Jump to content

Mindspark infection


Recommended Posts

Hi,

Malwarebytes detected 2 instances of pup.generic.mindsark last week, looked at the forum topics but some of the tools recommended vary so I'm afraid I need some help.  My machine is a Lenovo L520 laptop running Windows 10.  Malwarebytes picks up the infection but it reinstalls itself on reboot.  Here's the log, can someone help please?

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 05/09/2016 05:38, SYSTEM, DAVE-THINK, Manual, Malware Database, 2016.9.4.8, 2016.9.5.1,
Protection, 05/09/2016 05:38, SYSTEM, DAVE-THINK, Protection, Refresh, Starting,
Protection, 05/09/2016 05:38, SYSTEM, DAVE-THINK, Protection, Malicious Website Protection, Stopping,
Protection, 05/09/2016 05:38, SYSTEM, DAVE-THINK, Protection, Malicious Website Protection, Stopped,
Protection, 05/09/2016 05:38, SYSTEM, DAVE-THINK, Protection, Refresh, Success,
Protection, 05/09/2016 05:38, SYSTEM, DAVE-THINK, Protection, Malicious Website Protection, Starting,
Protection, 05/09/2016 05:38, SYSTEM, DAVE-THINK, Protection, Malicious Website Protection, Started,

(end)

Link to post
Share on other sites

Thanks to Pondus for the info regarding the log files - think these are the right ones now.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Dave (administrator) on DAVE-THINK (05-09-2016 06:40:41)
Running from C:\Users\Dave\Downloads
Loaded Profiles: Dave (Available Profiles: Dave & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe
(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe
(Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
(Dragon Global) C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\FighterSuiteService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\x64\LiveKitLoader64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrcui.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-19] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [377304 2009-05-25] (Acronis)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-28] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [146600 2015-07-28] (Synaptics)
HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo Group Limited)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4359776 2009-05-25] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [960616 2009-05-25] (Acronis)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-03-21] ()
HKLM-x32\...\Run: [CommonToolkitTray] => C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1696288 2015-02-27] (SPAMfighter ApS)
HKLM-x32\...\Run: [sfagent] => C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe [1050656 2015-12-03] (SPAMfighter ApS)
HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {3f802dee-6919-11e2-a303-e89a8ffca9b0} - "D:\AutoRun.exe"
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {d83995d4-6138-11e6-bdeb-9439e5917cfa} - "D:\AutoRun.exe"
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-03-20]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2030d55d-3156-470a-89b6-c023b848a1ef}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{83b2351b-def0-4a36-bbe7-bfa19d316a79}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enGB465
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enGB465
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {E5469FAC-5226-4BB3-87EA-F4C75B15AA0D} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-21] (Wondershare)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-04] (Oracle Corporation)
BHO-x32: ReImage Browser Helper -> {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} -> C:\Program Files (x86)\ReImageCompanion\jsloader.dll [2012-02-09] (ReImage)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-04] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918
FF DefaultSearchEngine: Yahoo.co.uk
FF Homepage: hxxps://www.google.co.uk/?gfe_rd=cr&ei=8eixVYD7KMOHOraeqJgO
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3195402160-3620752181-2962431074-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-18] (Cisco WebEx LLC)
FF Extension: (ColorZilla) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-09-06]
FF Extension: (MeasureIt) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2016-03-16]
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2016-04-16]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-08-03]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-09-02] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-09-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-07-05] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-09]
CHR Extension: (Google Docs) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-09]
CHR Extension: (Google Drive) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-09]
CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-09]
CHR Extension: (Google Search) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09]
CHR Extension: (Google Sheets) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-09]
CHR Extension: (Google Docs Offline) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-04]
CHR Extension: (ReImage Browser Helper) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmdfpnpdmnjaffhcdbobdjpolhpacaem [2016-02-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-04]
CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-09]
CHR Extension: (Chrome Media Router) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-02]
CHR HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gmdfpnpdmnjaffhcdbobdjpolhpacaem] - C:\Program Files (x86)\ReImageCompanion\blabbers-ch.crx [2012-02-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] ()
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-01-13] (Macrovision Europe Ltd.) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MCEBuddy2x; C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe [34304 2015-12-23] () [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor)
R2 Sage 50 Accounts Control v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe [2396672 2016-05-16] (Sage (UK) Ltd.) [File not signed]
R2 Sage 50 Accounts Service v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe [3474944 2016-05-16] (Sage (UK) Ltd.) [File not signed]
R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed]
R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2015-02-06] (Sage (UK) Limited) [File not signed]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC)
R2 ShowAnalyzerMaster; C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe [2136576 2010-06-05] (Dragon Global) [File not signed]
R2 SPAMfighter Update Service; C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [216608 2015-12-03] (SPAMfighter ApS)
R2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1282592 2015-11-13] (SPAMfighter ApS)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-28] (Synaptics Incorporated)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [256000 2010-12-22] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-28] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [1462304 2015-11-19] (Acronis)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare)
U3 idsvc; no ImagePath
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 06:40 - 2016-09-05 06:41 - 00029037 _____ C:\Users\Dave\Downloads\FRST.txt
2016-09-05 06:40 - 2016-09-05 06:40 - 00000000 ____D C:\FRST
2016-09-05 06:38 - 2016-09-05 06:39 - 02397696 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe
2016-09-02 12:07 - 2016-09-04 11:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-01 14:50 - 2016-09-01 14:50 - 00801692 _____ C:\Users\Dave\Downloads\2016_FFS_Catalogue_page_101_Standard_Bag_Range_-_SB.pdf
2016-08-26 07:40 - 2016-08-26 07:40 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-26 07:39 - 2016-08-26 07:39 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Skype
2016-08-22 15:53 - 2016-08-22 15:53 - 00000010 _____ C:\Users\Dave\Desktop\Blas a Fronlas.txt
2016-08-11 15:24 - 2016-08-11 15:25 - 00111224 _____ C:\Users\Dave\Downloads\3196 Beveridge.pdf
2016-08-10 15:41 - 2016-08-10 15:41 - 04927969 _____ C:\Users\Dave\Downloads\Joint Administrators Progress Report 14.11.15 to 13.05.16.pdf
2016-08-10 15:29 - 2016-08-10 15:29 - 05081674 _____ C:\Users\Dave\Downloads\Joint Administrators Statement of Proposals.pdf
2016-08-10 11:33 - 2016-08-10 11:33 - 00059010 _____ C:\Users\Dave\Downloads\downloadfile(10).PDF
2016-08-10 11:32 - 2016-08-10 11:32 - 00058476 _____ C:\Users\Dave\Downloads\downloadfile(9).PDF
2016-08-10 11:31 - 2016-08-10 11:31 - 00060543 _____ C:\Users\Dave\Downloads\downloadfile(8).PDF
2016-08-10 11:29 - 2016-08-10 11:29 - 00058883 _____ C:\Users\Dave\Downloads\downloadfile(7).PDF
2016-08-10 11:28 - 2016-08-10 11:28 - 00054927 _____ C:\Users\Dave\Downloads\downloadfile(6).PDF
2016-08-10 10:14 - 2016-08-10 10:14 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-08-10 10:14 - 2016-08-10 10:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-08-10 10:11 - 2016-08-03 12:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 10:11 - 2016-08-03 12:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 10:11 - 2016-08-03 12:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 10:11 - 2016-08-03 11:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 10:11 - 2016-08-03 11:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 10:11 - 2016-08-03 11:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 10:11 - 2016-08-03 11:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 10:11 - 2016-08-03 11:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 10:11 - 2016-08-03 11:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 10:11 - 2016-08-03 11:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 10:11 - 2016-08-03 11:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 10:11 - 2016-08-03 11:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 10:11 - 2016-08-03 11:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 10:11 - 2016-08-03 11:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 10:11 - 2016-08-03 11:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 10:11 - 2016-08-03 11:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 10:11 - 2016-08-03 11:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 10:11 - 2016-08-03 11:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 10:11 - 2016-08-03 11:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 10:11 - 2016-08-03 11:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 10:11 - 2016-08-03 11:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 10:11 - 2016-08-03 11:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 10:11 - 2016-08-03 11:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 10:11 - 2016-08-03 11:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 10:11 - 2016-08-03 11:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 10:11 - 2016-08-03 11:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 10:11 - 2016-08-03 10:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 10:11 - 2016-08-03 10:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 10:11 - 2016-08-03 10:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 10:11 - 2016-08-03 10:45 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2016-08-10 10:11 - 2016-08-03 10:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 10:11 - 2016-08-03 10:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 10:11 - 2016-08-03 10:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 10:11 - 2016-08-03 10:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 10:11 - 2016-08-03 10:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-10 10:11 - 2016-08-03 10:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-10 10:11 - 2016-08-03 10:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 10:11 - 2016-08-03 10:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 10:11 - 2016-08-03 10:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-10 10:11 - 2016-08-03 10:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 10:11 - 2016-08-03 10:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 10:11 - 2016-08-03 10:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 10:11 - 2016-08-03 10:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 10:11 - 2016-08-03 10:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 10:11 - 2016-08-03 10:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 10:11 - 2016-08-03 10:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 10:11 - 2016-08-03 10:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 10:11 - 2016-08-03 10:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 10:11 - 2016-08-03 10:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 10:11 - 2016-08-03 10:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 10:11 - 2016-08-03 10:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 10:11 - 2016-08-03 10:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 10:11 - 2016-08-03 10:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 10:11 - 2016-08-03 10:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 10:11 - 2016-08-03 10:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 10:11 - 2016-08-03 10:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 10:11 - 2016-08-03 10:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 10:11 - 2016-08-03 10:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 10:11 - 2016-08-03 10:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 10:11 - 2016-08-03 10:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 10:11 - 2016-08-03 10:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 10:11 - 2016-08-03 10:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 10:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 10:11 - 2016-08-03 10:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 10:11 - 2016-08-03 10:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 10:11 - 2016-08-03 10:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 10:11 - 2016-08-03 10:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-10 10:11 - 2016-08-03 10:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 10:11 - 2016-08-03 10:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-10 10:11 - 2016-08-03 10:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 10:11 - 2016-08-03 10:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 10:11 - 2016-08-03 10:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 10:11 - 2016-08-03 10:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 10:11 - 2016-08-03 10:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 10:11 - 2016-08-03 10:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 10:11 - 2016-08-03 10:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 10:11 - 2016-08-03 10:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 10:11 - 2016-08-03 10:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 10:11 - 2016-08-03 10:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 10:11 - 2016-08-03 10:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 10:11 - 2016-08-03 10:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 10:11 - 2016-08-03 10:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 10:11 - 2016-08-03 10:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 10:11 - 2016-08-03 10:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 10:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 10:11 - 2016-08-03 10:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 10:11 - 2016-08-03 10:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 10:11 - 2016-08-03 10:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 10:11 - 2016-08-03 06:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 10:11 - 2016-08-03 06:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 10:11 - 2016-08-03 06:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 10:11 - 2016-08-03 06:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 10:11 - 2016-08-03 06:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 10:11 - 2016-08-03 06:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 10:11 - 2016-08-03 06:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 10:11 - 2016-08-03 06:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 10:11 - 2016-08-03 06:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 10:11 - 2016-08-03 06:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 10:11 - 2016-08-03 05:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 10:11 - 2016-08-03 05:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 10:11 - 2016-08-03 05:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 10:11 - 2016-08-03 05:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 10:11 - 2016-08-03 05:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 10:11 - 2016-08-03 05:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 10:11 - 2016-08-03 05:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 10:11 - 2016-08-03 05:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 10:11 - 2016-08-03 05:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 10:11 - 2016-08-03 05:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 10:11 - 2016-08-03 05:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 10:11 - 2016-08-03 05:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 10:11 - 2016-08-03 05:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 10:11 - 2016-08-03 05:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 05:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 10:11 - 2016-08-03 05:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 10:11 - 2016-08-03 05:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 10:11 - 2016-08-03 05:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 10:11 - 2016-08-03 05:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 10:11 - 2016-08-03 05:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 10:11 - 2016-08-03 05:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 10:11 - 2016-08-03 05:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 10:11 - 2016-08-03 05:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 10:11 - 2016-08-03 05:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 10:11 - 2016-08-03 05:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 10:11 - 2016-08-03 05:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 10:11 - 2016-08-03 05:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 10:11 - 2016-08-03 05:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 05:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 06:39 - 2012-01-06 00:01 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2016-09-05 06:37 - 2012-01-06 04:42 - 00000000 ____D C:\Users\Dave\Documents\Outlook Files
2016-09-05 06:09 - 2012-04-10 11:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-05 05:49 - 2012-01-06 00:01 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2016-09-05 05:38 - 2016-05-10 14:32 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E5A19858-B5EF-4BC6-82B9-E98777E8C8AB}
2016-09-05 05:38 - 2014-05-19 10:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-05 05:36 - 2012-01-06 03:22 - 00000000 ____D C:\Users\Dave\Documents\Email Folders
2016-09-05 05:35 - 2016-02-09 15:57 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-04 21:59 - 2014-10-17 15:47 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA.job
2016-09-04 11:28 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-04 11:28 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-04 11:20 - 2012-04-26 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-02 22:29 - 2016-07-05 06:42 - 00000000 ____D C:\Users\Dave\AppData\Roaming\foobar2000
2016-09-02 15:59 - 2014-10-17 15:47 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core.job
2016-09-02 14:40 - 2016-04-16 02:31 - 01013760 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-02 14:40 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-01 16:40 - 2012-01-05 20:30 - 00000000 ____D C:\Users\Dave\Documents\Pop's
2016-09-01 12:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-01 12:06 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-26 07:40 - 2016-04-16 07:30 - 00002416 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-26 07:40 - 2016-04-16 07:30 - 00000000 ___RD C:\Users\Dave\OneDrive
2016-08-24 11:50 - 2012-01-05 20:30 - 00000000 ____D C:\Users\Dave\Documents\QUOTES
2016-08-22 11:50 - 2016-04-16 02:31 - 00000000 ____D C:\Users\Dave
2016-08-22 11:42 - 2016-06-01 15:20 - 00000000 ____D C:\Users\Dave\AppData\Local\HTC MediaHub
2016-08-22 11:41 - 2016-02-13 14:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-18 10:09 - 2016-04-28 15:54 - 00000000 ____D C:\Users\Dave\Desktop\Dave Poole
2016-08-17 09:04 - 2011-11-01 23:03 - 00000000 ____D C:\ProgramData\PCDr
2016-08-15 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-13 10:33 - 2016-02-13 14:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-12 10:11 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-12 10:10 - 2016-02-13 14:04 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-12 10:10 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 10:20 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 10:20 - 2013-08-15 03:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 10:15 - 2012-01-07 17:55 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 10:14 - 2016-06-13 15:30 - 00002126 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-08-10 10:14 - 2016-06-13 15:30 - 00002124 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-08-10 10:14 - 2016-06-13 15:30 - 00002114 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-08-10 10:14 - 2016-06-13 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-08 20:16 - 2016-02-09 15:57 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2012-01-09 12:59 - 2016-04-14 15:11 - 0079200 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2016-01-01 21:21 - 2016-02-28 23:10 - 0003584 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-20 10:27 - 2016-01-20 10:27 - 0000852 _____ () C:\Users\Dave\AppData\Local\recently-used.xbel
2015-09-21 14:51 - 2015-09-21 14:51 - 0007605 _____ () C:\Users\Dave\AppData\Local\Resmon.ResmonCfg
2012-08-16 11:49 - 2015-02-03 18:58 - 0006536 _____ () C:\ProgramData\hpzinstall.log
2013-03-24 21:15 - 2016-03-19 18:42 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\Dave\AppData\Local\Temp\iv_uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-05 06:22

