Jump to content

Ric12string

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here is the addition.txt report: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015Ran by Robert French at 2015-04-13 15:23:32Running from C:\Users\Robert French\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4Team Safe PST Backup Free Edition (HKLM-x32\...\{A14AB79F-E684-420F-A4DB-EB3B762F9FDD}) (Version: 2.31.0507 - 4Team Corporation)Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)Adobe Connect 9 Add-in (HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\Adobe Connect 9 Add-in) (Version: 11.2.247.0 - Adobe Systems Incorporated)Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.71 - ArcSoft)Aura Image Gallery III (HKLM-x32\...\FishmanAuraImageGallery) (Version: - )Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 4.0.0.0 - Auslogics Labs Pty Ltd)Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) HiddenCardMinder V3.2 (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V3.2L10 - PFU)CEB Practice Libraries (HKLM-x32\...\{9FF5157B-F8F7-4AD7-B312-709831A7A4A7}) (Version: 10.02 - Continuing Education of the Bar - California)Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.0 - Conexant)Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDamages (C:\Program Files (x86)\Dmgs\) (HKLM-x32\...\ST6UNST #2) (Version: - )Damages (HKLM-x32\...\ST6UNST #1) (Version: - )Dropbox (HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)EaseUS Todo Backup Free 6.5 (HKLM-x32\...\EaseUS Todo Backup Free 6.5_is1) (Version: 6.5 - CHENGDU YIWO Tech Development Co., Ltd)erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenEssential Forms (HKLM-x32\...\{1406D422-1625-4A0F-8667-8C5410922614}) (Version: - )Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenK-Lite Codec Pack 10.0.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.0 - )LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.10 - Lenovo)Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7252 - Memeo Inc.)Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)Microsoft Report Viewer Redistributable 2008 (KB971119) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) HiddenMotorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMozilla Firefox 15.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 15.0.1 (x86 en-US)) (Version: 15.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 15.0.1 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon)On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.50.00 - )ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.7001 - ooVoo LLC.)PDF Thumbnail View (HKLM-x32\...\{04E54838-9F21-4615-8CF1-ACC7CF41008B}) (Version: - )Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)player (HKLM-x32\...\player2.13.0) (Version: 2.13.0 - player)QuickBooks (x32 Version: 19.0.4014.705 - Intuit Inc.) HiddenQuickBooks Pro 2009 (HKLM-x32\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4014.705 - Intuit Inc.)Quicken 2004 (HKLM-x32\...\InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}) (Version: 13.00.0000 - Intuit)Quicken 2004 (x32 Version: 13.00.0000 - Intuit) HiddenQuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)RADVISION Conference Client (HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\{D4B018FD-B6EF-42E0-BE6D-31E1C60189E4}) (Version: - Radvision Ltd.)RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)RapidDrive Advanced version 1.0.12 (HKLM-x32\...\{F8F9F1AC-5CB0-4DBB-87FA-1A6BC4EA02E5}_is1) (Version: 1.0.12 - LENOVO, Inc.)Real Estate Success Software (HKLM-x32\...\{C3E09470-1320-45EB-BDD7-1046F1FFEA4B}) (Version: 2.0.19.0 - EquiMine Inc.)RealLegal E-Transcript Bundle Viewer (HKLM-x32\...\{521D6EE7-E5B6-4E9B-837A-BEF39247FF07}) (Version: 6.0.1.887 - Thomson Reuters)Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)Sage Timeslips 2012 (HKLM-x32\...\{2AACE1A2-69F4-4443-B047-B901B68E48C6}) (Version: 20.0.0.0 - Sage)ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V3.1L20(Windows7) - PFU)ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V1.0L21 - PFU)Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)Seagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)Seagate Manager Installer (x32 Version: 2.01.0600 - Seagate) HiddenSkype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.62.00.00 - )ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.8.0 - )ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0029.8 - REALTEK Semiconductor Corp.)ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo)ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)U3Launcher (HKLM-x32\...\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}) (Version: 1.0.0 - U3)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.55 - NCH Software)ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.5.2 - Nikon)VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel)Windows Driver Package - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)Windows Driver Package - Lenovo 1.62.00.00 (01/19/2011 1.62.00.00) (HKLM\...\D01A7EE241898C810674C69EB908D655D149BE77) (Version: 01/19/2011 1.62.00.00 - Lenovo)Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)WordPerfect Office 12 (HKLM-x32\...\{AF19F291-F22F-4798-9662-525305AE9E48}) (Version: 12.0.0.238 - Corel Corporation)Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Robert French\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Robert French\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Robert French\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Robert French\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Robert French\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Robert French\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Robert French\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Robert French\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Robert French\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Robert French\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Robert French\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Robert French\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Robert French\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Robert French\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 12-04-2015 11:36:19 Windows Update12-04-2015 14:11:44 zoek.exe restore point12-04-2015 16:05:12 Configured Microsoft Office Home and Business 201012-04-2015 16:26:19 Configured Microsoft Office Home and Business 201013-04-2015 09:12:24 Configured Microsoft Office Home and Business 201013-04-2015 10:43:37 Restore Operation13-04-2015 10:53:22 Removed Microsoft Office Home and Business 201013-04-2015 12:36:07 Installed Microsoft Office Home and Business 201013-04-2015 15:12:53 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {06B86144-57A3-4BD4-92EB-F5551FD7D50B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)Task: {183152C2-3A37-486B-9BA0-8475F6203913} - System32\Tasks\{2DD626FF-EE0F-4B5D-8D75-E0FE5B9F2EDC} => pcalua.exe -a D:\SETUPMENU.EXE -d D:\Task: {1DCC5231-5C75-498F-A958-B718A2D2FD3B} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {1F29BC51-7B3E-4B60-A2EB-09AB27CD67B1} - System32\Tasks\{B01B8A43-E296-495B-A37F-B95715DE5DDF} => pcalua.exe -a E:\Welcome.exe -d E:\Task: {223592F0-1C0C-437F-BE15-73DDE8DDA411} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)Task: {22C03232-9C0D-4328-AAD2-D6077D80E303} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {26F834F7-9588-4E84-8152-D21161531894} - System32\Tasks\{EB07B913-DF7D-49FE-ADB8-4258B36313ED} => C:\Program Files (x86)\Microsoft Office\Office10\OUTLOOK.EXETask: {30CB4E0F-C9B8-425D-BAF3-434FEA270709} - System32\Tasks\StartRapidDriveAdvancedServiceTask => netTask: {3174C3EB-91D5-42C8-8E00-479E1D82C057} - System32\Tasks\{F8E04B5C-569C-4CCF-9B76-6ECE12D0EFC7} => Chrome.exe http://ui.skype.com/ui/0/6.3.59.107/en/abandoninstall?page=tsProgressBarTask: {35471757-D094-431E-985C-7922F84DA8B4} - System32\Tasks\{04714D75-3E6D-4615-A89B-6774A4228BDB} => pcalua.exe -a F:\setup.EXE -d F:\Task: {3679B26B-D910-4858-8DA2-DD8E3F7AE004} - System32\Tasks\{08D3BE3A-8B48-46E1-B99A-3B721FD39FB9} => Chrome.exe http://ui.skype.com/ui/0/5.0.0.152.375/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabledTask: {3C82C8E2-763F-4660-B10B-D6969A3D9B09} - System32\Tasks\{13196D90-ABBF-4B20-8B3A-C67760FAB470} => pcalua.exe -a "C:\Users\Robert French\Downloads\Texter-Installer-0.6.exe" -d "C:\Users\Robert French\Downloads"Task: {478CDD47-F8EB-400F-9015-697A11C5C6DD} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()Task: {48BA3A40-4D30-4E78-8E0F-B889F1C21E39} - System32\Tasks\{17B0F0FD-77FE-4BD2-BCCF-746498B3A685} => C:\Program Files (x86)\WordPerfect Office 12\Programs\wpwin12.exe [2004-02-10] (Corel Corporation)Task: {4B70404E-F24A-4BA5-BF66-64ED25DC9A8B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)Task: {4E8D3934-0BA5-403B-9246-8D0969FA4D54} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {5C9DBDD4-A14C-4F9E-9D18-11966AF8D686} - System32\Tasks\{D76FCC8E-0D80-458E-B711-B7D0BCE0B2AD} => pcalua.exe -a D:\Setup.exe -d D:\Task: {6EAF636D-2972-4604-A91D-5769C348B86C} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)Task: {6EE7C21D-9B91-4DBA-ADF5-DC332D463143} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-22] (Lenovo)Task: {704101B6-DAAD-4C87-B83A-BA397D7241AF} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exeTask: {7153A168-1F8E-44D7-B2DF-F2C9011A30D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)Task: {71ECA84D-9FFF-476E-927A-9D6848324CD1} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited)Task: {72BC04B0-1C3E-4410-A424-525BDA08BBCF} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()Task: {784D66D8-2A0A-4968-AF7D-89BFABEF2E02} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1743672806-1271997639-3640499518-1000Core => C:\Users\Robert French\AppData\Local\Google\Update\GoogleUpdate.exeTask: {7973055C-DFEC-487B-8849-AD3C90AA1208} - System32\Tasks\{948BB715-2F07-47A8-902E-8EE9D5EC3A10} => pcalua.exe -a D:\setup.EXE -d D:\Task: {83619092-F2D0-45C9-97B0-E65D9FEDD5B3} - System32\Tasks\{9AC01C6D-F67D-4D06-81BB-7746A77BA098} => pcalua.exe -a "C:\Users\Robert French\Downloads\Rich Dad Real Estate Investing Downloads\AdobeAIRInstallerStandAlonesetup.exe" -d "C:\Users\Robert French\Downloads\Rich Dad Real Estate Investing Downloads"Task: {8F3845B0-1BC7-439D-B623-20B79FEBA2C8} - System32\Tasks\{463824F9-D869-4DA0-85E7-1A8B2FB6039F} => C:\Program Files (x86)\Microsoft Office\Office10\OUTLOOK.EXETask: {91A89702-AB85-4596-9D99-57ADFBE9AC83} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {92C7827D-95B2-4626-B35C-26198A231C7F} - System32\Tasks\{7B89B24E-9080-4DCD-A114-319E7CDA21A8} => F:\New Folder\CEB\Practice Libraries\CEBPracticeLibraries.exeTask: {9BAC457A-81E7-42C5-9A7C-A88D83314F16} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)Task: {9F0FBDD9-8F7D-487A-AF32-05E26E57C7E6} - System32\Tasks\{610244CE-66BD-41BB-8628-6CE44069548D} => pcalua.exe -a D:\setup.EXE -d D:\Task: {9FD18200-04EE-4B7D-92A3-10A6213314A9} - System32\Tasks\4Team updater => C:\Program Files (x86)\4Team Corporation\4Team-Updater\4Team-Updater.exe [2013-09-05] ()Task: {C505F99B-4317-496A-BC8E-9ECF9656AFDE} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)Task: {C54025DE-5CBC-40AA-96F7-394D84E15AE4} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {D122E086-F5BA-4CF5-8C81-1957EBA91CA7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1743672806-1271997639-3640499518-1000UA => C:\Users\Robert French\AppData\Local\Google\Update\GoogleUpdate.exeTask: {DD691926-4F10-4E1B-8B72-3FD0216AD996} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {DE5B287E-043F-41BD-82A6-F3D47E16EDED} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {FE341B92-48BB-4429-BAA2-07EEEC7FCFFE} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743672806-1271997639-3640499518-1000Core.job => C:\Users\Robert French\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743672806-1271997639-3640499518-1000UA.job => C:\Users\Robert French\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xmlTask: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xmlTask: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe ==================== Loaded Modules (whitelisted) ============== 2013-03-27 15:35 - 2012-12-04 21:33 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP2030PP.DLL2011-12-29 03:38 - 2011-08-31 11:03 - 00045568 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL2011-12-29 03:22 - 2011-05-19 05:04 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll2011-12-29 03:34 - 2010-10-25 21:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe2011-12-29 03:37 - 2011-08-17 18:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe2006-11-16 14:26 - 2006-11-16 14:26 - 01095224 _____ () C:\ProgramData\U3\U3Launcher\LaunchU3.exe2014-06-23 12:29 - 2013-09-04 11:59 - 00253512 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe2010-04-22 17:33 - 2010-04-22 17:33 - 00323808 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe2007-11-06 16:20 - 2007-11-06 16:20 - 00377303 _____ () C:\Program Files (x86)\Texter\texter.exe2014-06-23 12:28 - 2013-09-04 11:19 - 00098888 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll2014-06-23 12:28 - 2013-11-14 14:59 - 00031304 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll2014-06-23 12:28 - 2008-11-25 17:18 - 01291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll2014-06-23 12:28 - 2004-10-05 03:08 - 00055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll2014-06-23 12:28 - 2013-09-04 11:19 - 00029768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll2014-06-23 12:28 - 2013-09-04 11:19 - 00050248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll2014-06-23 12:28 - 2014-01-13 18:06 - 00105544 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll2014-06-23 12:28 - 2013-09-04 11:19 - 00030280 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll2014-06-23 12:28 - 2013-09-04 11:19 - 00293960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll2014-06-23 12:28 - 2013-09-04 11:19 - 00578632 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll2014-06-23 12:28 - 2013-09-04 11:19 - 00468040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll2014-06-23 12:28 - 2013-09-04 11:19 - 00192072 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll2014-06-23 12:28 - 2013-12-23 11:01 - 00281672 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll2014-06-23 12:28 - 2013-09-04 11:19 - 00068680 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll2014-06-23 12:28 - 2013-09-04 11:19 - 00069192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll2014-06-23 12:28 - 2013-09-04 11:19 - 00022600 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll2014-06-23 12:28 - 2013-09-04 11:19 - 00115784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll2014-06-23 12:28 - 2013-09-04 11:19 - 00192584 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll2014-06-23 12:28 - 2013-09-04 11:19 - 00135752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll2014-06-23 12:28 - 2013-10-22 17:31 - 00037960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll2014-06-23 12:28 - 2013-09-04 11:19 - 00135240 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll2014-06-23 12:28 - 2013-12-24 17:42 - 00017992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll2014-06-23 12:28 - 2013-09-04 11:19 - 00096840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll2013-10-31 08:05 - 2013-10-31 08:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll2011-12-29 03:40 - 2010-04-06 10:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll2011-12-29 03:40 - 2010-04-06 10:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll2012-01-12 17:34 - 2003-03-26 19:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll2012-01-12 17:34 - 2006-10-12 16:14 - 00036864 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater.dll2012-01-12 19:33 - 2007-02-27 20:34 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll2012-01-12 17:34 - 2004-07-06 18:24 - 00503808 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\psconv.dll2012-01-12 19:33 - 2006-05-10 18:18 - 00010240 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SecurityManager.dll2012-01-12 19:33 - 2006-05-10 18:18 - 00009216 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PolicyCommon.dll2012-01-12 17:34 - 2005-07-08 12:36 - 00094208 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\f5bdkedr.dll2012-01-12 17:34 - 1996-12-19 