32\Tasks\Dave => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {C74BCBA9-4357-4035-BB16-6475F1BE322D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {CBF5BBC6-8397-42A6-8C88-968311A3945A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {CE47A082-0881-4AA7-A508-83DDCD3488D0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {CF1FD201-2A91-48C3-AB31-C90B2F545229} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-23] (Lenovo)
Task: {D12D668E-7504-4B5B-8A9D-4613DDA2EAB1} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {D409AD90-4D25-425E-87E3-FAA0945408F3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D8D937D2-8E84-4F41-AA15-368D19A4AD0A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D98C6D61-054B-41BE-BF91-67CCD7846385} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {DCBC3E82-9F51-4DC6-98B2-385D39468667} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E8C08136-AC9B-4B45-981B-62FEB3BB1B71} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {EF19F11F-F341-48CA-B4EF-EE727F3EC5D8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {F030A6A8-E074-454D-B7A5-A6AB8E738883} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F18F7729-813E-4E68-A7A9-6640A12FDF5F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FD6F1A6C-4A40-4B8E-BBB6-1704E1DA0857} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-11 13:42 - 2010-01-28 14:47 - 01737464 _____ () C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
2015-12-23 18:59 - 2015-12-23 18:59 - 00034304 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe
2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-13 12:42 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2011-11-01 22:54 - 2011-08-31 19:03 - 00045568 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2016-07-13 12:42 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-26 07:40 - 2016-08-26 07:40 - 01864384 _____ () C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-02-13 13:54 - 2016-02-13 13:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 12:43 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 12:42 - 2016-07-01 04:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 12:42 - 2016-07-01 04:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 12:42 - 2016-07-01 04:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 12:42 - 2016-07-01 04:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2011-11-01 22:51 - 2010-10-26 21:40 - 00049056 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-04-19 10:26 - 2016-04-19 10:26 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-09 14:40 - 2016-03-09 14:40 - 00030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2016-06-03 15:37 - 2016-06-03 15:37 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2016-03-09 14:40 - 2016-03-09 14:40 - 00059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2016-03-09 14:40 - 2016-03-09 14:40 - 00035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2016-03-09 14:40 - 2016-03-09 14:40 - 00079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2016-03-09 14:41 - 2016-03-09 14:41 - 00129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2016-03-09 14:42 - 2016-03-09 14:42 - 00223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-08-13 17:21 - 2016-05-16 16:52 - 01382048 ____N () C:\Program Files (x86)\Sage\AccountsServiceV22\cpprest100_1_2.dll
2011-11-01 22:54 - 2011-08-31 19:03 - 00081920 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMROV.DLL
2016-08-26 07:39 - 2016-08-26 07:39 - 01383616 _____ () C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-26 07:40 - 2016-08-26 07:40 - 00118976 _____ () C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2015-12-03 11:29 - 2015-12-03 11:29 - 00541216 _____ () C:\Program Files (x86)\Fighters\SPAMfighter\sfsg.dll
2015-12-03 11:28 - 2015-12-03 11:28 - 00966688 _____ () C:\Program Files (x86)\Fighters\SPAMfighter\sfse.dll
2016-04-19 10:26 - 2016-04-19 10:26 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 10:26 - 2016-04-19 10:26 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2016-02-12 16:50 - 00000851 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Think\Think_Blue.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ALCKRESI.EXE => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DBAgent => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
MSCONFIG\startupreg: DLSService => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
MSCONFIG\startupreg: DymoQuickPrint => "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: Facebook Update => "C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
MSCONFIG\startupreg: LTT => C:\Program Files\PC-Doctor\EnableToolbarW32.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TpShocks => TpShocks.exe
MSCONFIG\startupreg: Uploader => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
HKLM\...\StartupApproved\Run32: => "PWMTRV"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\StartupApproved\Run: => "GoogleDriveSync"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{E2FBDC54-2BD2-4FD3-83B9-89925871466F}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe
FirewallRules: [TCP Query User{F03878F2-D27A-455D-9C1D-17ADE2CDC137}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe
FirewallRules: [UDP Query User{B566473A-961C-475B-9D48-65FE51766D54}C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe] => (Block) C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe
FirewallRules: [TCP Query User{00164986-4ED2-4D0A-99F4-AD34190C1CA8}C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe] => (Block) C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe
FirewallRules: [{6AD08CC3-B4C6-45AA-BC35-C35AD9F27AF5}] => (Block) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{57D6181C-9E90-46CF-AAD8-69045167EF34}] => (Block) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [UDP Query User{9B650AB8-D643-479D-A632-1AF4891871FC}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [TCP Query User{AA1A1DE4-CD34-40F9-A0D2-8F5EBF02FAA3}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{3B105B4A-6DB1-4561-9B19-9E842D49014D}] => (Block) C:\xampp\apache\bin\httpd.exe
FirewallRules: [{A5175E7B-DA04-4DE9-AEFE-E909E6A8EB27}] => (Block) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{E6BA0614-CA91-4274-B02E-1EDC42F145B1}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{F54E9E43-78D0-4A94-AD26-6F31DB412C51}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [{C2553B23-8199-4F41-B792-A7F71D7A298D}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe
FirewallRules: [{4D60A337-930B-4A77-8FA9-FA0D31C78D71}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe
FirewallRules: [UDP Query User{1BA5E64F-1CAD-45CD-9537-B22B723D525A}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\medialibserver.exe
FirewallRules: [TCP Query User{B0EC78D1-D462-4D9F-BA1B-8EB4D252B467}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\medialibserver.exe
FirewallRules: [UDP Query User{BA841123-3947-4841-95D8-EE33E87B11BA}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe
FirewallRules: [TCP Query User{BB885D48-C5AB-4121-A4E0-58D9D8EAB17B}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe
FirewallRules: [{C93C135A-3482-479B-87C5-1795DA23D5C6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B4AB97BC-DC0B-4DD4-B16B-A76032398898}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{19AFD58A-3067-4E57-8C4A-840B35BB1818}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C9E630E1-0810-4385-89E3-96F4C5B08FB1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0733DDB6-B2AD-4FEA-A22E-E7C2B7B56346}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A30DB4AF-CB2A-4DC3-9624-125CBFA22728}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{F20D6ABD-07EC-4F8D-A72D-D005E494A2EA}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{97F3A88A-1414-4D35-8AF2-F6BDD4B6F359}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{68E306F1-9816-4C84-BBFB-1C9E602C8607}] => (Allow) LPort=8888
FirewallRules: [UDP Query User{C3631B32-6194-4B92-A2B0-CE9E1E559D0F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3B06458C-2AAB-434C-B167-36091779A20D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1705E34A-85E2-4F96-A769-C327FB10BBFD}C:\users\dave\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{821E65EC-3B6D-4DEF-95A9-78004FFE9160}C:\users\dave\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AB45CA04-0DE9-46FA-8FE9-294238B2F34E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{36FB540E-8280-4AA6-BB81-1623E15DACFB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{94AC206C-61AF-4B4A-A56D-20B5D1800CBB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{F8E78B8E-D59F-44FE-9319-6584D2C3090A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C7C33E5D-1098-4623-9C5B-F83D7290D0BB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{31363357-B278-4306-B6DC-BF50EA8C6EF0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{DA00CE47-176C-495F-ADCC-ECCE207A1990}] => (Allow) G:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{F7A7A8C2-C96D-4831-A45F-A764F87592DD}] => (Allow) G:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{2541487E-5EDB-4CC7-BB13-63BF356F41C2}] => (Allow) C:\Users\Dave\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{8D6AD0CD-234C-4D29-973A-335962ADD84D}] => (Allow) LPort=8888
FirewallRules: [UDP Query User{31D7E403-50B4-417D-A6A1-9815278C42AD}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{2CA8C855-19B9-476C-9A6C-912F88E0A842}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{684C0FB3-876E-4F35-8270-9C14ACDF7CAB}C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe
FirewallRules: [TCP Query User{83B9B898-3962-4CBB-8746-CBE6AC3728F7}C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe
FirewallRules: [{EDDADA75-5EBF-4697-BC46-F01BF22B77D4}] => (Allow) C:\Users\Dave\AppData\Local\Temp\7zS4A15\HPDiagnosticCoreUI.exe
FirewallRules: [{7D2E151C-EA7A-44CD-89CE-863DC3E874F2}] => (Allow) C:\Users\Dave\AppData\Local\Temp\7zS4A15\HPDiagnosticCoreUI.exe
FirewallRules: [UDP Query User{DA04391C-5E3C-4662-A160-E8024F42A0C9}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [TCP Query User{6E0C638D-BC1A-431E-97FF-5C3DD3B44EA2}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{062E0EC3-1A5D-45AC-8DE3-E4FDC5C4CB49}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{C628E08C-AB5D-45B6-8300-D07D87441395}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{FFF66738-8DDD-4122-A03D-1BEB25CB8450}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{8E54B49A-B4CE-4AD9-A46B-87676F6EE16B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{65B33B26-6A29-4604-AE59-039308C46B5E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{970AB776-EF40-4358-BFBD-86CCC1064300}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{1DBA06E0-8C69-432B-B8C1-EF95C60D1BDD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{49E373F4-5F6E-46A5-BF2F-C24C8E8621C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{DC466A1D-6C59-4D68-BED4-904090D4B094}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{093D17F8-A204-4A34-90B9-AC10DC25D21C}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{6D46DE04-5A8A-400A-B3E3-08F3462B3B24}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{9FBD5A68-D783-4173-BCC8-8036DDAFC5D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{911D4B1F-41C5-4DA7-87C0-E34BFA47AF80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{D1DCBE46-027B-49C2-A8E3-0E06B1D647E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [TCP Query User{7B8D5D5C-220B-4B70-ADC8-EA529F9AFAA3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{71D2E034-7422-4C84-B9D3-49CBB270E735}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{24D50A94-0B6C-4C21-951A-D95E146F7302}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe
FirewallRules: [UDP Query User{67D20E17-D1C3-4153-99A4-6B0599FE1DB7}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe
FirewallRules: [TCP Query User{C10FC48D-E6E5-480E-B34A-620C92CD2DE9}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu\medialibserver.exe
FirewallRules: [UDP Query User{DFB80BC7-2950-429C-A878-8960CCAE140B}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu\medialibserver.exe
FirewallRules: [{DA843970-1DAF-465E-853D-B3B512DD701D}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{5495F6C3-AA50-4FB3-9CAB-D0CACDA0A72A}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{A19FB1B6-43DD-4EFB-B153-F6DBCD0F4B45}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9453DA5B-57C5-4A7F-ACAE-275F60D97764}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{6DE4A561-BE88-44CC-B95A-91D362DDECE7}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
==================== Restore Points =========================
18-08-2016 09:35:42 Scheduled Checkpoint
26-08-2016 07:43:52 Windows Update
01-09-2016 12:06:48 Windows Update
==================== Faulty Device Manager Devices =============
Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/05/2016 05:49:07 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:07:0000)(214504) enumerator - Error -- 116 pcdrsysinfosystemboard: Module timed out after 120895 milliseconds and was terminated
Error: (09/05/2016 05:49:07 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:07:0000)(214504) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec.
Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9960)(214504) libCommon.System.Windows - Error -- 726 execAndGetPipeData(./pcdrsysinfosystemboard.p5x) readFromPipeTimed failed, killing: 211080
Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9960)(214504) libCommon.System.Windows - Error -- 635 readFromPipeTimed(1200) timed out after 119998 totalBytes: 0
Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9250)(214504) enumerator - Error -- 116 pcdrsysinfodirect: Module timed out after 120820 milliseconds and was terminated
Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9250)(214504) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec.
Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9210)(214504) libCommon.System.Windows - Error -- 726 execAndGetPipeData(./pcdrsysinfodirect.p5x) readFromPipeTimed failed, killing: 208504
Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9210)(214504) libCommon.System.Windows - Error -- 635 readFromPipeTimed(1208) timed out after 119999 totalBytes: 0
Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9090)(214504) enumerator - Error -- 116 pcdrsysinfocpu_x86: Module timed out after 120803 milliseconds and was terminated
Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9080)(214504) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec.
System errors:
=============
Error: (09/05/2016 06:43:28 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
Error: (09/05/2016 06:43:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_10af742e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/05/2016 06:43:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_10af742e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/05/2016 06:43:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_10af742e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/05/2016 06:43:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_10af742e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/04/2016 10:03:55 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_f7aacdd service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_f7aacdd service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_f7aacdd service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_f7aacdd service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2016-09-05 18:17:57.757
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-05 18:17:57.744
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-05 18:17:51.818
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-05 18:17:51.805
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-05 18:17:50.396
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-05 18:17:50.383
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-05 18:17:50.364
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-05 18:17:50.352
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-05 18:17:48.343
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-05 18:17:48.328
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 50%
Total physical RAM: 8032.48 MB
Available physical RAM: 4010.78 MB
Total Virtual: 16224.48 MB
Available Virtual: 11537.36 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:221.31 GB) (Free:59.51 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive y: () (Network) (Total:2778.53 GB) (Free:1336.9 GB)
Drive z: () (Network) (Total:2778.53 GB) (Free:1336.9 GB)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 000297F0)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Rkill 2.8.4 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 09/05/2016 07:06:36 PM in x64 mode.
Windows Version: Windows 10 Pro
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 09/05/2016 07:06:43 PM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)
Zemana AntiMalware 2.30.2.75 (Installed)
-------------------------------------------------------
Scan Result : Terminated
Scan Date : 2016/9/5
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
BIOS Mode : Legacy
CUID : 121DDA6369C1AD6D3CE737
Scan Type : Deep Scan
Duration : 112m 43s
Scanned Objects : 255132
Detected Objects : 38
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Enabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
Firefox Hello Beta
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\loop@mozilla.org.xpi
MD5 : 8923003ACCA092A8EE8939B52C7531B0
Publisher : -
Size : 2034437
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Firefox Hello Beta
File - %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\loop@mozilla.org.xpi
Pocket
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\firefox@getpocket.com.xpi
MD5 : 42910AD54D5C1E030808FE0871BF87B1
Publisher : -
Size : 781661
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Pocket
File - %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\firefox@getpocket.com.xpi
Multi-process staged rollout
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\e10srollout@mozilla.org.xpi
MD5 : 57E44B5FBC1A39AEAFF4371DDF725E6D
Publisher : -
Size : 6321
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Multi-process staged rollout
File - %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\e10srollout@mozilla.org.xpi
Default
Status : Scanned
Object : %programfiles%\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
MD5 : 5F6005F321AB0B2E80B661E6DFFD6934
Publisher : -