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Dave (05-09-2016 06:41:30)
Running from C:\Users\Dave\Downloads
Windows 10 Pro Version 1511 (X64) (2016-04-16 06:27:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3195402160-3620752181-2962431074-500 - Administrator - Disabled)
Dave (S-1-5-21-3195402160-3620752181-2962431074-1000 - Administrator - Enabled) => C:\Users\Dave
DefaultAccount (S-1-5-21-3195402160-3620752181-2962431074-503 - Limited - Disabled)
Guest (S-1-5-21-3195402160-3620752181-2962431074-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3195402160-3620752181-2962431074-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3Connect (HKLM-x32\...\{A899DA1F-D626-401C-8651-F2921E3B4CB3}) (Version: 3.0.0 - 3 Mobile Broadband)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Accounts (x32 Version: 15.0.11.159 - Sage (UK) Ltd) Hidden
Accounts (x32 Version: 22.0.8.191 - Sage (UK) Ltd) Hidden
Acronis True Image Home (HKLM-x32\...\{D1E0E859-F46D-4708-A41D-ED90C0C1822A}) (Version: 12.0.9770.9 - Acronis)
Adobe Acrobat 8.1.0 Standard (HKLM-x32\...\Adobe Acrobat  8 Standard) (Version: 8.1.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
BBC iPlayer Downloads (HKLM-x32\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.910 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.882 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.)
Email Verifier (HKLM-x32\...\Email Verifier) (Version:  - Live Software Inc)
Email Verifier (x32 Version: 6.2 - Live Software Inc) Hidden
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version:  - )
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Network Guide WF-2540 Series (HKLM-x32\...\WF-2540 Series Netg) (Version:  - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{C7AA3D65-1F84-4590-AFAA-0777A04B6687}) (Version: 4.4.1 - SEIKO EPSON CORPORATION)
Epson User's Guide WF-2540 Series (HKLM-x32\...\WF-2540 Series Useg) (Version:  - )
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
ffdshow x64 v1.2.4422 [2012-04-09] (HKLM\...\ffdshow64_is1) (Version: 1.2.4422.0 - )
FileZilla Client 3.15.0.2 (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\FileZilla Client) (Version: 3.15.0.2 - Tim Kosse)
Flixster Video (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\5cdf686a56bda3b1) (Version: 2.6.5.532 - Flixster Video)
foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.72.3 - HTC)
Huawei modem (HKLM-x32\...\Huawei Modems) (Version:  - )
Integrated Camera Driver Installer Package Ver.1.1.0.1132 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1132 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.8.601 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
join.me (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\JoinMe) (Version: 1.5.2.225 - LogMeIn, Inc.)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MCEBuddy 2.x (HKLM\...\{0D3796AA-D867-4278-AEBC-3616AD1F7C3A}) (Version: 2.4.3 - MCEBuddy)
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-GB)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.50.00 - )
OpenOffice.org 3.3 (HKLM-x32\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
Parrot Software Update Tool (HKLM-x32\...\Parrot Flash Update Wizard) (Version:  - )
Python 3.4.0 (64-bit) (HKLM\...\{863162a8-ecc2-35ea-bdf7-e09ac456e164}) (Version: 3.4.150 - Python Software Foundation)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6418 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
ReImageCompanion (HKLM-x32\...\ReImageCompanion) (Version:  - )
Sage 50 Accounts 2016 (HKLM-x32\...\InstallShield_{12CE83F7-1A7F-4728-91CA-99E7DF84B2DC}) (Version: 22.0.8.191 - Sage (UK) Ltd)
Sage Report Designer Service Pack (HKLM-x32\...\{808E694F-2A5F-44A7-BA82-8431B866B2C1}) (Version: 1.00.0000 - Sage (UK) Ltd.)
SBDDesktopUpdateInstaller (x32 Version: 12.1.586.0 - SBDDesktopUpdateInstaller) Hidden
SDataConfigAddInInstaller (x32 Version: 12.1.586.0 - SDataConfigAddInInstaller) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.2102.0 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ShowAnalyzerSuite (HKLM-x32\...\{07C1B166-AAF2-4456-AE5F-48B20FD3124C}) (Version: 1.1.0.825 - Dragon Global)
SPAMfighter (HKLM-x32\...\SPAMfighter) (Version: 7.6.127 - Spamfighter ApS)
SPAMfighter (x32 Version: 7.6.127 - Spamfighter ApS) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.910 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
Windows Driver Package - Intel (iaStor) hdc  (04/26/2011 10.5.0.1026) (HKLM\...\95D0E47871170F0763151CFD697BBAB47A5794F7) (Version: 04/26/2011 10.5.0.1026 - Intel)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )
Wondershare Video Converter Pro(Build 5.1.2.1) (HKLM-x32\...\Wondershare Video Converter Pro_is1) (Version:  - Wondershare Software)
Wondershare Video Converter Ultimate(Build 8.6.0.0) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.6.0.0 - Wondershare Software)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
Zebra Font Downloader (HKLM-x32\...\Zebra Font Downloader_is1) (Version:  - Zebra Technologies Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\880\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {025100CE-B40D-4D78-8C2E-A6758C60EA3A} - System32\Tasks\{2FA8FDB8-84B2-407E-AC1A-8875605519FC} => pcalua.exe -a C:\Users\Dave\Downloads\iview433_setup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {026C9C4D-4FB8-4B5C-9319-0579BAA87555} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0A7E75F5-E831-4DB9-B61E-CDB39D6902A6} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {0A8AB43F-6889-4148-9675-F22349318104} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {0CEB39A4-E2EE-404A-89D1-64ADBEEA8C5C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {0D12E138-D7F3-4DE3-851F-896D8297FD0E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0E9F1406-6743-4497-85B5-7AF39793C57B} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited)
Task: {0EFA0EAC-0540-4137-BBF5-2F3859A5661E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0F3D2144-5143-4334-B51F-E209ADA72B68} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {0FE1D425-1D15-43F8-8EA5-7695EC49DFB1} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {14C099FC-B7D4-42F2-9A48-05F2B786D68F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {19B9ABF8-BC5F-445E-AA77-287D5DBA0497} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {1E99479F-3750-4C72-9176-1E117EE9961A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3EAC044C-C34E-455E-B719-F8F6C34B741D} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {43C70501-D3D4-4D08-8501-E10BD4F89756} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4CB00FE0-BAAF-46A8-A3C2-F73C69316F1C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {4E03F021-2B72-473C-AE44-F804F8DAEC70} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {51376539-ABC9-4D03-BA8C-B8967D76978B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {55241966-A525-483A-80B3-912957AB1D5B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {56619721-81E9-49ED-A050-5094B93782BB} - System32\Tasks\Dave Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {5BA07DE9-AFE8-4F78-BA8C-DD084C955095} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {5D5CEC7B-FC3A-4AAF-9C92-77DF02A658C0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {61417B3F-2CC4-4FA8-B26F-D9C44F81318C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {65DB5A20-74D3-46BB-A32A-9BDA3F100D58} - System32\Tasks\Dave DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-04-01] (Seagate Technology LLC)
Task: {6620AE60-7FD9-4C82-852A-4C59BE211304} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {662ECEAF-F6BA-481B-A344-7AA752D9490C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {6D8247F1-2793-44EA-8594-F74737F2A75E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {6DCB8BD8-D83A-4FAE-84EA-FEF20138898F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {771C96B0-BC46-464D-BCB1-C4AF59762D9D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {7E1AFEE1-5456-4446-A289-F41BACA1048A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-17] (Facebook Inc.)
Task: {81B9AE31-23E3-4E62-BCFF-F4E245BF02F6} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {83B34BC5-9FCE-462B-ACEB-592DB222E2E0} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {85D9FB2A-01B3-4DA1-8DAA-1EF2938CE7C1} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {8A6F6665-22CB-4A09-87C6-E04B977D0151} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8D992057-8332-4078-8BDE-FC3A0D83F724} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {8DE947D3-87DC-41DD-B782-A39D05263B9D} - System32\Tasks\{BDF3DD27-5A11-4B25-89A9-4CEBDE54BF79} => pcalua.exe -a C:\Users\Dave\Downloads\irfanview_plugins_433_setup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {91514B03-773A-4B09-B637-F20DB0705B70} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-04-01] (Seagate Technology LLC)
Task: {9A10568E-EB4E-42D6-AB55-366BD62AE7A8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9E93A860-00F8-4062-8F99-75269EBAE193} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {A1B491D2-3F94-4DA5-950F-B488DE727980} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {A57CDDA4-929F-4106-A334-0367875C4063} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {A77339F7-9E91-45E2-81FF-D30DFAFEB80C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {B98AD9BE-6531-4B0B-B301-990AD31F4EBD} - System32\Tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeReminderTask => C:\Windows\System32\GWX\GWX.exe
Task: {BD0F2DBF-36AA-4CD1-86B5-0758730FD504} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BD13DE06-B699-47D0-9469-B0D784E0E16C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BEACC2AB-B5D6-4D05-9E9D-B26FEC6ADFEA} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-26] (Microsoft Corporation)
Task: {C1C3DBB7-C0B9-4B42-81DE-B2CBFFA219D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)
Task: {C1EFA083-82CB-48E2-AFA6-EF54CD6BD435} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-17] (Facebook Inc.)
Task: {C421AFD3-E9F2-44A7-BEC8-03ACB2E8E28C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {C45474CF-15F0-49CD-BF60-72A528EEF111} - System32\Tasks\Dave => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {C74BCBA9-4357-4035-BB16-6475F1BE322D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {CBF5BBC6-8397-42A6-8C88-968311A3945A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {CE47A082-0881-4AA7-A508-83DDCD3488D0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {CF1FD201-2A91-48C3-AB31-C90B2F545229} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-23] (Lenovo)
Task: {D12D668E-7504-4B5B-8A9D-4613DDA2EAB1} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {D409AD90-4D25-425E-87E3-FAA0945408F3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D8D937D2-8E84-4F41-AA15-368D19A4AD0A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D98C6D61-054B-41BE-BF91-67CCD7846385} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {DCBC3E82-9F51-4DC6-98B2-385D39468667} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E8C08136-AC9B-4B45-981B-62FEB3BB1B71} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {EF19F11F-F341-48CA-B4EF-EE727F3EC5D8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {F030A6A8-E074-454D-B7A5-A6AB8E738883} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F18F7729-813E-4E68-A7A9-6640A12FDF5F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FD6F1A6C-4A40-4B8E-BBB6-1704E1DA0857} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-11 13:42 - 2010-01-28 14:47 - 01737464 _____ () C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
2015-12-23 18:59 - 2015-12-23 18:59 - 00034304 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe
2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-13 12:42 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2011-11-01 22:54 - 2011-08-31 19:03 - 00045568 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2016-07-13 12:42 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-26 07:40 - 2016-08-26 07:40 - 01864384 _____ () C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-04-16 12:04 - 2015-02-27 14:38 - 00721263 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll
2016-02-13 13:54 - 2016-02-13 13:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 12:43 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 12:42 - 2016-07-01 04:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 12:42 - 2016-07-01 04:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 12:42 - 2016-07-01 04:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 12:42 - 2016-07-01 04:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2011-11-01 22:51 - 2010-10-26 21:40 - 00049056 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-04-19 10:26 - 2016-04-19 10:26 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2009-05-28 06:09 - 2009-05-28 06:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2016-08-17 08:55 - 2016-08-17 08:56 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-17 08:55 - 2016-08-17 08:56 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 08:55 - 2016-06-03 08:55 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-04-16 08:02 - 2016-04-16 08:02 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2011-06-27 16:06 - 2011-06-27 16:06 - 00502352 _____ () C:\Program Files\PC-Doctor\libAsapiCSharp.dll
2011-06-27 16:06 - 2011-06-27 16:06 - 00100944 _____ () C:\Program Files\PC-Doctor\libCSharpCommonCS.dll
2011-06-27 16:06 - 2011-06-27 16:06 - 00018512 _____ () C:\Program Files\PC-Doctor\libGapiCSharp.dll
2011-06-27 16:06 - 2011-06-27 16:06 - 00029264 _____ () C:\Program Files\PC-Doctor\libDataStoreCSharp.dll
2011-06-27 16:06 - 2011-06-27 16:06 - 00092752 _____ () C:\Program Files\PC-Doctor\libTonopahClientCSharp.dll
2016-03-09 14:40 - 2016-03-09 14:40 - 00030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2016-06-03 15:37 - 2016-06-03 15:37 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2016-03-09 14:40 - 2016-03-09 14:40 - 00059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2016-03-09 14:40 - 2016-03-09 14:40 - 00035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2016-03-09 14:40 - 2016-03-09 14:40 - 00079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2016-03-09 14:41 - 2016-03-09 14:41 - 00129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2016-03-09 14:42 - 2016-03-09 14:42 - 00223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-08-13 17:21 - 2016-05-16 16:52 - 01382048 ____N () C:\Program Files (x86)\Sage\AccountsServiceV22\cpprest100_1_2.dll
2011-11-01 22:54 - 2011-08-31 19:03 - 00081920 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMROV.DLL
2016-08-26 07:39 - 2016-08-26 07:39 - 01383616 _____ () C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-26 07:40 - 2016-08-26 07:40 - 00118976 _____ () C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2015-12-03 11:29 - 2015-12-03 11:29 - 00541216 _____ () C:\Program Files (x86)\Fighters\SPAMfighter\sfsg.dll
2015-12-03 11:28 - 2015-12-03 11:28 - 00966688 _____ () C:\Program Files (x86)\Fighters\SPAMfighter\sfse.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2016-04-16 07:36 - 2016-04-16 07:36 - 00053760 _____ () C:\Users\Dave\AppData\Local\assembly\dl3\E9VX5H0O.X7B\8HXOLOQM.ZEB\d84d4b5d\006b296d_7f44cf01\Outlook07DymoAddIn.DLL
2016-04-16 07:36 - 2016-04-16 07:36 - 00093696 _____ () C:\Users\Dave\AppData\Local\assembly\dl3\E9VX5H0O.X7B\8HXOLOQM.ZEB\88829073\00eae00f_7e44cf01\DYMO.Common.DLL
2015-11-11 03:42 - 2015-11-11 03:42 - 01045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2016-04-19 10:26 - 2016-04-19 10:26 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 10:26 - 2016-04-19 10:26 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-02-12 16:50 - 00000851 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Think\Think_Blue.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ALCKRESI.EXE => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DBAgent => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
MSCONFIG\startupreg: DLSService => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
MSCONFIG\startupreg: DymoQuickPrint => "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: Facebook Update => "C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
MSCONFIG\startupreg: LTT => C:\Program Files\PC-Doctor\EnableToolbarW32.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TpShocks => TpShocks.exe
MSCONFIG\startupreg: Uploader => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
HKLM\...\StartupApproved\Run32: => "PWMTRV"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\StartupApproved\Run: => "GoogleDriveSync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{E2FBDC54-2BD2-4FD3-83B9-89925871466F}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe
FirewallRules: [TCP Query User{F03878F2-D27A-455D-9C1D-17ADE2CDC137}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe
FirewallRules: [UDP Query User{B566473A-961C-475B-9D48-65FE51766D54}C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe] => (Block) C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe
FirewallRules: [TCP Query User{00164986-4ED2-4D0A-99F4-AD34190C1CA8}C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe] => (Block) C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe
FirewallRules: [{6AD08CC3-B4C6-45AA-BC35-C35AD9F27AF5}] => (Block) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{57D6181C-9E90-46CF-AAD8-69045167EF34}] => (Block) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [UDP Query User{9B650AB8-D643-479D-A632-1AF4891871FC}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [TCP Query User{AA1A1DE4-CD34-40F9-A0D2-8F5EBF02FAA3}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{3B105B4A-6DB1-4561-9B19-9E842D49014D}] => (Block) C:\xampp\apache\bin\httpd.exe
FirewallRules: [{A5175E7B-DA04-4DE9-AEFE-E909E6A8EB27}] => (Block) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{E6BA0614-CA91-4274-B02E-1EDC42F145B1}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{F54E9E43-78D0-4A94-AD26-6F31DB412C51}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [{C2553B23-8199-4F41-B792-A7F71D7A298D}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe
FirewallRules: [{4D60A337-930B-4A77-8FA9-FA0D31C78D71}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe
FirewallRules: [UDP Query User{1BA5E64F-1CAD-45CD-9537-B22B723D525A}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\medialibserver.exe
FirewallRules: [TCP Query User{B0EC78D1-D462-4D9F-BA1B-8EB4D252B467}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\medialibserver.exe
FirewallRules: [UDP Query User{BA841123-3947-4841-95D8-EE33E87B11BA}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe
FirewallRules: [TCP Query User{BB885D48-C5AB-4121-A4E0-58D9D8EAB17B}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe
FirewallRules: [{C93C135A-3482-479B-87C5-1795DA23D5C6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B4AB97BC-DC0B-4DD4-B16B-A76032398898}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{19AFD58A-3067-4E57-8C4A-840B35BB1818}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C9E630E1-0810-4385-89E3-96F4C5B08FB1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0733DDB6-B2AD-4FEA-A22E-E7C2B7B56346}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A30DB4AF-CB2A-4DC3-9624-125CBFA22728}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{F20D6ABD-07EC-4F8D-A72D-D005E494A2EA}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{97F3A88A-1414-4D35-8AF2-F6BDD4B6F359}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{68E306F1-9816-4C84-BBFB-1C9E602C8607}] => (Allow) LPort=8888
FirewallRules: [UDP Query User{C3631B32-6194-4B92-A2B0-CE9E1E559D0F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3B06458C-2AAB-434C-B167-36091779A20D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1705E34A-85E2-4F96-A769-C327FB10BBFD}C:\users\dave\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{821E65EC-3B6D-4DEF-95A9-78004FFE9160}C:\users\dave\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AB45CA04-0DE9-46FA-8FE9-294238B2F34E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{36FB540E-8280-4AA6-BB81-1623E15DACFB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{94AC206C-61AF-4B4A-A56D-20B5D1800CBB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{F8E78B8E-D59F-44FE-9319-6584D2C3090A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C7C33E5D-1098-4623-9C5B-F83D7290D0BB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{31363357-B278-4306-B6DC-BF50EA8C6EF0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{DA00CE47-176C-495F-ADCC-ECCE207A1990}] => (Allow) G:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{F7A7A8C2-C96D-4831-A45F-A764F87592DD}] => (Allow) G:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{2541487E-5EDB-4CC7-BB13-63BF356F41C2}] => (Allow) C:\Users\Dave\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{8D6AD0CD-234C-4D29-973A-335962ADD84D}] => (Allow) LPort=8888
FirewallRules: [UDP Query User{31D7E403-50B4-417D-A6A1-9815278C42AD}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{2CA8C855-19B9-476C-9A6C-912F88E0A842}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{684C0FB3-876E-4F35-8270-9C14ACDF7CAB}C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe
FirewallRules: [TCP Query User{83B9B898-3962-4CBB-8746-CBE6AC3728F7}C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe
FirewallRules: [{EDDADA75-5EBF-4697-BC46-F01BF22B77D4}] => (Allow) C:\Users\Dave\AppData\Local\Temp\7zS4A15\HPDiagnosticCoreUI.exe
FirewallRules: [{7D2E151C-EA7A-44CD-89CE-863DC3E874F2}] => (Allow) C:\Users\Dave\AppData\Local\Temp\7zS4A15\HPDiagnosticCoreUI.exe
FirewallRules: [UDP Query User{DA04391C-5E3C-4662-A160-E8024F42A0C9}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [TCP Query User{6E0C638D-BC1A-431E-97FF-5C3DD3B44EA2}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{062E0EC3-1A5D-45AC-8DE3-E4FDC5C4CB49}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{C628E08C-AB5D-45B6-8300-D07D87441395}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{FFF66738-8DDD-4122-A03D-1BEB25CB8450}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{8E54B49A-B4CE-4AD9-A46B-87676F6EE16B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{65B33B26-6A29-4604-AE59-039308C46B5E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{970AB776-EF40-4358-BFBD-86CCC1064300}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{1DBA06E0-8C69-432B-B8C1-EF95C60D1BDD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{49E373F4-5F6E-46A5-BF2F-C24C8E8621C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{DC466A1D-6C59-4D68-BED4-904090D4B094}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{093D17F8-A204-4A34-90B9-AC10DC25D21C}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{6D46DE04-5A8A-400A-B3E3-08F3462B3B24}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{9FBD5A68-D783-4173-BCC8-8036DDAFC5D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{911D4B1F-41C5-4DA7-87C0-E34BFA47AF80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{D1DCBE46-027B-49C2-A8E3-0E06B1D647E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [TCP Query User{7B8D5D5C-220B-4B70-ADC8-EA529F9AFAA3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{71D2E034-7422-4C84-B9D3-49CBB270E735}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{24D50A94-0B6C-4C21-951A-D95E146F7302}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe
FirewallRules: [UDP Query User{67D20E17-D1C3-4153-99A4-6B0599FE1DB7}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe
FirewallRules: [TCP Query User{C10FC48D-E6E5-480E-B34A-620C92CD2DE9}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu\medialibserver.exe
FirewallRules: [UDP Query User{DFB80BC7-2950-429C-A878-8960CCAE140B}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu\medialibserver.exe
FirewallRules: [{DA843970-1DAF-465E-853D-B3B512DD701D}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{5495F6C3-AA50-4FB3-9CAB-D0CACDA0A72A}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{A19FB1B6-43DD-4EFB-B153-F6DBCD0F4B45}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9453DA5B-57C5-4A7F-ACAE-275F60D97764}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{6DE4A561-BE88-44CC-B95A-91D362DDECE7}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe

==================== Restore Points =========================

18-08-2016 09:35:42 Scheduled Checkpoint
26-08-2016 07:43:52 Windows Update
01-09-2016 12:06:48 Windows Update

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2016 05:49:07 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:07:0000)(214504) enumerator - Error -- 116 pcdrsysinfosystemboard: Module timed out after 120895 milliseconds and was terminated

Error: (09/05/2016 05:49:07 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:07:0000)(214504) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec.

Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9960)(214504) libCommon.System.Windows - Error -- 726 execAndGetPipeData(./pcdrsysinfosystemboard.p5x) readFromPipeTimed failed, killing: 211080

Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9960)(214504) libCommon.System.Windows - Error -- 635 readFromPipeTimed(1200) timed out after 119998 totalBytes: 0

Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9250)(214504) enumerator - Error -- 116 pcdrsysinfodirect: Module timed out after 120820 milliseconds and was terminated

Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9250)(214504) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec.

Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9210)(214504) libCommon.System.Windows - Error -- 726 execAndGetPipeData(./pcdrsysinfodirect.p5x) readFromPipeTimed failed, killing: 208504

Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9210)(214504) libCommon.System.Windows - Error -- 635 readFromPipeTimed(1208) timed out after 119999 totalBytes: 0

Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9090)(214504) enumerator - Error -- 116 pcdrsysinfocpu_x86: Module timed out after 120803 milliseconds and was terminated

Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9080)(214504) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec.


System errors:
=============
Error: (09/04/2016 10:03:55 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_f7aacdd service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_f7aacdd service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_f7aacdd service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_f7aacdd service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/04/2016 02:07:50 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (09/04/2016 02:07:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_e6a6935 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/04/2016 02:07:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_e6a6935 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/04/2016 02:07:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_e6a6935 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/04/2016 02:07:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_e6a6935 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-09-05 06:39:35.054
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 06:39:35.042
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 06:39:35.027
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 06:39:34.681
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 06:39:34.607
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 05:41:22.823
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 05:41:22.809
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 05:41:22.793
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 05:41:16.391
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 05:41:16.377
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 52%
Total physical RAM: 8032.48 MB
Available physical RAM: 3816.5 MB
Total Virtual: 16224.48 MB
Available Virtual: 11201.76 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:221.31 GB) (Free:59.58 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive y: () (Network) (Total:2778.53 GB) (Free:1336.9 GB)
Drive z: () (Network) (Total:2778.53 GB) (Free:1336.9 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 000297F0)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Link to post
Share on other sites

Hello wirey and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Scan with Zemana AntiMalware Free from the following link and save to your Desktop:

https://www.zemana.com/Download/AntiMalware/Setup/Free/Zemana.AntiMalware.Setup.exe
 

  • Double-click software shortcut on the desktop and follow the prompts to install the program.
  • Accept the EULA when offered.
  • If an update is available, click the Update now button.
  • At the end Click Settings (Cog wheel top r/h corner) > Advanced > ''I have read the warning an wish to proceed anyway...
  • Checkmark Auto Launch
  • UnCheckmark Auto Upload
  • Checkmark All Browser Extensions
  • Smart scan settings to replace as deep scan
  • Close all open files, folders and browsers
  • Click scan now and a threat Scan will begin.
  • When the scan is complete, Press report and post the report.


Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Let me see those logs in your next reply...

Thank you,

Kevin...
Link to post
Share on other sites

Hi Kevin,

 

Thanks very much for the prompt reply.  Think I've done everything you said but Malwarebytes is still showing the same infections - here's the logs you asked to see.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Dave (administrator) on DAVE-THINK (05-09-2016 21:05:19)
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave (Available Profiles: Dave & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe
(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe
(Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
(Dragon Global) C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\FighterSuiteService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\x64\LiveKitLoader64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrcui.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrsysinfocpu_x86.p5x
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-19] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [377304 2009-05-25] (Acronis)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-28] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [146600 2015-07-28] (Synaptics)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)
HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo Group Limited)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4359776 2009-05-25] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [960616 2009-05-25] (Acronis)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-03-21] ()
HKLM-x32\...\Run: [CommonToolkitTray] => C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1696288 2015-02-27] (SPAMfighter ApS)
HKLM-x32\...\Run: [sfagent] => C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe [1050656 2015-12-03] (SPAMfighter ApS)
HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {3f802dee-6919-11e2-a303-e89a8ffca9b0} - "D:\AutoRun.exe"
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {d83995d4-6138-11e6-bdeb-9439e5917cfa} - "D:\AutoRun.exe"
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-03-20]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2030d55d-3156-470a-89b6-c023b848a1ef}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{83b2351b-def0-4a36-bbe7-bfa19d316a79}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enGB465
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enGB465
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {E5469FAC-5226-4BB3-87EA-F4C75B15AA0D} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-21] (Wondershare)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-04] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-04] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918
FF DefaultSearchEngine: Yahoo.co.uk
FF Homepage: hxxps://www.google.co.uk/?gfe_rd=cr&ei=8eixVYD7KMOHOraeqJgO
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3195402160-3620752181-2962431074-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-18] (Cisco WebEx LLC)
FF Extension: (No Name) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [not found]
FF Extension: (No Name) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [not found]
FF Extension: (No Name) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [not found]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-09-02] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-09-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on => not found