14:24 - 00068608 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\F5BDKAKU.DLL2012-01-12 17:34 - 2003-11-20 22:56 - 00020480 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\ssIpl.dll2012-01-12 17:34 - 2003-11-20 22:56 - 00294912 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\ssIplA6.DLL2011-08-12 13:18 - 2011-08-12 13:18 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll2011-08-12 13:18 - 2011-08-12 13:18 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll2011-08-12 13:18 - 2011-08-12 13:18 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll2011-08-12 13:18 - 2011-08-12 13:18 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll2011-08-12 13:18 - 2011-08-12 13:18 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll2015-04-13 15:16 - 2015-04-13 15:16 - 00043008 _____ () c:\Users\Robert French\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpukqwuw.dll2015-03-04 14:45 - 2015-03-04 14:45 - 00750080 _____ () C:\Users\Robert French\AppData\Roaming\Dropbox\bin\libGLESv2.dll2015-03-04 14:45 - 2015-03-04 14:45 - 00047616 _____ () C:\Users\Robert French\AppData\Roaming\Dropbox\bin\libEGL.dll2015-03-04 14:45 - 2015-03-04 14:45 - 00865280 _____ () C:\Users\Robert French\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll2015-03-04 14:45 - 2015-03-04 14:45 - 00200704 _____ () C:\Users\Robert French\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll2009-09-26 00:32 - 2009-09-26 00:32 - 00066856 _____ () C:\Program Files (x86)\Seagate\SeagateManager\Sync\ExtensionFilter.dll2011-06-01 09:42 - 2011-06-01 09:42 - 00108296 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll2011-06-01 09:46 - 2011-06-01 09:46 - 00030984 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll2014-06-23 12:29 - 2013-09-04 11:57 - 00222792 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\traynet.dll2014-06-23 12:29 - 2013-09-04 11:57 - 00275528 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\libcurl.dll2014-06-23 12:29 - 2013-08-15 09:18 - 00113166 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\zlib1.dll2014-06-23 12:29 - 2013-08-22 17:13 - 00249928 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\uexper.dll2010-04-22 17:33 - 2010-04-22 17:33 - 02887904 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll2010-04-22 17:33 - 2010-04-22 17:33 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll2010-03-22 15:59 - 2010-03-22 15:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL2014-02-18 14:19 - 2014-02-18 14:19 - 12337152 _____ () C:\Users\Robert French\AppData\Local\Radvision\Conference Client\7.15.001.46\RVVIDEOCODEC.dll2014-02-18 14:19 - 2014-02-18 14:19 - 00847872 _____ () C:\Users\Robert French\AppData\Local\Radvision\Conference Client\7.15.001.46\RVVIDEOCHANNEL.dll2011-06-01 09:16 - 2011-06-01 09:16 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll2011-06-01 09:16 - 2011-06-01 09:16 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll2015-04-01 13:21 - 2015-03-30 14:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll2015-04-01 13:21 - 2015-03-30 14:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll2015-04-01 13:21 - 2015-03-30 14:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll2015-04-01 13:21 - 2015-03-30 14:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll2009-05-27 23:09 - 2009-05-27 23:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Robert French\Downloads\Thailand and Angkor Wat with Gate1 February 2015.mp4:TOC.WMV ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Robert French\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CardMinder Viewer.lnk => C:\Windows\pss\CardMinder Viewer.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk => C:\Windows\pss\Quicken Scheduled Updates.lnk.CommonStartupMSCONFIG\startupfolder: C:^Users^Robert French^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\Windows\pss\PalTalk.lnk.StartupMSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startupMSCONFIG\startupreg: LTT => C:\Program Files\PC-Doctor\EnableToolbarW32.exeMSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exeMSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: SkyDrive => "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /backgroundMSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s ==================== Accounts: ============================= Administrator (S-1-5-21-1743672806-1271997639-3640499518-500 - Administrator - Disabled)Guest (S-1-5-21-1743672806-1271997639-3640499518-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1743672806-1271997639-3640499518-1002 - Limited - Enabled)Robert French (S-1-5-21-1743672806-1271997639-3640499518-1000 - Administrator - Enabled) => C:\Users\Robert French ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (04/13/2015 03:19:20 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives() Error: (04/13/2015 03:19:18 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives() Error: (04/13/2015 03:19:16 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives() Error: (04/13/2015 03:19:15 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives() Error: (04/13/2015 03:19:14 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives() Error: (04/13/2015 03:19:03 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives() Error: (04/13/2015 03:19:02 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives() Error: (04/13/2015 03:19:00 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives() Error: (04/13/2015 03:18:58 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives() Error: (04/13/2015 03:18:56 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive) at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives() System errors:=============Error: (04/13/2015 03:16:47 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )Description: WMPNetworkSvc0x80004005 Error: (04/13/2015 03:16:22 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )Description: Unexpected failure. Error code: 490@01010004 Error: (04/13/2015 03:15:39 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 3:14:57 PM on ‎4/‎13/‎2015 was unexpected. Error: (04/13/2015 03:13:15 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} Error: (04/13/2015 03:13:15 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (04/13/2015 03:08:45 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )Description: Unexpected failure. Error code: 490@01010004 Error: (04/13/2015 03:07:40 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.195.3066.0 Update Source: %NT AUTHORITY59 Update Stage: 4.7.0205.00 Source Path: 4.7.0205.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (04/13/2015 03:07:40 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.195.3066.0 Update Source: %NT AUTHORITY59 Update Stage: 4.7.0205.00 Source Path: 4.7.0205.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (04/13/2015 03:07:39 PM) (Source: Service Control Manager) (EventID: 7032) (User: )Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056 Error: (04/13/2015 03:07:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Microsoft Office Sessions:=========================Error: (04/21/2012 06:31:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/29/2012 11:53:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/29/2012 10:49:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/29/2012 10:48:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/27/2012 11:08:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 390 seconds with 180 seconds of active time. This session ended with a crash. Error: (03/19/2012 11:06:11 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6089 seconds with 1140 seconds of active time. This session ended with a crash. Error: (03/14/2012 00:34:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6855 seconds with 480 seconds of active time. This session ended with a crash. Error: (03/12/2012 09:09:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/12/2012 09:09:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/08/2012 10:41:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1752 seconds with 540 seconds of active time. This session ended with a crash. CodeIntegrity Errors:=================================== Date: 2014-09-03 17:11:10.505 