Size : 4854
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Default
File - %programfiles%\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Pocket
Status : Scanned
Object : %programfiles%\mozilla firefox\browser\features\firefox@getpocket.com.xpi
MD5 : 2C73674F65CCD66C8B610A5CCDA038C2
Publisher : -
Size : 671328
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Pocket
File - %programfiles%\mozilla firefox\browser\features\firefox@getpocket.com.xpi
Multi-process staged rollout
Status : Scanned
Object : %programfiles%\mozilla firefox\browser\features\e10srollout@mozilla.org.xpi
MD5 : E62C969ACC15E9815778D3D036407775
Publisher : -
Size : 2306
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Multi-process staged rollout
File - %programfiles%\mozilla firefox\browser\features\e10srollout@mozilla.org.xpi
Firefox Hello
Status : Scanned
Object : %programfiles%\mozilla firefox\browser\features\loop@mozilla.org.xpi
MD5 : 18791CC68C80EA2D72E5D8051515E742
Publisher : -
Size : 1668877
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Firefox Hello
File - %programfiles%\mozilla firefox\browser\features\loop@mozilla.org.xpi
Awesome Screenshot - Capture, Annotate & More
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\extensions\jid0-gxjllfbcoax0lcltedfrekqdqpi@jetpack.xpi
MD5 : 184025D226B688B5439012DBDF0372D9
Publisher : -
Size : 1935062
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Awesome Screenshot - Capture, Annotate & More
File - %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\extensions\jid0-gxjllfbcoax0lcltedfrekqdqpi@jetpack.xpi
E-Web Print
Status : Scanned
Object : %programfiles%\epson software\e-web print\firefox add-on
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - E-Web Print
Wondershare Video Converter Ultimate
Status : Scanned
Object : %allusersprofile%\wondershare\video converter ultimate\wsvcu@wondershare.com_xpi
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Wondershare Video Converter Ultimate
MeasureIt
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\extensions\{75ceee46-9b64-46f8-94bf-54012de155f0}.xpi
MD5 : E1C03C04E1B6E8C5D1FFFADB1B120899
Publisher : -
Size : 35538
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - MeasureIt
File - %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\extensions\{75ceee46-9b64-46f8-94bf-54012de155f0}.xpi
ColorZilla
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - ColorZilla
Logitech SetPoint
Status : Scanned
Object : %programw6432%\logitech\setpointp\logismoothfirefoxext
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Logitech SetPoint
Chrome Media Router
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Chrome Media Router
Gmail
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Gmail
Chrome Web Store Payments
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Chrome Web Store Payments
Google Docs Offline
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Google Docs Offline
Google Sheets
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\felcaaldnbdncclmgdcncolpebgiejap
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Google Sheets
Google Search
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Google Search
YouTube
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - YouTube
Google Drive
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Google Drive
Google Docs
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\aohghmighlieiainnegkcijnfilokake
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Google Docs
Google Slides
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\aapocclcgogkmnckokdopfmhonfmgoek
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Related Objects :
Browser Extension - Google Slides
hk64tbWin2.dll
Status : Scanned
Object : %localappdata%\low\winzipbar\hk64tbwin2.dll
MD5 : 0CDCB4B27180B1E7106CA7807B944454
Publisher : Conduit Ltd.
Size : 1255712
Version : 6.17.0.33
Detection : Win32/Adware.Conduit!Ep
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\low\winzipbar\hk64tbwin2.dll
tbWinZ.dll
Status : Scanned
Object : %localappdata%\low\winzipbar\tbwinz.dll
MD5 : 2D2894581D355D5F44EAE38898A66846
Publisher : Conduit Ltd.
Size : 4398888
Version : 6.8.5.1
Detection : Win32/Adware.Conduit!Ep
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\low\winzipbar\tbwinz.dll
tbWin2.dll
Status : Scanned
Object : %localappdata%\low\winzipbar\tbwin2.dll
MD5 : 01799DEF4EE217264F0ABD2CCF1BEFF5
Publisher : Conduit Ltd.
Size : 5171488
Version : 6.17.0.33
Detection : Win32/Adware.Conduit!Ep
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\low\winzipbar\tbwin2.dll
tbWin1.dll
Status : Scanned
Object : %localappdata%\low\winzipbar\tbwin1.dll
MD5 : 0F8BB38E6192828380AF1773C03442E9
Publisher : Conduit Ltd.
Size : 2914080
Version : 6.17.0.33
Detection : Win32/Adware.Conduit!Ep
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\low\winzipbar\tbwin1.dll
tbWin0.dll
Status : Scanned
Object : %localappdata%\low\winzipbar\tbwin0.dll
MD5 : 73406FA9287B36CA4163797C73A2CD04
Publisher : Conduit Ltd.
Size : 4451144
Version : 6.9.0.16
Detection : Win32/Adware.Conduit!Ep
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\low\winzipbar\tbwin0.dll
ldrtbWinZ.dll
Status : Scanned
Object : %localappdata%\low\winzipbar\ldrtbwinz.dll
MD5 : 76B3946090C94BB38DBBCA54AC8FF9F7
Publisher : Conduit Ltd.