Chrome:
=======
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default
CHR HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gmdfpnpdmnjaffhcdbobdjpolhpacaem] - C:\Program Files (x86)\ReImageCompanion\blabbers-ch.crx [2012-02-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] ()
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-01-13] (Macrovision Europe Ltd.) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MCEBuddy2x; C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe [34304 2015-12-23] () [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor)
R2 Sage 50 Accounts Control v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe [2396672 2016-05-16] (Sage (UK) Ltd.) [File not signed]
R2 Sage 50 Accounts Service v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe [3474944 2016-05-16] (Sage (UK) Ltd.) [File not signed]
R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed]
R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2015-02-06] (Sage (UK) Limited) [File not signed]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC)
R2 ShowAnalyzerMaster; C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe [2136576 2010-06-05] (Dragon Global) [File not signed]
R2 SPAMfighter Update Service; C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [216608 2015-12-03] (SPAMfighter ApS)
R2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1282592 2015-11-13] (SPAMfighter ApS)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-28] (Synaptics Incorporated)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [256000 2010-12-22] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-28] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [1462304 2015-11-19] (Acronis)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-09-05] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-05] (Zemana Ltd.)
U3 idsvc; no ImagePath
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 21:01 - 2016-09-05 21:01 - 00018394 _____ C:\Users\Dave\Desktop\Zemana20160905.txt
2016-09-05 19:07 - 2016-09-05 19:07 - 00002076 _____ C:\Users\Dave\Desktop\rkill.txt
2016-09-05 19:03 - 2016-09-05 19:04 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\iExplore.exe
2016-09-05 19:02 - 2016-09-05 19:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\rkill.com
2016-09-05 18:57 - 2016-09-05 18:58 - 00063502 _____ C:\Users\Dave\Desktop\Addition.txt
2016-09-05 18:56 - 2016-09-05 21:05 - 00027087 _____ C:\Users\Dave\Desktop\FRST.txt
2016-09-05 17:45 - 2016-09-05 17:45 - 02397696 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2016-09-05 17:26 - 2016-09-05 21:05 - 00301862 _____ C:\WINDOWS\ZAM.krnl.trace
2016-09-05 17:26 - 2016-09-05 21:05 - 00296305 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-09-05 17:26 - 2016-09-05 17:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-09-05 17:26 - 2016-09-05 17:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-09-05 17:26 - 2016-09-05 17:26 - 00001232 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-09-05 17:26 - 2016-09-05 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-09-05 17:26 - 2016-09-05 17:26 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-09-05 17:25 - 2016-09-05 17:25 - 00000000 ____D C:\Users\Dave\AppData\Local\Zemana
2016-09-05 17:24 - 2016-09-05 17:24 - 05292304 _____ ( ) C:\Users\Dave\Desktop\Zemana.AntiMalware.Setup.exe
2016-09-05 17:20 - 2016-09-05 17:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\rkill.exe
2016-09-05 06:41 - 2016-09-05 06:42 - 00065951 _____ C:\Users\Dave\Downloads\Addition.txt
2016-09-05 06:40 - 2016-09-05 21:04 - 00000000 ____D C:\FRST
2016-09-05 06:40 - 2016-09-05 06:42 - 00052321 _____ C:\Users\Dave\Downloads\FRST.txt
2016-09-05 06:38 - 2016-09-05 06:39 - 02397696 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe
2016-09-02 12:07 - 2016-09-04 11:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-01 14:50 - 2016-09-01 14:50 - 00801692 _____ C:\Users\Dave\Downloads\2016_FFS_Catalogue_page_101_Standard_Bag_Range_-_SB.pdf
2016-08-26 07:40 - 2016-08-26 07:40 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-26 07:39 - 2016-08-26 07:39 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Skype
2016-08-22 15:53 - 2016-08-22 15:53 - 00000010 _____ C:\Users\Dave\Desktop\Blas a Fronlas.txt
2016-08-11 15:24 - 2016-08-11 15:25 - 00111224 _____ C:\Users\Dave\Downloads\3196 Beveridge.pdf
2016-08-10 15:41 - 2016-08-10 15:41 - 04927969 _____ C:\Users\Dave\Downloads\Joint Administrators Progress Report 14.11.15 to 13.05.16.pdf
2016-08-10 15:29 - 2016-08-10 15:29 - 05081674 _____ C:\Users\Dave\Downloads\Joint Administrators Statement of Proposals.pdf
2016-08-10 11:33 - 2016-08-10 11:33 - 00059010 _____ C:\Users\Dave\Downloads\downloadfile(10).PDF
2016-08-10 11:32 - 2016-08-10 11:32 - 00058476 _____ C:\Users\Dave\Downloads\downloadfile(9).PDF
2016-08-10 11:31 - 2016-08-10 11:31 - 00060543 _____ C:\Users\Dave\Downloads\downloadfile(8).PDF
2016-08-10 11:29 - 2016-08-10 11:29 - 00058883 _____ C:\Users\Dave\Downloads\downloadfile(7).PDF
2016-08-10 11:28 - 2016-08-10 11:28 - 00054927 _____ C:\Users\Dave\Downloads\downloadfile(6).PDF
2016-08-10 10:14 - 2016-08-10 10:14 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-08-10 10:14 - 2016-08-10 10:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-08-10 10:11 - 2016-08-03 12:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 10:11 - 2016-08-03 12:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 10:11 - 2016-08-03 12:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 10:11 - 2016-08-03 11:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 10:11 - 2016-08-03 11:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 10:11 - 2016-08-03 11:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 10:11 - 2016-08-03 11:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 10:11 - 2016-08-03 11:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 10:11 - 2016-08-03 11:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 10:11 - 2016-08-03 11:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 10:11 - 2016-08-03 11:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 10:11 - 2016-08-03 11:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 10:11 - 2016-08-03 11:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 10:11 - 2016-08-03 11:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 10:11 - 2016-08-03 11:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 10:11 - 2016-08-03 11:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 10:11 - 2016-08-03 11:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 10:11 - 2016-08-03 11:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 10:11 - 2016-08-03 11:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 10:11 - 2016-08-03 11:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 10:11 - 2016-08-03 11:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 10:11 - 2016-08-03 11:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 10:11 - 2016-08-03 11:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 10:11 - 2016-08-03 11:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 10:11 - 2016-08-03 11:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 10:11 - 2016-08-03 11:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 10:11 - 2016-08-03 10:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 10:11 - 2016-08-03 10:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 10:11 - 2016-08-03 10:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 10:11 - 2016-08-03 10:45 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2016-08-10 10:11 - 2016-08-03 10:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 10:11 - 2016-08-03 10:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 10:11 - 2016-08-03 10:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 10:11 - 2016-08-03 10:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 10:11 - 2016-08-03 10:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-10 10:11 - 2016-08-03 10:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-10 10:11 - 2016-08-03 10:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 10:11 - 2016-08-03 10:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 10:11 - 2016-08-03 10:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-10 10:11 - 2016-08-03 10:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 10:11 - 2016-08-03 10:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 10:11 - 2016-08-03 10:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 10:11 - 2016-08-03 10:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 10:11 - 2016-08-03 10:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 10:11 - 2016-08-03 10:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 10:11 - 2016-08-03 10:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 10:11 - 2016-08-03 10:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 10:11 - 2016-08-03 10:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 10:11 - 2016-08-03 10:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 10:11 - 2016-08-03 10:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 10:11 - 2016-08-03 10:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 10:11 - 2016-08-03 10:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 10:11 - 2016-08-03 10:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 10:11 - 2016-08-03 10:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 10:11 - 2016-08-03 10:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 10:11 - 2016-08-03 10:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 10:11 - 2016-08-03 10:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 10:11 - 2016-08-03 10:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 10:11 - 2016-08-03 10:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 10:11 - 2016-08-03 10:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 10:11 - 2016-08-03 10:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 10:11 - 2016-08-03 10:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 10:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 10:11 - 2016-08-03 10:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 10:11 - 2016-08-03 10:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 10:11 - 2016-08-03 10:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 10:11 - 2016-08-03 10:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-10 10:11 - 2016-08-03 10:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 10:11 - 2016-08-03 10:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-10 10:11 - 2016-08-03 10:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 10:11 - 2016-08-03 10:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 10:11 - 2016-08-03 10:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 10:11 - 2016-08-03 10:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 10:11 - 2016-08-03 10:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 10:11 - 2016-08-03 10:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 10:11 - 2016-08-03 10:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 10:11 - 2016-08-03 10:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 10:11 - 2016-08-03 10:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 10:11 - 2016-08-03 10:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 10:11 - 2016-08-03 10:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 10:11 - 2016-08-03 10:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 10:11 - 2016-08-03 10:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 10:11 - 2016-08-03 10:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 10:11 - 2016-08-03 10:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 10:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 10:11 - 2016-08-03 10:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 10:11 - 2016-08-03 10:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 10:11 - 2016-08-03 10:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 10:11 - 2016-08-03 06:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 10:11 - 2016-08-03 06:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 10:11 - 2016-08-03 06:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 10:11 - 2016-08-03 06:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 10:11 - 2016-08-03 06:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 10:11 - 2016-08-03 06:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 10:11 - 2016-08-03 06:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 10:11 - 2016-08-03 06:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 10:11 - 2016-08-03 06:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 10:11 - 2016-08-03 06:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 10:11 - 2016-08-03 05:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 10:11 - 2016-08-03 05:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 10:11 - 2016-08-03 05:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 10:11 - 2016-08-03 05:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 10:11 - 2016-08-03 05:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 10:11 - 2016-08-03 05:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 10:11 - 2016-08-03 05:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 10:11 - 2016-08-03 05:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 10:11 - 2016-08-03 05:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 10:11 - 2016-08-03 05:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 10:11 - 2016-08-03 05:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 10:11 - 2016-08-03 05:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 10:11 - 2016-08-03 05:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 10:11 - 2016-08-03 05:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 05:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 10:11 - 2016-08-03 05:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 10:11 - 2016-08-03 05:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 10:11 - 2016-08-03 05:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 10:11 - 2016-08-03 05:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 10:11 - 2016-08-03 05:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 10:11 - 2016-08-03 05:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 10:11 - 2016-08-03 05:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 10:11 - 2016-08-03 05:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 10:11 - 2016-08-03 05:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 10:11 - 2016-08-03 05:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 10:11 - 2016-08-03 05:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 10:11 - 2016-08-03 05:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 10:11 - 2016-08-03 05:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 05:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 21:00 - 2012-03-21 17:22 - 00000000 ____D C:\Users\Dave\AppData\LocalLow\WinZipBar
2016-09-05 21:00 - 2012-02-16 18:05 - 00000000 ____D C:\Program Files (x86)\ReImageCompanion
2016-09-05 20:54 - 2012-01-06 00:01 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2016-09-05 20:09 - 2012-04-10 11:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-05 19:53 - 2014-05-19 10:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-05 19:28 - 2012-01-06 04:42 - 00000000 ____D C:\Users\Dave\Documents\Outlook Files
2016-09-05 19:28 - 2012-01-06 03:22 - 00000000 ____D C:\Users\Dave\Documents\Email Folders
2016-09-05 19:07 - 2016-04-16 02:31 - 00000000 ____D C:\Users\Dave
2016-09-05 19:00 - 2012-01-06 00:01 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2016-09-05 18:59 - 2014-10-17 15:47 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA.job
2016-09-05 18:53 - 2016-02-09 15:57 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-05 18:25 - 2016-05-10 14:32 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E5A19858-B5EF-4BC6-82B9-E98777E8C8AB}
2016-09-05 17:47 - 2016-07-28 17:23 - 00000000 ____D C:\Users\Dave\AppData\Local\Deployment
2016-09-05 15:59 - 2014-10-17 15:47 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core.job
2016-09-05 12:51 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-05 11:52 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-05 10:33 - 2016-04-16 02:31 - 01013760 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-05 10:33 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-04 11:20 - 2012-04-26 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-02 22:29 - 2016-07-05 06:42 - 00000000 ____D C:\Users\Dave\AppData\Roaming\foobar2000
2016-09-01 16:40 - 2012-01-05 20:30 - 00000000 ____D C:\Users\Dave\Documents\Pop's
2016-09-01 12:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-01 12:06 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-26 07:40 - 2016-04-16 07:30 - 00002416 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-26 07:40 - 2016-04-16 07:30 - 00000000 ___RD C:\Users\Dave\OneDrive
2016-08-24 11:50 - 2012-01-05 20:30 - 00000000 ____D C:\Users\Dave\Documents\QUOTES
2016-08-22 11:42 - 2016-06-01 15:20 - 00000000 ____D C:\Users\Dave\AppData\Local\HTC MediaHub
2016-08-22 11:41 - 2016-02-13 14:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-18 10:09 - 2016-04-28 15:54 - 00000000 ____D C:\Users\Dave\Desktop\Dave Poole
2016-08-17 09:04 - 2011-11-01 23:03 - 00000000 ____D C:\ProgramData\PCDr
2016-08-15 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-13 10:33 - 2016-02-13 14:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-12 10:11 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-12 10:10 - 2016-02-13 14:04 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-12 10:10 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 10:20 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 10:20 - 2013-08-15 03:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 10:15 - 2012-01-07 17:55 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 10:14 - 2016-06-13 15:30 - 00002126 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-08-10 10:14 - 2016-06-13 15:30 - 00002124 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-08-10 10:14 - 2016-06-13 15:30 - 00002114 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-08-10 10:14 - 2016-06-13 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-08 20:16 - 2016-02-09 15:57 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2012-01-09 12:59 - 2016-04-14 15:11 - 0079200 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2016-01-01 21:21 - 2016-02-28 23:10 - 0003584 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-20 10:27 - 2016-01-20 10:27 - 0000852 _____ () C:\Users\Dave\AppData\Local\recently-used.xbel
2015-09-21 14:51 - 2015-09-21 14:51 - 0007605 _____ () C:\Users\Dave\AppData\Local\Resmon.ResmonCfg
2012-08-16 11:49 - 2015-02-03 18:58 - 0006536 _____ () C:\ProgramData\hpzinstall.log
2013-03-24 21:15 - 2016-03-19 18:42 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\Dave\AppData\Local\Temp\iv_uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-05 06:22