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Recovered Data From Old Desktop\DataWP\Client Matters\30006 D'Amico\Estate Planning Documents\Declaration of Trust Angelo P. D'Amico 2010 Revocable Trust 4.13.10.pdf because the set of per-page image hashes could not be found on the system. Date: 2014-09-03 17:11:10.362 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Recovered Data From Old Desktop\DataWP\Client Matters\30006 D'Amico\Estate Planning Documents\Declaration of Trust Angelo P. D'Amico 2010 Revocable Trust 4.13.10.pdf because the set of per-page image hashes could not be found on the system. Date: 2014-09-03 17:11:09.578 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Recovered Data From Old Desktop\DataWP\Client Matters\30006 D'Amico\Estate Planning Documents\Declaration of Trust Angelo P. D'Amico 2010 Revocable Trust 4.13.10.pdf because the set of per-page image hashes could not be found on the system. Date: 2013-01-17 08:48:54.827 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Recovered Data From Old Desktop\DataWP\Client Matters\30006 D'Amico\Estate Planning Documents\Declaration of Trust Angelo P. D'Amico 2010 Revocable Trust 4.13.10.pdf because the set of per-page image hashes could not be found on the system. Date: 2013-01-17 08:48:54.758 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Recovered Data From Old Desktop\DataWP\Client Matters\30006 D'Amico\Estate Planning Documents\Declaration of Trust Angelo P. D'Amico 2010 Revocable Trust 4.13.10.pdf because the set of per-page image hashes could not be found on the system. Date: 2013-01-17 08:48:54.603 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Recovered Data From Old Desktop\DataWP\Client Matters\30006 D'Amico\Estate Planning Documents\Declaration of Trust Angelo P. D'Amico 2010 Revocable Trust 4.13.10.pdf because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i5-2520M CPU @ 2.50GHzPercentage of memory in use: 65%Total physical RAM: 3979.23 MBAvailable physical RAM: 1368.96 MBTotal Pagefile: 7956.66 MBAvailable Pagefile: 4944.38 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:135.86 GB) (Free:15.34 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive g: (FreeAgent GoFlex Drive) (Fixed) (Total:1397.26 GB) (Free:632.63 GB) NTFSDrive q: (Lenovo_Recovery) (Fixed) (Total:11.72 GB) (Free:3.05 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 149.1 GB) (Disk ID: 9EEBA816)Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=135.9 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 1397.3 GB) (Disk ID: A4B57300)Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  2. Here is the first report from Farbar Recovery Scan Tool. The additional.txt report will be posted in the next post. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015Ran by Robert French (administrator) on ROBERTFRENCH on 13-04-2015 15:20:46Running from C:\Users\Robert French\DownloadsLoaded Profiles: Robert French (Available profiles: Robert French & DefaultAppPool)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe(4Team) C:\Program Files (x86)\4Team Corporation\SafePSTBackup Shadow Copy Service\SafePST.ShadowCopySvc.exe(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe(Sage) C:\Windows\SysWOW64\TSSchBkpService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Lenovo.) C:\Windows\System32\TpShocks.exe() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Sage) C:\Program Files (x86)\Timeslips\TSTimer.exe(The Regents of the University of California) C:\Program Files (x86)\Essential Publishers\Essential Forms Premium\EFDownloader.exe(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Microsoft Corporation) C:\Windows\System32\vds.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe(Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe(Dropbox, Inc.) C:\Users\Robert French\AppData\Roaming\Dropbox\bin\Dropbox.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe() C:\ProgramData\U3\U3Launcher\LaunchU3.exe(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\MaxSync.exe(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe() C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe(RADVISION Ltd.) C:\Users\Robert French\AppData\Local\Radvision\Conference Client\7.15.001.46\CUCore.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe() C:\Program Files (x86)\Texter\texter.exe(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitorHKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)HKLM-x32\...\Run: [Pdfquickview] => C:\Program Files (x86)\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exeHKLM-x32\...\Run: [scanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-04-22] (Memeo Inc.)HKLM-x32\...\Run: [seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-26] (Seagate LLC)HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1532760 2011-06-14] (Intuit Inc. All rights reserved.)HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70728 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)HKLM-x32\...\Run: [EaseUs TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253512 2013-09-04] ()HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exeWinlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\Run: [TSTimer] => C:\Program Files (x86)\Timeslips\TSTimer.exe [2621256 2011-05-31] (Sage)HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\Run: [Google Update] => "C:\Users\Robert French\AppData\Local\Google\Update\GoogleUpdate.exe" /cHKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\Run: [CUCore Agent] => C:\Users\Robert French\AppData\Local\Radvision\Conference Client\7.15.001.46\ConfAgent.exe [126064 2014-02-18] (RADVISION Ltd.)HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\Run: [safe PST Backup] => C:\Program Files (x86)\4Team Corporation\Safe PST Backup\SafePSTBackup.exe [4482648 2014-05-12] (4Team Corporation)HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\Run: [EFDownloader] => C:\Program Files (x86)\Essential Publishers\Essential Forms Premium\EFDownloader.exe [1438208 2014-12-05] (The Regents of the University of California)HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\Run: [GoogleChromeAutoLaunch_F5FC0CF356AD42DD88D63BE9638BB961] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\RunOnce: [uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416"HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\RunOnce: [uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525"HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\RunOnce: [uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710"HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\RunOnce: [uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718"HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\RunOnce: [uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\RunOnce: [uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\RunOnce: [uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\RunOnce: [uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314"HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\RunOnce: [uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530"HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\RunOnce: [uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627"HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\RunOnce: [uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\RunOnce: [uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811"HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\MountPoints2: D - D:\LaunchU3.exe -aHKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\MountPoints2: {018d7346-3208-11e1-924b-806e6f6e6963} - Q:\LenovoQDrive.exeHKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\MountPoints2: {2d3a8664-85e6-11e1-a10f-806e6f6e6963} - D:\setup.exe -aHKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\MountPoints2: {69aa663a-3bcb-11e1-a84d-f0def1bc31ce} - E:\LaunchU3.exeHKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\MountPoints2: {87af8251-4895-11e3-9114-f0def1bc31ce} - D:\MotorolaDeviceManagerSetup.exe -aHKU\S-1-5-21-1743672806-1271997639-3640499518-1000\...