Size : 263464
Version : 1.0.4.1
Detection : Win32/Adware.Conduit!Ep
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\low\winzipbar\ldrtbwinz.dll
ldrtbWin2.dll
Status : Scanned
Object : %localappdata%\low\winzipbar\ldrtbwin2.dll
MD5 : 2A48A0CD819728A99B8EA8114F84FED1
Publisher : Conduit Ltd.
Size : 333088
Version : 6.17.0.33
Detection : Win32/Adware.Conduit!Ep
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\low\winzipbar\ldrtbwin2.dll
ldrtbWin0.dll
Status : Scanned
Object : %localappdata%\low\winzipbar\ldrtbwin0.dll
MD5 : CE49528C9B0B3B3018EE2F70E76B362A
Publisher : Conduit Ltd.
Size : 267592
Version : 2.1.0.11
Detection : Win32/Adware.Conduit!Ep
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\low\winzipbar\ldrtbwin0.dll
hktbWin2.dll
Status : Scanned
Object : %localappdata%\low\winzipbar\hktbwin2.dll
MD5 : B4AC04FF97BCF208B4C6074423349C78
Publisher : Conduit Ltd.
Size : 1058592
Version : 6.17.0.33
Detection : Win32/Adware.Conduit!Ep
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\low\winzipbar\hktbwin2.dll
chromeNPAPI.dll
Status : Scanned
Object : %temp%\scoped_dir_244152_22576\crx_install\chromenpapi.dll
MD5 : 4C2F5C8A58562D7A362FF1020320618E
Publisher : Blabbers Communications Ltd
Size : 97072
Version : 1.0.0.0
Detection : Adware:Win32/Blabber!Ep
Cleaning Action : Quarantine
Related Objects :
File - %temp%\scoped_dir_244152_22576\crx_install\chromenpapi.dll
prxtbWinZ.dll
Status : Scanned
Object : %programfiles%\winzipbar\prxtbwinz.dll
MD5 : 4C163BD2A5905D18893EE311608E8C54
Publisher : Conduit Ltd.
Size : 176936
Version : 6.4.0.0
Detection : Win32/Adware.Conduit!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\winzipbar\prxtbwinz.dll
toolbar.dll
Status : Scanned
Object : %programfiles%\reimagecompanion\toolbar.dll
MD5 : AF584069AB7A0C6FD1CB8012D35137F8
Publisher : Reimage Limited
Size : 127864
Version : 1.0.2.1
Detection : Scareware:Win32/NonBeneficialOptimizer!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\reimagecompanion\toolbar.dll
widgetserv.exe
Status : Scanned
Object : %programfiles%\reimagecompanion\widgetserv.exe
MD5 : EEC50AD751919DA5C0B8EC3EEC2A996F
Publisher : Reimage Limited
Size : 219000
Version : 1.0.2.2
Detection : Scareware:Win32/NonBeneficialOptimizer!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\reimagecompanion\widgetserv.exe
sqlite3.dll
Status : Scanned
Object : %programfiles%\reimagecompanion\sqlite3.dll
MD5 : C658763A2328B37B505071499BC72202
Publisher : Reimage Limited
Size : 367528
Version : -
Detection : Scareware:Win32/NonBeneficialOptimizer!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\reimagecompanion\sqlite3.dll
SARegProxy.exe
Status : Scanned
Object : %programfiles%\dragon global\showanalyzersuite\saregproxy.exe
MD5 : 20A31030102828C1430C14D991193DB1
Publisher : -
Size : 1627136
Version : -
Detection : Malware:Win32/Tamaca!Ikea
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\dragon global\showanalyzersuite\saregproxy.exe
Cleaning Result
-------------------------------------------------------
Cleaned : 38
Reported as safe : 0
Failed : 0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Dave (administrator) on DAVE-THINK (05-09-2016 21:05:19)
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave (Available Profiles: Dave & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe
(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe
(Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
(Dragon Global) C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\FighterSuiteService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\x64\LiveKitLoader64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrcui.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrsysinfocpu_x86.p5x
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-19] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [377304 2009-05-25] (Acronis)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-28] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [146600 2015-07-28] (Synaptics)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)
HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo Group Limited)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4359776 2009-05-25] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [960616 2009-05-25] (Acronis)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-03-21] ()
HKLM-x32\...\Run: [CommonToolkitTray] => C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1696288 2015-02-27] (SPAMfighter ApS)
HKLM-x32\...\Run: [sfagent] => C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe [1050656 2015-12-03] (SPAMfighter ApS)
HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {3f802dee-6919-11e2-a303-e89a8ffca9b0} - "D:\AutoRun.exe"
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {d83995d4-6138-11e6-bdeb-9439e5917cfa} - "D:\AutoRun.exe"
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-03-20]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2030d55d-3156-470a-89b6-c023b848a1ef}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{83b2351b-def0-4a36-bbe7-bfa19d316a79}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enGB465
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enGB465
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {E5469FAC-5226-4BB3-87EA-F4C75B15AA0D} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-21] (Wondershare)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-04] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-04] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
FireFox:
========
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918
FF DefaultSearchEngine: Yahoo.co.uk
FF Homepage: hxxps://www.google.co.uk/?gfe_rd=cr&ei=8eixVYD7KMOHOraeqJgO
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3195402160-3620752181-2962431074-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-18] (Cisco WebEx LLC)
FF Extension: (No Name) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [not found]
FF Extension: (No Name) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [not found]
FF Extension: (No Name) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [not found]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-09-02] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-09-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on => not found
Chrome:
=======
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default