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Dave (05-09-2016 18:57:17)
Running from C:\Users\Dave\Desktop
Windows 10 Pro Version 1511 (X64) (2016-04-16 06:27:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3195402160-3620752181-2962431074-500 - Administrator - Disabled)
Dave (S-1-5-21-3195402160-3620752181-2962431074-1000 - Administrator - Enabled) => C:\Users\Dave
DefaultAccount (S-1-5-21-3195402160-3620752181-2962431074-503 - Limited - Disabled)
Guest (S-1-5-21-3195402160-3620752181-2962431074-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3195402160-3620752181-2962431074-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3Connect (HKLM-x32\...\{A899DA1F-D626-401C-8651-F2921E3B4CB3}) (Version: 3.0.0 - 3 Mobile Broadband)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Accounts (x32 Version: 15.0.11.159 - Sage (UK) Ltd) Hidden
Accounts (x32 Version: 22.0.8.191 - Sage (UK) Ltd) Hidden
Acronis True Image Home (HKLM-x32\...\{D1E0E859-F46D-4708-A41D-ED90C0C1822A}) (Version: 12.0.9770.9 - Acronis)
Adobe Acrobat 8.1.0 Standard (HKLM-x32\...\Adobe Acrobat  8 Standard) (Version: 8.1.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
BBC iPlayer Downloads (HKLM-x32\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.910 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.882 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.)
Email Verifier (HKLM-x32\...\Email Verifier) (Version:  - Live Software Inc)
Email Verifier (x32 Version: 6.2 - Live Software Inc) Hidden
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version:  - )
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Network Guide WF-2540 Series (HKLM-x32\...\WF-2540 Series Netg) (Version:  - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{C7AA3D65-1F84-4590-AFAA-0777A04B6687}) (Version: 4.4.1 - SEIKO EPSON CORPORATION)
Epson User's Guide WF-2540 Series (HKLM-x32\...\WF-2540 Series Useg) (Version:  - )
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
ffdshow x64 v1.2.4422 [2012-04-09] (HKLM\...\ffdshow64_is1) (Version: 1.2.4422.0 - )
FileZilla Client 3.15.0.2 (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\FileZilla Client) (Version: 3.15.0.2 - Tim Kosse)
Flixster Video (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\5cdf686a56bda3b1) (Version: 2.6.5.532 - Flixster Video)
foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.72.3 - HTC)
Huawei modem (HKLM-x32\...\Huawei Modems) (Version:  - )
Integrated Camera Driver Installer Package Ver.1.1.0.1132 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1132 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.8.601 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
join.me (HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\JoinMe) (Version: 1.5.2.225 - LogMeIn, Inc.)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MCEBuddy 2.x (HKLM\...\{0D3796AA-D867-4278-AEBC-3616AD1F7C3A}) (Version: 2.4.3 - MCEBuddy)
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-GB)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.50.00 - )
OpenOffice.org 3.3 (HKLM-x32\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
Parrot Software Update Tool (HKLM-x32\...\Parrot Flash Update Wizard) (Version:  - )
Python 3.4.0 (64-bit) (HKLM\...\{863162a8-ecc2-35ea-bdf7-e09ac456e164}) (Version: 3.4.150 - Python Software Foundation)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6418 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
ReImageCompanion (HKLM-x32\...\ReImageCompanion) (Version:  - )
Sage 50 Accounts 2016 (HKLM-x32\...\InstallShield_{12CE83F7-1A7F-4728-91CA-99E7DF84B2DC}) (Version: 22.0.8.191 - Sage (UK) Ltd)
Sage Report Designer Service Pack (HKLM-x32\...\{808E694F-2A5F-44A7-BA82-8431B866B2C1}) (Version: 1.00.0000 - Sage (UK) Ltd.)
SBDDesktopUpdateInstaller (x32 Version: 12.1.586.0 - SBDDesktopUpdateInstaller) Hidden
SDataConfigAddInInstaller (x32 Version: 12.1.586.0 - SDataConfigAddInInstaller) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.2102.0 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ShowAnalyzerSuite (HKLM-x32\...\{07C1B166-AAF2-4456-AE5F-48B20FD3124C}) (Version: 1.1.0.825 - Dragon Global)
SPAMfighter (HKLM-x32\...\SPAMfighter) (Version: 7.6.127 - Spamfighter ApS)
SPAMfighter (x32 Version: 7.6.127 - Spamfighter ApS) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.910 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
Windows Driver Package - Intel (iaStor) hdc  (04/26/2011 10.5.0.1026) (HKLM\...\95D0E47871170F0763151CFD697BBAB47A5794F7) (Version: 04/26/2011 10.5.0.1026 - Intel)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )
Wondershare Video Converter Pro(Build 5.1.2.1) (HKLM-x32\...\Wondershare Video Converter Pro_is1) (Version:  - Wondershare Software)
Wondershare Video Converter Ultimate(Build 8.6.0.0) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.6.0.0 - Wondershare Software)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
Zebra Font Downloader (HKLM-x32\...\Zebra Font Downloader_is1) (Version:  - Zebra Technologies Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.30.75 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\880\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {025100CE-B40D-4D78-8C2E-A6758C60EA3A} - System32\Tasks\{2FA8FDB8-84B2-407E-AC1A-8875605519FC} => pcalua.exe -a C:\Users\Dave\Downloads\iview433_setup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {026C9C4D-4FB8-4B5C-9319-0579BAA87555} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0A7E75F5-E831-4DB9-B61E-CDB39D6902A6} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {0A8AB43F-6889-4148-9675-F22349318104} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {0CEB39A4-E2EE-404A-89D1-64ADBEEA8C5C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {0D12E138-D7F3-4DE3-851F-896D8297FD0E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0E9F1406-6743-4497-85B5-7AF39793C57B} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited)
Task: {0EFA0EAC-0540-4137-BBF5-2F3859A5661E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0F3D2144-5143-4334-B51F-E209ADA72B68} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {0FE1D425-1D15-43F8-8EA5-7695EC49DFB1} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {14C099FC-B7D4-42F2-9A48-05F2B786D68F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {19B9ABF8-BC5F-445E-AA77-287D5DBA0497} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {1E99479F-3750-4C72-9176-1E117EE9961A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3EAC044C-C34E-455E-B719-F8F6C34B741D} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {43C70501-D3D4-4D08-8501-E10BD4F89756} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4CB00FE0-BAAF-46A8-A3C2-F73C69316F1C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {4E03F021-2B72-473C-AE44-F804F8DAEC70} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {51376539-ABC9-4D03-BA8C-B8967D76978B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {55241966-A525-483A-80B3-912957AB1D5B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {56619721-81E9-49ED-A050-5094B93782BB} - System32\Tasks\Dave Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {5BA07DE9-AFE8-4F78-BA8C-DD084C955095} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {5D5CEC7B-FC3A-4AAF-9C92-77DF02A658C0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {61417B3F-2CC4-4FA8-B26F-D9C44F81318C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {65DB5A20-74D3-46BB-A32A-9BDA3F100D58} - System32\Tasks\Dave DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-04-01] (Seagate Technology LLC)
Task: {6620AE60-7FD9-4C82-852A-4C59BE211304} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {662ECEAF-F6BA-481B-A344-7AA752D9490C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {6D8247F1-2793-44EA-8594-F74737F2A75E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {6DCB8BD8-D83A-4FAE-84EA-FEF20138898F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {771C96B0-BC46-464D-BCB1-C4AF59762D9D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {7E1AFEE1-5456-4446-A289-F41BACA1048A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-17] (Facebook Inc.)
Task: {81B9AE31-23E3-4E62-BCFF-F4E245BF02F6} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {83B34BC5-9FCE-462B-ACEB-592DB222E2E0} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {85D9FB2A-01B3-4DA1-8DAA-1EF2938CE7C1} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {8A6F6665-22CB-4A09-87C6-E04B977D0151} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8D992057-8332-4078-8BDE-FC3A0D83F724} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {8DE947D3-87DC-41DD-B782-A39D05263B9D} - System32\Tasks\{BDF3DD27-5A11-4B25-89A9-4CEBDE54BF79} => pcalua.exe -a C:\Users\Dave\Downloads\irfanview_plugins_433_setup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {91514B03-773A-4B09-B637-F20DB0705B70} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-04-01] (Seagate Technology LLC)
Task: {9A10568E-EB4E-42D6-AB55-366BD62AE7A8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9E93A860-00F8-4062-8F99-75269EBAE193} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {A1B491D2-3F94-4DA5-950F-B488DE727980} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {A57CDDA4-929F-4106-A334-0367875C4063} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {A77339F7-9E91-45E2-81FF-D30DFAFEB80C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {B98AD9BE-6531-4B0B-B301-990AD31F4EBD} - System32\Tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeReminderTask => C:\Windows\System32\GWX\GWX.exe
Task: {BD0F2DBF-36AA-4CD1-86B5-0758730FD504} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BD13DE06-B699-47D0-9469-B0D784E0E16C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BEACC2AB-B5D6-4D05-9E9D-B26FEC6ADFEA} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-26] (Microsoft Corporation)
Task: {C1C3DBB7-C0B9-4B42-81DE-B2CBFFA219D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)
Task: {C1EFA083-82CB-48E2-AFA6-EF54CD6BD435} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-17] (Facebook Inc.)
Task: {C421AFD3-E9F2-44A7-BEC8-03ACB2E8E28C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {C45474CF-15F0-49CD-BF60-72A528EEF111} - System32\Tasks\Dave => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {C74BCBA9-4357-4035-BB16-6475F1BE322D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {CBF5BBC6-8397-42A6-8C88-968311A3945A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {CE47A082-0881-4AA7-A508-83DDCD3488D0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {CF1FD201-2A91-48C3-AB31-C90B2F545229} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-23] (Lenovo)
Task: {D12D668E-7504-4B5B-8A9D-4613DDA2EAB1} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {D409AD90-4D25-425E-87E3-FAA0945408F3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D8D937D2-8E84-4F41-AA15-368D19A4AD0A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D98C6D61-054B-41BE-BF91-67CCD7846385} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {DCBC3E82-9F51-4DC6-98B2-385D39468667} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E8C08136-AC9B-4B45-981B-62FEB3BB1B71} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {EF19F11F-F341-48CA-B4EF-EE727F3EC5D8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {F030A6A8-E074-454D-B7A5-A6AB8E738883} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F18F7729-813E-4E68-A7A9-6640A12FDF5F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FD6F1A6C-4A40-4B8E-BBB6-1704E1DA0857} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-11 13:42 - 2010-01-28 14:47 - 01737464 _____ () C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
2015-12-23 18:59 - 2015-12-23 18:59 - 00034304 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe
2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-13 12:42 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2011-11-01 22:54 - 2011-08-31 19:03 - 00045568 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2016-07-13 12:42 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-26 07:40 - 2016-08-26 07:40 - 01864384 _____ () C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-02-13 13:54 - 2016-02-13 13:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 12:43 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 12:42 - 2016-07-01 04:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 12:42 - 2016-07-01 04:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 12:42 - 2016-07-01 04:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 12:42 - 2016-07-01 04:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2011-11-01 22:51 - 2010-10-26 21:40 - 00049056 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-04-19 10:26 - 2016-04-19 10:26 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-09 14:40 - 2016-03-09 14:40 - 00030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2016-06-03 15:37 - 2016-06-03 15:37 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2016-03-09 14:40 - 2016-03-09 14:40 - 00059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2016-03-09 14:40 - 2016-03-09 14:40 - 00035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2016-03-09 14:40 - 2016-03-09 14:40 - 00079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2016-03-09 14:41 - 2016-03-09 14:41 - 00129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2016-03-09 14:42 - 2016-03-09 14:42 - 00223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-08-13 17:21 - 2016-05-16 16:52 - 01382048 ____N () C:\Program Files (x86)\Sage\AccountsServiceV22\cpprest100_1_2.dll
2011-11-01 22:54 - 2011-08-31 19:03 - 00081920 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMROV.DLL
2016-08-26 07:39 - 2016-08-26 07:39 - 01383616 _____ () C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-26 07:40 - 2016-08-26 07:40 - 00118976 _____ () C:\Users\Dave\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2015-12-03 11:29 - 2015-12-03 11:29 - 00541216 _____ () C:\Program Files (x86)\Fighters\SPAMfighter\sfsg.dll
2015-12-03 11:28 - 2015-12-03 11:28 - 00966688 _____ () C:\Program Files (x86)\Fighters\SPAMfighter\sfse.dll
2016-04-19 10:26 - 2016-04-19 10:26 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 10:26 - 2016-04-19 10:26 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-02-12 16:50 - 00000851 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Think\Think_Blue.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ALCKRESI.EXE => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DBAgent => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
MSCONFIG\startupreg: DLSService => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
MSCONFIG\startupreg: DymoQuickPrint => "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: Facebook Update => "C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
MSCONFIG\startupreg: LTT => C:\Program Files\PC-Doctor\EnableToolbarW32.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TpShocks => TpShocks.exe
MSCONFIG\startupreg: Uploader => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
HKLM\...\StartupApproved\Run32: => "PWMTRV"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\StartupApproved\Run: => "GoogleDriveSync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{E2FBDC54-2BD2-4FD3-83B9-89925871466F}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe
FirewallRules: [TCP Query User{F03878F2-D27A-455D-9C1D-17ADE2CDC137}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe
FirewallRules: [UDP Query User{B566473A-961C-475B-9D48-65FE51766D54}C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe] => (Block) C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe
FirewallRules: [TCP Query User{00164986-4ED2-4D0A-99F4-AD34190C1CA8}C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe] => (Block) C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe
FirewallRules: [{6AD08CC3-B4C6-45AA-BC35-C35AD9F27AF5}] => (Block) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{57D6181C-9E90-46CF-AAD8-69045167EF34}] => (Block) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [UDP Query User{9B650AB8-D643-479D-A632-1AF4891871FC}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [TCP Query User{AA1A1DE4-CD34-40F9-A0D2-8F5EBF02FAA3}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{3B105B4A-6DB1-4561-9B19-9E842D49014D}] => (Block) C:\xampp\apache\bin\httpd.exe
FirewallRules: [{A5175E7B-DA04-4DE9-AEFE-E909E6A8EB27}] => (Block) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{E6BA0614-CA91-4274-B02E-1EDC42F145B1}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{F54E9E43-78D0-4A94-AD26-6F31DB412C51}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [{C2553B23-8199-4F41-B792-A7F71D7A298D}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe
FirewallRules: [{4D60A337-930B-4A77-8FA9-FA0D31C78D71}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe
FirewallRules: [UDP Query User{1BA5E64F-1CAD-45CD-9537-B22B723D525A}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\medialibserver.exe
FirewallRules: [TCP Query User{B0EC78D1-D462-4D9F-BA1B-8EB4D252B467}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\medialibserver.exe
FirewallRules: [UDP Query User{BA841123-3947-4841-95D8-EE33E87B11BA}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe
FirewallRules: [TCP Query User{BB885D48-C5AB-4121-A4E0-58D9D8EAB17B}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe
FirewallRules: [{C93C135A-3482-479B-87C5-1795DA23D5C6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B4AB97BC-DC0B-4DD4-B16B-A76032398898}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{19AFD58A-3067-4E57-8C4A-840B35BB1818}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C9E630E1-0810-4385-89E3-96F4C5B08FB1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0733DDB6-B2AD-4FEA-A22E-E7C2B7B56346}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A30DB4AF-CB2A-4DC3-9624-125CBFA22728}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{F20D6ABD-07EC-4F8D-A72D-D005E494A2EA}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{97F3A88A-1414-4D35-8AF2-F6BDD4B6F359}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{68E306F1-9816-4C84-BBFB-1C9E602C8607}] => (Allow) LPort=8888
FirewallRules: [UDP Query User{C3631B32-6194-4B92-A2B0-CE9E1E559D0F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3B06458C-2AAB-434C-B167-36091779A20D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1705E34A-85E2-4F96-A769-C327FB10BBFD}C:\users\dave\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{821E65EC-3B6D-4DEF-95A9-78004FFE9160}C:\users\dave\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dave\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AB45CA04-0DE9-46FA-8FE9-294238B2F34E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{36FB540E-8280-4AA6-BB81-1623E15DACFB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{94AC206C-61AF-4B4A-A56D-20B5D1800CBB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{F8E78B8E-D59F-44FE-9319-6584D2C3090A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C7C33E5D-1098-4623-9C5B-F83D7290D0BB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{31363357-B278-4306-B6DC-BF50EA8C6EF0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{DA00CE47-176C-495F-ADCC-ECCE207A1990}] => (Allow) G:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{F7A7A8C2-C96D-4831-A45F-A764F87592DD}] => (Allow) G:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{2541487E-5EDB-4CC7-BB13-63BF356F41C2}] => (Allow) C:\Users\Dave\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{8D6AD0CD-234C-4D29-973A-335962ADD84D}] => (Allow) LPort=8888
FirewallRules: [UDP Query User{31D7E403-50B4-417D-A6A1-9815278C42AD}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{2CA8C855-19B9-476C-9A6C-912F88E0A842}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{684C0FB3-876E-4F35-8270-9C14ACDF7CAB}C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe
FirewallRules: [TCP Query User{83B9B898-3962-4CBB-8746-CBE6AC3728F7}C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\dave\downloads\discoverytool_pc_v2.2.24.0.exe
FirewallRules: [{EDDADA75-5EBF-4697-BC46-F01BF22B77D4}] => (Allow) C:\Users\Dave\AppData\Local\Temp\7zS4A15\HPDiagnosticCoreUI.exe
FirewallRules: [{7D2E151C-EA7A-44CD-89CE-863DC3E874F2}] => (Allow) C:\Users\Dave\AppData\Local\Temp\7zS4A15\HPDiagnosticCoreUI.exe
FirewallRules: [UDP Query User{DA04391C-5E3C-4662-A160-E8024F42A0C9}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [TCP Query User{6E0C638D-BC1A-431E-97FF-5C3DD3B44EA2}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{062E0EC3-1A5D-45AC-8DE3-E4FDC5C4CB49}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{C628E08C-AB5D-45B6-8300-D07D87441395}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{FFF66738-8DDD-4122-A03D-1BEB25CB8450}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{8E54B49A-B4CE-4AD9-A46B-87676F6EE16B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{65B33B26-6A29-4604-AE59-039308C46B5E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{970AB776-EF40-4358-BFBD-86CCC1064300}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{1DBA06E0-8C69-432B-B8C1-EF95C60D1BDD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{49E373F4-5F6E-46A5-BF2F-C24C8E8621C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{DC466A1D-6C59-4D68-BED4-904090D4B094}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{093D17F8-A204-4A34-90B9-AC10DC25D21C}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{6D46DE04-5A8A-400A-B3E3-08F3462B3B24}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{9FBD5A68-D783-4173-BCC8-8036DDAFC5D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{911D4B1F-41C5-4DA7-87C0-E34BFA47AF80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{D1DCBE46-027B-49C2-A8E3-0E06B1D647E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [TCP Query User{7B8D5D5C-220B-4B70-ADC8-EA529F9AFAA3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{71D2E034-7422-4C84-B9D3-49CBB270E735}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{24D50A94-0B6C-4C21-951A-D95E146F7302}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe
FirewallRules: [UDP Query User{67D20E17-D1C3-4153-99A4-6B0599FE1DB7}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe
FirewallRules: [TCP Query User{C10FC48D-E6E5-480E-B34A-620C92CD2DE9}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu\medialibserver.exe
FirewallRules: [UDP Query User{DFB80BC7-2950-429C-A878-8960CCAE140B}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu\medialibserver.exe
FirewallRules: [{DA843970-1DAF-465E-853D-B3B512DD701D}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{5495F6C3-AA50-4FB3-9CAB-D0CACDA0A72A}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{A19FB1B6-43DD-4EFB-B153-F6DBCD0F4B45}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9453DA5B-57C5-4A7F-ACAE-275F60D97764}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{6DE4A561-BE88-44CC-B95A-91D362DDECE7}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe

==================== Restore Points =========================

18-08-2016 09:35:42 Scheduled Checkpoint
26-08-2016 07:43:52 Windows Update
01-09-2016 12:06:48 Windows Update

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2016 05:49:07 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:07:0000)(214504) enumerator - Error -- 116 pcdrsysinfosystemboard: Module timed out after 120895 milliseconds and was terminated

Error: (09/05/2016 05:49:07 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:07:0000)(214504) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec.

Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9960)(214504) libCommon.System.Windows - Error -- 726 execAndGetPipeData(./pcdrsysinfosystemboard.p5x) readFromPipeTimed failed, killing: 211080

Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9960)(214504) libCommon.System.Windows - Error -- 635 readFromPipeTimed(1200) timed out after 119998 totalBytes: 0

Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9250)(214504) enumerator - Error -- 116 pcdrsysinfodirect: Module timed out after 120820 milliseconds and was terminated

Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9250)(214504) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec.

Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9210)(214504) libCommon.System.Windows - Error -- 726 execAndGetPipeData(./pcdrsysinfodirect.p5x) readFromPipeTimed failed, killing: 208504

Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9210)(214504) libCommon.System.Windows - Error -- 635 readFromPipeTimed(1208) timed out after 119999 totalBytes: 0

Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9090)(214504) enumerator - Error -- 116 pcdrsysinfocpu_x86: Module timed out after 120803 milliseconds and was terminated

Error: (09/05/2016 05:49:06 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (214504) Asapi: (05:49:06:9080)(214504) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec.


System errors:
=============
Error: (09/05/2016 06:43:28 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (09/05/2016 06:43:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_10af742e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/05/2016 06:43:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_10af742e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/05/2016 06:43:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_10af742e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/05/2016 06:43:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_10af742e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/04/2016 10:03:55 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_f7aacdd service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_f7aacdd service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_f7aacdd service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/04/2016 10:03:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_f7aacdd service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-09-05 18:17:57.757
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 18:17:57.744
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 18:17:51.818
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 18:17:51.805
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 18:17:50.396
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 18:17:50.383
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 18:17:50.364
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 18:17:50.352
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 18:17:48.343
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-05 18:17:48.328
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 50%
Total physical RAM: 8032.48 MB
Available physical RAM: 4010.78 MB
Total Virtual: 16224.48 MB
Available Virtual: 11537.36 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:221.31 GB) (Free:59.51 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive y: () (Network) (Total:2778.53 GB) (Free:1336.9 GB)
Drive z: () (Network) (Total:2778.53 GB) (Free:1336.9 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 000297F0)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/05/2016 07:06:36 PM in x64 mode.
Windows Version: Windows 10 Pro

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 09/05/2016 07:06:43 PM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)

 

Zemana AntiMalware 2.30.2.75 (Installed)

-------------------------------------------------------
Scan Result            : Terminated
Scan Date              : 2016/9/5
Operating System       : Windows 10 64-bit
Processor              : 4X Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
BIOS Mode              : Legacy
CUID                   : 121DDA6369C1AD6D3CE737
Scan Type              : Deep Scan
Duration               : 112m 43s
Scanned Objects        : 255132
Detected Objects       : 38
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Enabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Firefox Hello Beta
Status             : Scanned
Object             : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\loop@mozilla.org.xpi
MD5                : 8923003ACCA092A8EE8939B52C7531B0
Publisher          : -
Size               : 2034437
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Firefox Hello Beta
                File - %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\loop@mozilla.org.xpi

Pocket
Status             : Scanned
Object             : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\firefox@getpocket.com.xpi
MD5                : 42910AD54D5C1E030808FE0871BF87B1
Publisher          : -
Size               : 781661
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Pocket
                File - %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\firefox@getpocket.com.xpi

Multi-process staged rollout
Status             : Scanned
Object             : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\e10srollout@mozilla.org.xpi
MD5                : 57E44B5FBC1A39AEAFF4371DDF725E6D
Publisher          : -
Size               : 6321
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Multi-process staged rollout
                File - %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\features\{a694c553-bb0d-4efe-b3a6-fc2aff302cd5}\e10srollout@mozilla.org.xpi

Default
Status             : Scanned
Object             : %programfiles%\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
MD5                : 5F6005F321AB0B2E80B661E6DFFD6934
Publisher          : -
Size               : 4854
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Default
                File - %programfiles%\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

Pocket
Status             : Scanned
Object             : %programfiles%\mozilla firefox\browser\features\firefox@getpocket.com.xpi
MD5                : 2C73674F65CCD66C8B610A5CCDA038C2
Publisher          : -
Size               : 671328
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Pocket
                File - %programfiles%\mozilla firefox\browser\features\firefox@getpocket.com.xpi