\MountPoints2: {e87706cd-fc60-11e1-9d67-f0def1bc31ce} - D:\MotoCastSetup.exe -aLsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dllStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnkShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)Startup: C:\Users\Robert French\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Robert French\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Robert French\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnkShortcutTarget: LaunchU3.exe.lnk -> C:\Users\Robert French\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()Startup: C:\Users\Robert French\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Texter.lnkShortcutTarget: Texter.lnk -> C:\Program Files (x86)\Texter\texter.exe ()ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert French\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert French\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert French\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert French\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert French\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert French\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert French\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert French\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)BootExecute: autocheck autochk /p \??\F:autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1743672806-1271997639-3640499518-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpadSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}SearchScopes: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS465BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)Toolbar: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKU\S-1-5-21-1743672806-1271997639-3640499518-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: HKLM-x32 {0EC4C9E3-EC6A-11CF-8E3B-444553540000} file:///D:/setup/RiffLick.cabHandler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2011-12-22] (Intuit, Inc.)Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox:========FF ProfilePath: C:\Users\Robert French\AppData\Roaming\Mozilla\Firefox\Profiles\ppsczd82.defaultFF DefaultSearchEngine: Yahoo!FF SelectedSearchEngine: Yahoo!FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll No FileFF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1743672806-1271997639-3640499518-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Robert French\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-09-02] (Citrix Online)FF Plugin HKU\S-1-5-21-1743672806-1271997639-3640499518-1000: @radvision.com/ConfClient -> C:\Users\Robert French\AppData\Local\Radvision\Installer\1.5.0.1\npclientinstmgr.dll [2014-02-18] (RADVISION Ltd.)FF Plugin HKU\S-1-5-21-1743672806-1271997639-3640499518-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Robert French\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)FF Plugin HKU\S-1-5-21-1743672806-1271997639-3640499518-1000: @talk.google.com/O1DPlugin -> C:\Users\Robert French\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-06-06] (Google)FF Plugin HKU\S-1-5-21-1743672806-1271997639-3640499518-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Robert French\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No FileFF Plugin HKU\S-1-5-21-1743672806-1271997639-3640499518-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Robert French\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No FileFF Plugin ProgramFiles/Appdata: C:\Users\Robert French\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Robert French\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-06-06] (Google)FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access ClientFF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-12-29]FF Extension: No Name - C:\Users\Robert French\AppData\Roaming\Mozilla\Firefox\Profiles\ppsczd82.default\extensions\{46eddf51-a4f6-4476-8d6c-31c5187b2a2f} [Not Found]FF Extension: No Name - C:\Users\Robert French\AppData\Roaming\Mozilla\Firefox\Profiles\ppsczd82.default\extensions\{32da2f20-827d-40aa-a3b4-2fc4a294352e} [Not Found]FF Extension: No Name - C:\Users\Robert French\AppData\Roaming\Mozilla\Firefox\Profiles\ppsczd82.default\extensions\{84a93d51-b7a9-431e-8ff8-d60e5d7f5df1} [Not Found]FF Extension: No Name - C:\Users\Robert French\AppData\Roaming\Mozilla\Firefox\Profiles\ppsczd82.default\extensions\{f894a29a-f065-40c3-bb19-da6057778493} [Not Found] Chrome: =======CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No FileCHR Plugin: (Screen Capture Plugin) - C:\Users\Robert French\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No FileCHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No FileCHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Profile: C:\Users\Robert French\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Chrome Hotword Shared Module) - C:\Users\Robert French\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-13]CHR Extension: (Google Wallet) - C:\Users\Robert French\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-13]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-01-04] (Macrovision Europe Ltd.) [File not signed]R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]S3 Lenovo.RapidDrive.Advanced.Svc; C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe [209920 2011-10-06] (Lenovo, Japan, Ltd. ) [File not signed]R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-12-22] (Intuit) [File not signed]S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed]R2 SafePSTShadowCopy; C:\Program Files (x86)\4Team Corporation\SafePSTBackup Shadow Copy Service\SafePST.ShadowCopySvc.exe [16488 2014-05-12] (4Team)R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-01] (Lenovo Group Limited)R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]R2 TSScheduleBackup; C:\Windows\SysWOW64\TSSchBkpService.exe [737096 2011-05-31] (Sage)R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] () [File not signed]R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-13 15:20 - 2015-04-13 15:20 - 00000000 ____D () C:\Users\Robert French\Downloads\FRST-OlderVersion2015-04-13 15:11 - 2015-04-13 15:12 - 00005017 _____ () C:\Users\Robert French\Desktop\AdwCleaner Report.txt2015-04-13 15:00 - 2015-04-13 15:07 - 00000000 ____D () C:\AdwCleaner2015-04-13 14:58 - 2015-04-13 14:58 - 02217984 _____ () C:\Users\Robert French\Desktop\adwcleaner_4.201.exe2015-04-13 12:39 - 2015-04-13 12:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services2015-04-12 15:32 - 2015-04-12 15:35 - 00000000 ____D () C:\Program Files (x86)\WordPerfect Office 122015-04-12 15:14 - 2014-06-23 12:05 - 133452664 _____ ( ) C:\Users\Robert French\Downloads\tb_free.exe2015-04-12 15:10 - 2015-04-12 14:09 - 00024064 _____ () C:\Windows\zoek-delete.exe2015-04-12 14:11 - 2015-04-12 15:12 - 00017338 _____ () C:\zoek-results.log2015-04-12 14:09 - 2015-04-12 15:11 - 00000000 ____D () C:\zoek_backup2015-04-12 14:03 - 2015-04-12 14:04 - 01305600 _____ () C:\Users\Robert French\Downloads\zoek.exe2015-04-11 16:33 - 2015-04-11 16:39 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys2015-04-11 16:33 - 2015-04-11 16:39 - 00000000 ____D () C:\ProgramData\RogueKiller2015-04-11 16:29 - 2015-04-11 16:32 - 20567640 _____ () C:\Users\Robert French\Downloads\RogueKillerX64.exe2015-04-11 16:06 - 2015-04-11 16:22 - 00065399 _____ () C:\Users\Robert French\Downloads\Addition.txt2015-04-11 16:04 - 2015-04-13 15:21 - 00035506 _____ () C:\Users\Robert French\Downloads\FRST.txt2015-04-11 16:03 - 2015-04-13 15:21 - 00000000 ____D () C:\FRST2015-04-11 16:02 - 2015-04-13 15:20 - 02096640 _____ (Farbar) C:\Users\Robert French\Downloads\FRST64.exe2015-04-04 13:00 - 2015-04-04 13:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX2015-04-04 13:00 - 2015-04-04 13:00 - 00000000 ___SD () C:\Windows\system32\GWX2015-03-25 15:01 - 2015-03-25 16:31 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job2015-03-25 15:01 - 2015-03-25 15:01 - 00003386 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Delay2015-03-25 08:14 - 2015-03-10 21:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-03-25 08:14 - 2015-03-10 21:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2015-03-25 08:14 - 2015-03-10 21:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2015-03-25 08:14 - 2015-03-10 21:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2015-03-25 08:14 - 2015-03-10 21:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2015-03-25 08:14 - 2015-03-10 21:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2015-03-25 08:14 - 2015-03-10 21:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2015-03-25 08:14 - 2015-03-10 21:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2015-03-22 14:36 - 2015-03-22 14:36 - 00000000 ____D () C:\Windows\en2015-03-22 14:35 - 2015-03-22 14:35 - 00001385 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk2015-03-22 14:35 - 2015-03-22 14:35 - 00001316 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk2015-03-22 14:33 - 2015-03-22 14:33 - 00000000 ____D () C:\Program Files\Windows Live2015-03-22 14:33 - 2014-03-31 21:06 - 00058056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys2015-03-22 14:32 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll2015-03-22 14:32 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll2015-03-22 14:32 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll2015-03-22 14:32 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll2015-03-22 14:32 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll2015-03-22 14:32 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll2015-03-22 14:32 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll2015-03-22 14:32 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll2015-03-22 14:29 - 2015-03-22 14:29 - 00002218 _____ () C:\Users\Robert French\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk2015-03-22 14:25 - 2015-03-22 14:25 - 01239752 _____ (Microsoft Corporation) C:\Users\Robert French\Downloads\wlsetup-web.exe2015-03-19 14:28 - 2015-03-19 14:28 - 00001848 _____ () C:\Users\Robert French\Desktop\Player.lnk2015-03-19 14:28 - 2015-03-19 14:28 - 00000000 ____D () C:\Windows\player2015-03-19 14:28 - 2015-03-19 14:28 - 00000000 ____D () C:\Users\Robert French\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\player2015-03-19 14:28 - 2015-03-19 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\player2015-03-19 14:28 - 2015-03-19 14:28 - 00000000 ____D () C:\Program Files (x86)\player2015-03-17 12:44 - 2015-03-17 13:54 - 111576390 _____ () C:\Users\Robert French\Downloads\Thailand and Angkor Wat with Gate1 February 2015.mp4 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-13 15:20 - 2011-12-29 03:31 - 01794039 _____ () C:\Windows\WindowsUpdate.log2015-04-13 15:18 - 2012-01-07 16:54 - 00000000 ___RD () C:\Users\Robert French\Dropbox2015-04-13 15:17 - 2012-01-07 16:50 - 00000000 ____D () C:\Users\Robert French\AppData\Roaming\Dropbox2015-04-13 15:16 - 2013-04-15 01:30 - 00000000 ____D () C:\Temp2015-04-13 15:16 - 2011-12-29 03:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-04-13 15:15 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-04-13 15:15 - 2009-07-13 21:51 - 00374034 _____ () C:\Windows\setupact.log2015-04-13 15:14 - 2012-01-10 13:19 - 00000000 ____D () C:\ProgramData\Microsoft Help2015-04-13 15:10 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp2015-04-13 15:06 - 2011-12-29 03:41 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-04-13 14:57 - 2009-07-13 22:13 - 00866940 _____ () C:\Windows\system32\PerfStringBackup.INI2015-04-13 14:57 - 2009-07-13 21:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-04-13 14:57 - 2009-07-13 21:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-04-13 14:50 - 2012-01-04 13:46 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job2015-04-13 14:50 - 2009-07-13 21:45 - 00520992 _____ () C:\Windows\system32\FNTCACHE.DAT2015-04-13 14:49 - 2012-04-11 18:37 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743672806-1271997639-3640499518-1000UA.job2015-04-13 14:49 - 2010-11-20 20:47 - 00947996 _____ () C:\Windows\PFRO.log2015-04-13 14:34 - 2012-04-21 18:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-04-13 12:52 - 2009-07-13 19:34 - 00000499 _____ () C:\Windows\win.ini2015-04-13 12:51 - 2012-01-04 13:46 - 00144648 _____ () C:\Users\Robert French\AppData\Local\GDIPFONTCACHEV1.DAT2015-04-13 12:50 - 2010-11-21 00:16 - 00000000 ____D () C:\Windows\ShellNew2015-04-13 12:44 - 2012-01-10 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office2015-04-13 12:43 - 2011-12-29 03:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office2015-04-13 12:40 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared2015-04-13 12:39 - 2012-01-10 13:21 - 00000000 ____D () C:\Program Files\Microsoft Office2015-04-13 12:00 - 2012-01-04 13:46 - 00003516 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest2015-04-13 12:00 - 2012-01-04 13:46 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher2015-04-13 10:59 - 2014-07-02 17:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-04-13 10:47 - 2012-01-04 13:45 - 00000000 ____D () C:\Users\Robert French2015-04-13 10:46 - 2014-04-13 22:05 - 00000000 ____D () C:\Users\DefaultAppPool2015-04-13 10:46 - 2012-01-04 17:08 - 00000000 ____D () C:\ProgramData\FLEXnet2015-04-13 10:46 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration2015-04-13 08:36 - 2014-06-23 11:54 - 00003998 _____ () C:\Windows\System32\Tasks\4Team updater2015-04-12 19:55 - 2012-01-04 18:43 - 00000000 ____D () C:\Program Files (x86)\Quicken2015-04-12 19:49 - 2012-04-11 18:37 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743672806-1271997639-3640499518-1000Core.job2015-04-12 15:48 - 2012-01-04 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office 122015-04-12 15:16 - 2012-09-05 13:37 - 00000000 ____D () C:\Users\Robert French\Documents\Outlook Files2015-04-12 15:12 - 2014-09-02 13:54 - 00000008 __RSH () C:\ProgramData\ntuser.pol2015-04-12 15:01 - 2014-09-02 13:54 - 00000000 ____D () C:\Users\Robert French\AppData\Local\Comodo2015-04-12 15:01 - 2014-09-02 13:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google2015-04-12 15:01 - 2014-09-02 13:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo2015-04-12 15:01 - 2014-09-02 13:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google2015-04-12 15:01 - 2014-09-02 13:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo2015-04-12 15:01 - 2014-09-02 13:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google2015-04-12 15:01 - 2014-09-02 13:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo2015-04-12 15:01 - 2012-01-04 13:57 - 00000000 ____D () C:\Users\Robert French\AppData\Local\Google2015-04-12 14:58 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy2015-04-12 14:58 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy2015-04-12 11:23 - 2011-12-29 03:41 - 00000000 ____D () C:\Program Files (x86)\Google2015-04-11 13:12 - 2012-12-09 18:06 - 08624640 ___SH () C:\Users\Robert French\Downloads\Thumbs.db2015-04-09 15:53 - 2012-01-07 16:54 - 00001057 _____ () C:\Users\Robert French\Desktop\Dropbox.lnk2015-04-09 15:53 - 2012-01-07 16:50 - 00000000 ____D () C:\Users\Robert French\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-04-09 13:25 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache2015-04-04 12:59 - 2012-01-11 11:28 - 00000000 ____D () C:\Users\Robert French\Documents\Timeslips Backups2015-04-01 13:21 - 2014-11-02 17:02 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-03-26 08:15 - 2014-12-11 13:27 - 00000000 ____D () C:\Windows\system32\appraiser2015-03-26 08:15 - 2014-04-30 14:58 - 00000000 ___SD () C:\Windows\system32\CompatTel2015-03-26 08:15 - 2012-01-04 13:46 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job2015-03-25 15:01 - 2012-01-04 13:46 - 00004256 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask2015-03-25 11:57 - 2012-01-04 15:12 - 00001868 _____ () C:\Users\Public\Desktop\ooVoo.lnk2015-03-25 11:57 - 2012-01-04 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo2015-03-25 11:57 - 2012-01-04 15:12 - 00000000 ____D () C:\Program Files (x86)\ooVoo2015-03-24 07:58 - 2009-07-13 22:08 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2015-03-22 14:39 - 2012-03-09 16:54 - 00000000 ____D () C:\Users\Robert French\AppData\Local\Windows Live2015-03-22 14:35 - 2011-12-29 03:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live2015-03-22 14:34 - 2011-12-29 03:42 - 00002497 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk2015-03-22 14:34 - 2011-12-29 03:42 - 00001469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk2015-03-22 14:33 - 2011-12-29 03:41 - 00000000 ____D () C:\Program Files (x86)\Windows Live2015-03-22 14:30 - 2011-12-29 03:41 - 00000582 _____ () C:\Windows\DirectX.log ==================== Files in the root of some directories ======= 2012-01-04 15:52 - 2012-01-04 15:52 - 0012358 _____ () C:\Users\Robert French\AppData\Roaming\PFP120JCM.