CHR HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gmdfpnpdmnjaffhcdbobdjpolhpacaem] - C:\Program Files (x86)\ReImageCompanion\blabbers-ch.crx [2012-02-10]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] ()
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-01-13] (Macrovision Europe Ltd.) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MCEBuddy2x; C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe [34304 2015-12-23] () [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor)
R2 Sage 50 Accounts Control v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe [2396672 2016-05-16] (Sage (UK) Ltd.) [File not signed]
R2 Sage 50 Accounts Service v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe [3474944 2016-05-16] (Sage (UK) Ltd.) [File not signed]
R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed]
R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2015-02-06] (Sage (UK) Limited) [File not signed]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC)
R2 ShowAnalyzerMaster; C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe [2136576 2010-06-05] (Dragon Global) [File not signed]
R2 SPAMfighter Update Service; C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [216608 2015-12-03] (SPAMfighter ApS)
R2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1282592 2015-11-13] (SPAMfighter ApS)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-28] (Synaptics Incorporated)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [256000 2010-12-22] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-28] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [1462304 2015-11-19] (Acronis)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-09-05] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-05] (Zemana Ltd.)
U3 idsvc; no ImagePath
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-05 21:01 - 2016-09-05 21:01 - 00018394 _____ C:\Users\Dave\Desktop\Zemana20160905.txt
2016-09-05 19:07 - 2016-09-05 19:07 - 00002076 _____ C:\Users\Dave\Desktop\rkill.txt
2016-09-05 19:03 - 2016-09-05 19:04 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\iExplore.exe
2016-09-05 19:02 - 2016-09-05 19:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\rkill.com
2016-09-05 18:57 - 2016-09-05 18:58 - 00063502 _____ C:\Users\Dave\Desktop\Addition.txt
2016-09-05 18:56 - 2016-09-05 21:05 - 00027087 _____ C:\Users\Dave\Desktop\FRST.txt
2016-09-05 17:45 - 2016-09-05 17:45 - 02397696 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2016-09-05 17:26 - 2016-09-05 21:05 - 00301862 _____ C:\WINDOWS\ZAM.krnl.trace
2016-09-05 17:26 - 2016-09-05 21:05 - 00296305 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-09-05 17:26 - 2016-09-05 17:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-09-05 17:26 - 2016-09-05 17:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-09-05 17:26 - 2016-09-05 17:26 - 00001232 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-09-05 17:26 - 2016-09-05 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-09-05 17:26 - 2016-09-05 17:26 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-09-05 17:25 - 2016-09-05 17:25 - 00000000 ____D C:\Users\Dave\AppData\Local\Zemana
2016-09-05 17:24 - 2016-09-05 17:24 - 05292304 _____ ( ) C:\Users\Dave\Desktop\Zemana.AntiMalware.Setup.exe
2016-09-05 17:20 - 2016-09-05 17:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\rkill.exe
2016-09-05 06:41 - 2016-09-05 06:42 - 00065951 _____ C:\Users\Dave\Downloads\Addition.txt
2016-09-05 06:40 - 2016-09-05 21:04 - 00000000 ____D C:\FRST
2016-09-05 06:40 - 2016-09-05 06:42 - 00052321 _____ C:\Users\Dave\Downloads\FRST.txt
2016-09-05 06:38 - 2016-09-05 06:39 - 02397696 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe
2016-09-02 12:07 - 2016-09-04 11:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-01 14:50 - 2016-09-01 14:50 - 00801692 _____ C:\Users\Dave\Downloads\2016_FFS_Catalogue_page_101_Standard_Bag_Range_-_SB.pdf
2016-08-26 07:40 - 2016-08-26 07:40 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-26 07:39 - 2016-08-26 07:39 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Skype
2016-08-22 15:53 - 2016-08-22 15:53 - 00000010 _____ C:\Users\Dave\Desktop\Blas a Fronlas.txt
2016-08-11 15:24 - 2016-08-11 15:25 - 00111224 _____ C:\Users\Dave\Downloads\3196 Beveridge.pdf
2016-08-10 15:41 - 2016-08-10 15:41 - 04927969 _____ C:\Users\Dave\Downloads\Joint Administrators Progress Report 14.11.15 to 13.05.16.pdf
2016-08-10 15:29 - 2016-08-10 15:29 - 05081674 _____ C:\Users\Dave\Downloads\Joint Administrators Statement of Proposals.pdf
2016-08-10 11:33 - 2016-08-10 11:33 - 00059010 _____ C:\Users\Dave\Downloads\downloadfile(10).PDF
2016-08-10 11:32 - 2016-08-10 11:32 - 00058476 _____ C:\Users\Dave\Downloads\downloadfile(9).PDF
2016-08-10 11:31 - 2016-08-10 11:31 - 00060543 _____ C:\Users\Dave\Downloads\downloadfile(8).PDF
2016-08-10 11:29 - 2016-08-10 11:29 - 00058883 _____ C:\Users\Dave\Downloads\downloadfile(7).PDF
2016-08-10 11:28 - 2016-08-10 11:28 - 00054927 _____ C:\Users\Dave\Downloads\downloadfile(6).PDF
2016-08-10 10:14 - 2016-08-10 10:14 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-08-10 10:14 - 2016-08-10 10:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-08-10 10:11 - 2016-08-03 12:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 10:11 - 2016-08-03 12:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 10:11 - 2016-08-03 12:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 10:11 - 2016-08-03 11:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 10:11 - 2016-08-03 11:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 10:11 - 2016-08-03 11:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 10:11 - 2016-08-03 11:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 10:11 - 2016-08-03 11:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 10:11 - 2016-08-03 11:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 10:11 - 2016-08-03 11:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 10:11 - 2016-08-03 11:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 10:11 - 2016-08-03 11:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 10:11 - 2016-08-03 11:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 10:11 - 2016-08-03 11:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 10:11 - 2016-08-03 11:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 10:11 - 2016-08-03 11:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 10:11 - 2016-08-03 11:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 10:11 - 2016-08-03 11:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 10:11 - 2016-08-03 11:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 10:11 - 2016-08-03 11:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 10:11 - 2016-08-03 11:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 10:11 - 2016-08-03 11:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 10:11 - 2016-08-03 11:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 10:11 - 2016-08-03 11:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 10:11 - 2016-08-03 11:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 10:11 - 2016-08-03 11:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 10:11 - 2016-08-03 10:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 10:11 - 2016-08-03 10:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 10:11 - 2016-08-03 10:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 10:11 - 2016-08-03 10:45 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2016-08-10 10:11 - 2016-08-03 10:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 10:11 - 2016-08-03 10:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 10:11 - 2016-08-03 10:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 10:11 - 2016-08-03 10:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 10:11 - 2016-08-03 10:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-10 10:11 - 2016-08-03 10:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-10 10:11 - 2016-08-03 10:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 10:11 - 2016-08-03 10:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 10:11 - 2016-08-03 10:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-10 10:11 - 2016-08-03 10:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 10:11 - 2016-08-03 10:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 10:11 - 2016-08-03 10:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 10:11 - 2016-08-03 10:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 10:11 - 2016-08-03 10:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 10:11 - 2016-08-03 10:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 10:11 - 2016-08-03 10:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 10:11 - 2016-08-03 10:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 10:11 - 2016-08-03 10:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 10:11 - 2016-08-03 10:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 10:11 - 2016-08-03 10:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 10:11 - 2016-08-03 10:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 10:11 - 2016-08-03 10:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 10:11 - 2016-08-03 10:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 10:11 - 2016-08-03 10:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 10:11 - 2016-08-03 10:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 10:11 - 2016-08-03 10:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 10:11 - 2016-08-03 10:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 10:11 - 2016-08-03 10:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 10:11 - 2016-08-03 10:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 10:11 - 2016-08-03 10:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 10:11 - 2016-08-03 10:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 10:11 - 2016-08-03 10:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 10:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 10:11 - 2016-08-03 10:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 10:11 - 2016-08-03 10:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 10:11 - 2016-08-03 10:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 10:11 - 2016-08-03 10:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-10 10:11 - 2016-08-03 10:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 10:11 - 2016-08-03 10:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-10 10:11 - 2016-08-03 10:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 10:11 - 2016-08-03 10:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 10:11 - 2016-08-03 10:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 10:11 - 2016-08-03 10:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 10:11 - 2016-08-03 10:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 10:11 - 2016-08-03 10:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 10:11 - 2016-08-03 10:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 10:11 - 2016-08-03 10:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 10:11 - 2016-08-03 10:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 10:11 - 2016-08-03 10:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 10:11 - 2016-08-03 10:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 10:11 - 2016-08-03 10:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 10:11 - 2016-08-03 10:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 10:11 - 2016-08-03 10:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 10:11 - 2016-08-03 10:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 10:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 10:11 - 2016-08-03 10:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 10:11 - 2016-08-03 10:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 10:11 - 2016-08-03 10:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 10:11 - 2016-08-03 06:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 10:11 - 2016-08-03 06:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 10:11 - 2016-08-03 06:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 10:11 - 2016-08-03 06:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 10:11 - 2016-08-03 06:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 10:11 - 2016-08-03 06:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 10:11 - 2016-08-03 06:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 10:11 - 2016-08-03 06:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 10:11 - 2016-08-03 06:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 10:11 - 2016-08-03 06:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 10:11 - 2016-08-03 05:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 10:11 - 2016-08-03 05:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 