{PB2012-01-04 15:52 - 2012-01-04 15:52 - 0061678 _____ () C:\Users\Robert French\AppData\Roaming\PFP120JPR.{PB2013-04-10 11:49 - 2013-04-16 22:05 - 0005632 _____ () C:\Users\Robert French\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2012-02-23 21:16 - 2012-02-23 21:16 - 0004096 ____H () C:\Users\Robert French\AppData\Local\keyfile3.drm2014-09-24 14:56 - 2014-09-24 14:56 - 0001181 _____ () C:\ProgramData\ezyloancalculator2.ini2012-01-17 15:43 - 2012-01-17 15:43 - 0000268 ___RH () C:\ProgramData\Jazz Kit2012-01-17 15:43 - 2013-11-25 15:25 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT2012-01-17 15:44 - 2015-02-10 14:50 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT Some content of TEMP:====================C:\Users\Robert French\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpukqwuw.dllC:\Users\Robert French\AppData\Local\Temp\Quarantine.exeC:\Users\Robert French\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-09 13:17 ==================== End Of Log ============================
  3. Here is the AdwCleaner Report; I will add the FarBar Recovery report in a few minutes. # AdwCleaner v4.201 - Logfile created 13/04/2015 at 15:07:00 # Updated 08/04/2015 by Xplode # Database : 2015-04-08.1 [server] # Operating system : Windows 7 Professional Service Pack 1 (x64) # Username : Robert French - ROBERTFRENCH # Running from : C:\Users\Robert French\Desktop\adwcleaner_4.201.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Robert French\AppData\Roaming\Mozilla\Firefox\Profiles\ppsczd82.default\Extensions\{84a93d51-b7a9-431e-8ff8-d60e5d7f5df1} Folder Deleted : C:\Users\Robert French\AppData\Roaming\Mozilla\Firefox\Profiles\ppsczd82.default\Extensions\{f894a29a-f065-40c3-bb19-da6057778493} Folder Deleted : C:\Users\Robert French\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj File Deleted : C:\Users\Robert French\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage File Deleted : C:\Users\Robert French\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage-journal ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : HKCU\Software\PIP Key Deleted : HKCU\Software\RegisteredApplicationsEx Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} Key Deleted : HKLM\SOFTWARE\PC_Booster Key Deleted : HKLM\SOFTWARE\PIP Key Deleted : HKLM\SOFTWARE\SPPDCOM Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17689 -\\ Mozilla Firefox v15.0.1 (en-US) -\\ Google Chrome v41.0.2272.118 [C:\Users\Robert French\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl [C:\Users\Robert French\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb [C:\Users\Robert French\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : niloccemoadcdkdjlinkgdfekeahmflj [C:\Users\Robert French\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M9C4C4B34-D708-4CA6-B100-4716EB6E9D0E&SearchSource=55&CUI=&UM=6&UP=SP92BCAE97-2C6F-4AB1-B400-3D1E989129DE&SSPV=Testnew2181B_sp_ch [C:\Users\Robert French\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}", "usage_count": 0 } }, "extensions": { "settings": { "aaaaipnpnbacgmnloflmimhmjonmkggj": { "ack_external": true, "active_permissions": { "api": [ "bookmarks", "contentSettings", "contextMenus", "cookies", "geolocation", "history", "idle", "management", "notifications", "storage", "tabs", "unlimitedStorage", "webRequest", "webRequestBlocking", "webRequestInternal" ], "explicit_host": [ "chrome://favicon/*", "hxxp://*/*", "hxxps://*/*" ], "manifest_permissions": [ ], "scriptable_host": [ "*://*.ask.com/ ************************* AdwCleaner[R0].txt - [5149 bytes] - [13/04/2015 15:01:42] AdwCleaner[s0].txt - [4866 bytes] - [13/04/2015 15:07:00] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4925 bytes] ##########
  4. The same malware message was received; that is, that Malwarebytes detected the presence of PUP.Optional.Trovi.A during the scan. What is your recommendation at this point?
  5. I did perform a System Restore to that date/time, but I continue to experience the problems with Outlook. I will just reinstall it and see if that takes care of the problem. Have I been otherwise successful in eradicating the PUP.Optional.Trovia.A malware?
  6. Yes, I did try to restart my PC on multiple occasions. I believe that this is the zoek-results.log that you inquired about: Zoek.exe v5.0.0.0 Updated 08-April-2015Tool run by Robert French on Sun 04/12/2015 at 14:10:21.64.Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Robert French\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 4/12/2015 2:12:05 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Citrix deleted successfullyC:\PROGRA~2\GUM399D.tmp deleted successfullyC:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfullyC:\PROGRA~2\COMMON~1\LWS deleted successfullyC:\Program Files\Google deleted successfullyC:\PROGRA~3\Trusted Publisher deleted successfullyC:\Users\Robert French\AppData\Roaming\Malwarebytes deleted successfullyC:\Users\Robert French\AppData\Roaming\Search Protection deleted successfullyC:\Users\Robert French\AppData\Roaming\webex deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F2C3263B-B4D1-4323-8AF9-B71B432C2CCF} deleted successfullyHKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfullyHKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfullyHKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfullyHKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfullyHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\ROBERT~1\AppData\Roaming\Mozilla\Firefox\Profiles\ppsczd82.default user.js not found---- Lines spigot removed from prefs.js ----user_pref("startpage.ntsearch_url", " ==== Chromium Fix ====================== C:\Users\Robert French\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoalkaegbieilgaphghkeddmmngllpjn deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS465" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Robert French\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Robert French\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\Robert French\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Robert French\AppData\Local\Mozilla\Firefox\Profiles\ppsczd82.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Robert French\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1524 folders=150 329132267 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\DefaultAppPool\AppData\Local\Temp emptied successfullyC:\Users\Robert French\AppData\Local\Temp will be emptied at rebootC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at rebootC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\ROBERT~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on Sun 04/12/2015 at 15:12:57.51 ======================
  7. By the way, after I ran Zoek, a number of my applications were no longer able to run. The most important one, that is still inoperable, is MS Outlook. I tried reinstalling it without any success. Any recommendations?
  8. That was all that popped up after the computer rebooted. I have found this .txt file in the Zoek directory. I hope that this is the one that you are referring to. restore;|C_Users_ROBERT~1_AppData_Roaming_Mozilla_Firefox_Profiles_ppsczd82.default_prefs_20150412_0257_.backup.vir|C:\Users\ROBERT~1\AppData\Roaming\Mozilla\Firefox\Profiles\ppsczd82.default\prefs.jsrestore;|C_PROGRA~2_YoutUbeAdBlockee|C:\PROGRA~2\YoutUbeAdBlockeerestore;|C_PROGRA~3_2e1bfab786e85000|C:\PROGRA~3\2e1bfab786e85000restore;|C_PROGRA~2_YoutUbeAdBlockee|C:\PROGRA~2\YoutUbeAdBlockeerestore;|C_PROGRA~2_WordPerfect Office 12|C:\PROGRA~2\WordPerfect Office 12restore;|C_PROGRA~2_COMMON~1_Wondershare|C:\PROGRA~2\COMMON~1\Wondersharerestore;|C_Users_Robert French_AppData_Roaming_RHEng|C:\Users\Robert French\AppData\Roaming\RHEngrestore;|C_Users_Robert French_AppData_Roaming_Browser Extensions|C:\Users\Robert French\AppData\Roaming\Browser Extensionsrestore;|C_PROGRA~3_APN|C:\PROGRA~3\APNrestore;|C_PROGRA~3_Partner|C:\PROGRA~3\Partnerrestore;|C_PROGRA~3_YoutUbeAdBlockee|C:\PROGRA~3\YoutUbeAdBlockeerestore;|C_PROGRA~3_YoutUbeAdBlockee|C:\PROGRA~3\YoutUbeAdBlockeerestore;|C_Users_Robert French_AppData_Local_Wondershare|C:\Users\Robert French\AppData\Local\Wondersharerestore;|C_Windows_SysNative_config_systemprofile_Searches|C:\Windows\SysNative\config\systemprofile\Searchesrestore;|C_windows_SysNative_GroupPolicy_Adm|C:\windows\SysNative\GroupPolicy\Admrestore;|C_windows_SysNative_GroupPolicy_Machine|C:\windows\SysNative\GroupPolicy\Machinerestore;|C_windows_SysNative_GroupPolicy_User|C:\windows\SysNative\GroupPolicy\Userrestore;|C_Users_ROBERT~1_AppData_Roaming_Mozilla_Firefox_Profiles_ppsczd82.default_extensions_GtnT2P@UeZir.org|C:\Users\ROBERT~1\AppData\Roaming\Mozilla\Firefox\Profiles\ppsczd82.default\extensions\GtnT2P@UeZir.orgrestore;|C_Users_ROBERT~1_AppData_Roaming_Mozilla_Firefox_Profiles_ppsczd82.default_extensions_P2bu@3.com|C:\Users\ROBERT~1\AppData\Roaming\Mozilla\Firefox\Profiles\ppsczd82.default\extensions\P2bu@3.comrestore;|C_Users_Robert French_AppData_Roaming_Internet Plug-Ins.vir|C:\Users\Robert French\AppData\Roaming\Internet Plug-Insrestore;|C_Users_Robert French_AppData_Roaming_Iterate Items.vir|C:\Users\Robert French\AppData\Roaming\Iterate Itemsrestore;|C_ProgramData_Kernel Extension.vir|C:\ProgramData\Kernel Extensionrestore;|C_Users_Robert French_Downloads_tb_free.exe.vir|C:\Users\Robert French\Downloads\tb_free.exerestore;|C_Windows_AppPatch_Custom_{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb.vir|C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdbrestore;|C_windows_SysNative_GroupPolicy_GPT.INI.vir|C:\windows\SysNative\GroupPolicy\GPT.INIrestore;|C_Windows_Syswow64_GroupPolicy_gpt.ini.vir|C:\Windows\Syswow64\GroupPolicy\gpt.inirestore;|C_Users_Robert French_AppData_Roaming_Mozilla_Firefox_Profiles_ppsczd82.default_extensions_{46eddf51-a4f6-4476-8d6c-31c5187b2a2f}|C:\Users\Robert French\AppData\Roaming\Mozilla\Firefox\Profiles\ppsczd82.default\extensions\{46eddf51-a4f6-4476-8d6c-31c5187b2a2f}restore;|C_Users_ROBERT~1_AppData_Roaming_Mozilla_Firefox_Profiles_ppsczd82.default_extensions_{46eddf51-a4f6-4476-8d6c-31c5187b2a2f}|C:\Users\ROBERT~1\AppData\Roaming\Mozilla\Firefox\Profiles\ppsczd82.default\extensions\{46eddf51-a4f6-4476-8d6c-31c5187b2a2f}restore;|C_Users_Robert French_AppData_Roaming_Mozilla_Firefox_Profiles_ppsczd82.default_extensions_{32da2f20-827d-40aa-a3b4-2fc4a294352e}|C:\Users\Robert French\AppData\Roaming\Mozilla\Firefox\Profiles\ppsczd82.default\extensions\{32da2f20-827d-40aa-a3b4-2fc4a294352e}restore;|C_Users_ROBERT~1_AppData_Roaming_Mozilla_Firefox_Profiles_ppsczd82.default_extensions_{32da2f20-827d-40aa-a3b4-2fc4a294352e}|C:\Users\ROBERT~1\AppData\Roaming\Mozilla\Firefox\Profiles\ppsczd82.default\extensions\{32da2f20-827d-40aa-a3b4-2fc4a294352e}restore;|C_Users_Robert French_AppData_Local_Google_Chrome_User Data_Default_Extensions_aoalkaegbieilgaphghkeddmmngllpjn|C:\Users\Robert French\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoalkaegbieilgaphghkeddmmngllpjnrestore;|C_Users_Robert French_AppData_Local_Google_Chrome_User Data_Default_Extensions_aoalkaegbieilgaphghkeddmmngllpjn|C:\Users\Robert French\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoalkaegbieilgaphghkeddmmngllpjn
  9. Here is the Zoek report: Zoek.exe v5.0.0.0 Updated 08-April-2015Tool run by Robert French on Sun 04/12/2015 at 14:10:21.64.Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Robert French\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 4/12/2015 2:12:05 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Citrix deleted successfullyC:\PROGRA~2\GUM399D.tmp deleted successfullyC:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfullyC:\PROGRA~2\COMMON~1\LWS deleted successfullyC:\Program Files\Google deleted successfullyC:\PROGRA~3\Trusted Publisher deleted successfullyC:\Users\Robert French\AppData\Roaming\Malwarebytes deleted successfullyC:\Users\Robert French\AppData\Roaming\Search Protection deleted successfullyC:\Users\Robert French\AppData\Roaming\webex deleted successfully
  10. I am also having problems with PUP.Optional.Trovi.A reappearing with each new scan of my hard drive. I have read some of the other threads, and have downloaded Farbar Recovery Scan Tool and have run it. I have attached the two logs it created. I have also run RogueKiller and here is that report as well. RogueKiller V10.5.9.0 (x64) [Apr 7 2015] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Robert French [Administrator]Started from : C:\Users\Robert French\Downloads\RogueKillerX64.exeMode : Scan -- Date : 04/11/2015 16:51:06 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 32 ¤¤¤[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\Run | CUCore Agent : "C:\Users\Robert French\AppData\Local\Radvision\Conference Client\7.15.001.46\ConfAgent.exe" /minimize -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\Run | CUCore Agent : "C:\Users\Robert French\AppData\Local\Radvision\Conference Client\7.15.001.46\ConfAgent.exe" /minimize -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416" -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525" -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710" -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718" -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727" -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314" -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530" -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627" -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64" -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811" -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416" -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525" -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710" -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718" -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727" -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314" -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530" -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627" -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64" -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert French\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811" -> Found[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1743672806-1271997639-3640499518-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 4 ¤¤¤[suspicious.Path] GoogleUpdateTaskUserS-1-5-21-1743672806-1271997639-3640499518-1000Core.job -- C:\Users\Robert French\AppData\Local\Google\Update\GoogleUpdate.exe (/c) -> Found[suspicious.Path] GoogleUpdateTaskUserS-1-5-21-1743672806-1271997639-3640499518-1000UA.job -- C:\Users\Robert French\AppData\Local\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Found[suspicious.Path] \\GoogleUpdateTaskUserS-1-5-21-1743672806-1271997639-3640499518-1000Core -- C:\Users\Robert French\AppData\Local\Google\Update\GoogleUpdate.exe (/c) -> Found[suspicious.Path] \\GoogleUpdateTaskUserS-1-5-21-1743672806-1271997639-3640499518-1000UA -- C:\Users\Robert French\AppData\Local\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Found ¤¤¤ Files : 1 ¤¤¤[suspicious.Path][File] LaunchU3.exe.lnk -- C:\Users\Robert French\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk [LNK@] C:\Users\Robert French\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe -> Found ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: INTEL SSDSA2BW160G3L +++++--- User ---[MBR] 97615b800888f506ba9461faa7d2c153[bSP] 391d6b34c9586c89c56a7e0046bd88a3 : Lenovo MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 139125 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 288002048 | Size: 12000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]User = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive1: Seagate FreeAgent GoFlex USB Device +++++--- User ---[MBR] b706261bc849fb705a11c70124dda680[bSP] 5cab7fac78b6fe5301595cea6da44b25 : Empty MBR CodePartition table:0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1430796 MB [Windows XP Bootstrap | Windows XP Bootloader]User = LL1 ... OKError reading LL2 MBR! ([32] The request is not supported. )FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.