10:11 - 2016-08-03 05:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 10:11 - 2016-08-03 05:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 10:11 - 2016-08-03 05:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 10:11 - 2016-08-03 05:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 10:11 - 2016-08-03 05:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 10:11 - 2016-08-03 05:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 10:11 - 2016-08-03 05:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 10:11 - 2016-08-03 05:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 10:11 - 2016-08-03 05:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 10:11 - 2016-08-03 05:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 10:11 - 2016-08-03 05:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 10:11 - 2016-08-03 05:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 05:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 10:11 - 2016-08-03 05:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 10:11 - 2016-08-03 05:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 10:11 - 2016-08-03 05:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 10:11 - 2016-08-03 05:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 10:11 - 2016-08-03 05:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 10:11 - 2016-08-03 05:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 10:11 - 2016-08-03 05:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 10:11 - 2016-08-03 05:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 10:11 - 2016-08-03 05:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 10:11 - 2016-08-03 05:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 10:11 - 2016-08-03 05:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 10:11 - 2016-08-03 05:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 10:11 - 2016-08-03 05:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 05:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-05 21:00 - 2012-03-21 17:22 - 00000000 ____D C:\Users\Dave\AppData\LocalLow\WinZipBar
2016-09-05 21:00 - 2012-02-16 18:05 - 00000000 ____D C:\Program Files (x86)\ReImageCompanion
2016-09-05 20:54 - 2012-01-06 00:01 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2016-09-05 20:09 - 2012-04-10 11:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-05 19:53 - 2014-05-19 10:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-05 19:28 - 2012-01-06 04:42 - 00000000 ____D C:\Users\Dave\Documents\Outlook Files
2016-09-05 19:28 - 2012-01-06 03:22 - 00000000 ____D C:\Users\Dave\Documents\Email Folders
2016-09-05 19:07 - 2016-04-16 02:31 - 00000000 ____D C:\Users\Dave
2016-09-05 19:00 - 2012-01-06 00:01 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2016-09-05 18:59 - 2014-10-17 15:47 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA.job
2016-09-05 18:53 - 2016-02-09 15:57 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-05 18:25 - 2016-05-10 14:32 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E5A19858-B5EF-4BC6-82B9-E98777E8C8AB}
2016-09-05 17:47 - 2016-07-28 17:23 - 00000000 ____D C:\Users\Dave\AppData\Local\Deployment
2016-09-05 15:59 - 2014-10-17 15:47 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core.job
2016-09-05 12:51 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-05 11:52 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-05 10:33 - 2016-04-16 02:31 - 01013760 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-05 10:33 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-04 11:20 - 2012-04-26 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-02 22:29 - 2016-07-05 06:42 - 00000000 ____D C:\Users\Dave\AppData\Roaming\foobar2000
2016-09-01 16:40 - 2012-01-05 20:30 - 00000000 ____D C:\Users\Dave\Documents\Pop's
2016-09-01 12:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-01 12:06 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-26 07:40 - 2016-04-16 07:30 - 00002416 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-26 07:40 - 2016-04-16 07:30 - 00000000 ___RD C:\Users\Dave\OneDrive
2016-08-24 11:50 - 2012-01-05 20:30 - 00000000 ____D C:\Users\Dave\Documents\QUOTES
2016-08-22 11:42 - 2016-06-01 15:20 - 00000000 ____D C:\Users\Dave\AppData\Local\HTC MediaHub
2016-08-22 11:41 - 2016-02-13 14:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-18 10:09 - 2016-04-28 15:54 - 00000000 ____D C:\Users\Dave\Desktop\Dave Poole
2016-08-17 09:04 - 2011-11-01 23:03 - 00000000 ____D C:\ProgramData\PCDr
2016-08-15 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-13 10:33 - 2016-02-13 14:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-12 10:11 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-12 10:10 - 2016-02-13 14:04 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-12 10:10 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 10:20 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 10:20 - 2013-08-15 03:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 10:15 - 2012-01-07 17:55 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 10:14 - 2016-06-13 15:30 - 00002126 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-08-10 10:14 - 2016-06-13 15:30 - 00002124 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-08-10 10:14 - 2016-06-13 15:30 - 00002114 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-08-10 10:14 - 2016-06-13 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-08 20:16 - 2016-02-09 15:57 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
==================== Files in the root of some directories =======
2012-01-09 12:59 - 2016-04-14 15:11 - 0079200 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2016-01-01 21:21 - 2016-02-28 23:10 - 0003584 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-20 10:27 - 2016-01-20 10:27 - 0000852 _____ () C:\Users\Dave\AppData\Local\recently-used.xbel
2015-09-21 14:51 - 2015-09-21 14:51 - 0007605 _____ () C:\Users\Dave\AppData\Local\Resmon.ResmonCfg
2012-08-16 11:49 - 2015-02-03 18:58 - 0006536 _____ () C:\ProgramData\hpzinstall.log
2013-03-24 21:15 - 2016-03-19 18:42 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
Some files in TEMP:
====================
C:\Users\Dave\AppData\Local\Temp\iv_uninstall.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-09-05 06:22
==================== End of FRST.txt ============================
Any other suggestions please?