Multi-process staged rollout
Status             : Scanned
Object             : %programfiles%\mozilla firefox\browser\features\e10srollout@mozilla.org.xpi
MD5                : E62C969ACC15E9815778D3D036407775
Publisher          : -
Size               : 2306
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Multi-process staged rollout
                File - %programfiles%\mozilla firefox\browser\features\e10srollout@mozilla.org.xpi

Firefox Hello
Status             : Scanned
Object             : %programfiles%\mozilla firefox\browser\features\loop@mozilla.org.xpi
MD5                : 18791CC68C80EA2D72E5D8051515E742
Publisher          : -
Size               : 1668877
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Firefox Hello
                File - %programfiles%\mozilla firefox\browser\features\loop@mozilla.org.xpi

Awesome Screenshot - Capture, Annotate & More
Status             : Scanned
Object             : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\extensions\jid0-gxjllfbcoax0lcltedfrekqdqpi@jetpack.xpi
MD5                : 184025D226B688B5439012DBDF0372D9
Publisher          : -
Size               : 1935062
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Awesome Screenshot - Capture, Annotate & More
                File - %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\extensions\jid0-gxjllfbcoax0lcltedfrekqdqpi@jetpack.xpi

E-Web Print
Status             : Scanned
Object             : %programfiles%\epson software\e-web print\firefox add-on
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - E-Web Print

Wondershare Video Converter Ultimate
Status             : Scanned
Object             : %allusersprofile%\wondershare\video converter ultimate\wsvcu@wondershare.com_xpi
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Wondershare Video Converter Ultimate

MeasureIt
Status             : Scanned
Object             : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\extensions\{75ceee46-9b64-46f8-94bf-54012de155f0}.xpi
MD5                : E1C03C04E1B6E8C5D1FFFADB1B120899
Publisher          : -
Size               : 35538
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - MeasureIt
                File - %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\extensions\{75ceee46-9b64-46f8-94bf-54012de155f0}.xpi

ColorZilla
Status             : Scanned
Object             : %appdata%\mozilla\firefox\profiles\mcc9ev6a.default-1430035036918\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - ColorZilla

Logitech SetPoint
Status             : Scanned
Object             : %programw6432%\logitech\setpointp\logismoothfirefoxext
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Logitech SetPoint

Chrome Media Router
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Chrome Media Router

Gmail
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Gmail

Chrome Web Store Payments
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Chrome Web Store Payments

Google Docs Offline
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Google Docs Offline

Google Sheets
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\felcaaldnbdncclmgdcncolpebgiejap
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Google Sheets

Google Search
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Google Search

YouTube
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - YouTube

Google Drive
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Google Drive

Google Docs
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\aohghmighlieiainnegkcijnfilokake
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Google Docs

Google Slides
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\aapocclcgogkmnckokdopfmhonfmgoek
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Google Slides

hk64tbWin2.dll
Status             : Scanned
Object             : %localappdata%\low\winzipbar\hk64tbwin2.dll
MD5                : 0CDCB4B27180B1E7106CA7807B944454
Publisher          : Conduit Ltd.
Size               : 1255712
Version            : 6.17.0.33
Detection          : Win32/Adware.Conduit!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\low\winzipbar\hk64tbwin2.dll

tbWinZ.dll
Status             : Scanned
Object             : %localappdata%\low\winzipbar\tbwinz.dll
MD5                : 2D2894581D355D5F44EAE38898A66846
Publisher          : Conduit Ltd.
Size               : 4398888
Version            : 6.8.5.1
Detection          : Win32/Adware.Conduit!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\low\winzipbar\tbwinz.dll

tbWin2.dll
Status             : Scanned
Object             : %localappdata%\low\winzipbar\tbwin2.dll
MD5                : 01799DEF4EE217264F0ABD2CCF1BEFF5
Publisher          : Conduit Ltd.
Size               : 5171488
Version            : 6.17.0.33
Detection          : Win32/Adware.Conduit!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\low\winzipbar\tbwin2.dll

tbWin1.dll
Status             : Scanned
Object             : %localappdata%\low\winzipbar\tbwin1.dll
MD5                : 0F8BB38E6192828380AF1773C03442E9
Publisher          : Conduit Ltd.
Size               : 2914080
Version            : 6.17.0.33
Detection          : Win32/Adware.Conduit!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\low\winzipbar\tbwin1.dll

tbWin0.dll
Status             : Scanned
Object             : %localappdata%\low\winzipbar\tbwin0.dll
MD5                : 73406FA9287B36CA4163797C73A2CD04
Publisher          : Conduit Ltd.
Size               : 4451144
Version            : 6.9.0.16
Detection          : Win32/Adware.Conduit!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\low\winzipbar\tbwin0.dll

ldrtbWinZ.dll
Status             : Scanned
Object             : %localappdata%\low\winzipbar\ldrtbwinz.dll
MD5                : 76B3946090C94BB38DBBCA54AC8FF9F7
Publisher          : Conduit Ltd.
Size               : 263464
Version            : 1.0.4.1
Detection          : Win32/Adware.Conduit!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\low\winzipbar\ldrtbwinz.dll

ldrtbWin2.dll
Status             : Scanned
Object             : %localappdata%\low\winzipbar\ldrtbwin2.dll
MD5                : 2A48A0CD819728A99B8EA8114F84FED1
Publisher          : Conduit Ltd.
Size               : 333088
Version            : 6.17.0.33
Detection          : Win32/Adware.Conduit!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\low\winzipbar\ldrtbwin2.dll

ldrtbWin0.dll
Status             : Scanned
Object             : %localappdata%\low\winzipbar\ldrtbwin0.dll
MD5                : CE49528C9B0B3B3018EE2F70E76B362A
Publisher          : Conduit Ltd.
Size               : 267592
Version            : 2.1.0.11
Detection          : Win32/Adware.Conduit!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\low\winzipbar\ldrtbwin0.dll

hktbWin2.dll
Status             : Scanned
Object             : %localappdata%\low\winzipbar\hktbwin2.dll
MD5                : B4AC04FF97BCF208B4C6074423349C78
Publisher          : Conduit Ltd.
Size               : 1058592
Version            : 6.17.0.33
Detection          : Win32/Adware.Conduit!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\low\winzipbar\hktbwin2.dll

chromeNPAPI.dll
Status             : Scanned
Object             : %temp%\scoped_dir_244152_22576\crx_install\chromenpapi.dll
MD5                : 4C2F5C8A58562D7A362FF1020320618E
Publisher          : Blabbers Communications Ltd
Size               : 97072
Version            : 1.0.0.0
Detection          : Adware:Win32/Blabber!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\scoped_dir_244152_22576\crx_install\chromenpapi.dll

prxtbWinZ.dll
Status             : Scanned
Object             : %programfiles%\winzipbar\prxtbwinz.dll
MD5                : 4C163BD2A5905D18893EE311608E8C54
Publisher          : Conduit Ltd.
Size               : 176936
Version            : 6.4.0.0
Detection          : Win32/Adware.Conduit!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\winzipbar\prxtbwinz.dll

toolbar.dll
Status             : Scanned
Object             : %programfiles%\reimagecompanion\toolbar.dll
MD5                : AF584069AB7A0C6FD1CB8012D35137F8
Publisher          : Reimage Limited
Size               : 127864
Version            : 1.0.2.1
Detection          : Scareware:Win32/NonBeneficialOptimizer!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\reimagecompanion\toolbar.dll

widgetserv.exe
Status             : Scanned
Object             : %programfiles%\reimagecompanion\widgetserv.exe
MD5                : EEC50AD751919DA5C0B8EC3EEC2A996F
Publisher          : Reimage Limited
Size               : 219000
Version            : 1.0.2.2
Detection          : Scareware:Win32/NonBeneficialOptimizer!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\reimagecompanion\widgetserv.exe

sqlite3.dll
Status             : Scanned
Object             : %programfiles%\reimagecompanion\sqlite3.dll
MD5                : C658763A2328B37B505071499BC72202
Publisher          : Reimage Limited
Size               : 367528
Version            : -
Detection          : Scareware:Win32/NonBeneficialOptimizer!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\reimagecompanion\sqlite3.dll

SARegProxy.exe
Status             : Scanned
Object             : %programfiles%\dragon global\showanalyzersuite\saregproxy.exe
MD5                : 20A31030102828C1430C14D991193DB1
Publisher          : -
Size               : 1627136
Version            : -
Detection          : Malware:Win32/Tamaca!Ikea
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\dragon global\showanalyzersuite\saregproxy.exe


Cleaning Result
-------------------------------------------------------
Cleaned               : 38
Reported as safe      : 0
Failed                : 0

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Dave (administrator) on DAVE-THINK (05-09-2016 21:05:19)
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave (Available Profiles: Dave & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe
(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe
(Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
(Dragon Global) C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\FighterSuiteService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\x64\LiveKitLoader64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrcui.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrsysinfocpu_x86.p5x
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-19] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [377304 2009-05-25] (Acronis)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-28] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [146600 2015-07-28] (Synaptics)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)
HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo Group Limited)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4359776 2009-05-25] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [960616 2009-05-25] (Acronis)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-03-21] ()
HKLM-x32\...\Run: [CommonToolkitTray] => C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1696288 2015-02-27] (SPAMfighter ApS)
HKLM-x32\...\Run: [sfagent] => C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe [1050656 2015-12-03] (SPAMfighter ApS)
HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {3f802dee-6919-11e2-a303-e89a8ffca9b0} - "D:\AutoRun.exe"
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {d83995d4-6138-11e6-bdeb-9439e5917cfa} - "D:\AutoRun.exe"
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-03-20]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2030d55d-3156-470a-89b6-c023b848a1ef}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{83b2351b-def0-4a36-bbe7-bfa19d316a79}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enGB465
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enGB465
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> {E5469FAC-5226-4BB3-87EA-F4C75B15AA0D} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-21] (Wondershare)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-04] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-04] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918
FF DefaultSearchEngine: Yahoo.co.uk
FF Homepage: hxxps://www.google.co.uk/?gfe_rd=cr&ei=8eixVYD7KMOHOraeqJgO
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3195402160-3620752181-2962431074-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-18] (Cisco WebEx LLC)
FF Extension: (No Name) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [not found]
FF Extension: (No Name) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [not found]
FF Extension: (No Name) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [not found]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-09-02] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-09-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on => not found

Chrome:
=======
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default
CHR HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gmdfpnpdmnjaffhcdbobdjpolhpacaem] - C:\Program Files (x86)\ReImageCompanion\blabbers-ch.crx [2012-02-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] ()
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-01-13] (Macrovision Europe Ltd.) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MCEBuddy2x; C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe [34304 2015-12-23] () [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor)
R2 Sage 50 Accounts Control v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe [2396672 2016-05-16] (Sage (UK) Ltd.) [File not signed]
R2 Sage 50 Accounts Service v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe [3474944 2016-05-16] (Sage (UK) Ltd.) [File not signed]
R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed]
R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2015-02-06] (Sage (UK) Limited) [File not signed]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC)
R2 ShowAnalyzerMaster; C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe [2136576 2010-06-05] (Dragon Global) [File not signed]
R2 SPAMfighter Update Service; C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [216608 2015-12-03] (SPAMfighter ApS)
R2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1282592 2015-11-13] (SPAMfighter ApS)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-28] (Synaptics Incorporated)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [256000 2010-12-22] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-28] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [1462304 2015-11-19] (Acronis)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-09-05] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-05] (Zemana Ltd.)
U3 idsvc; no ImagePath
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 21:01 - 2016-09-05 21:01 - 00018394 _____ C:\Users\Dave\Desktop\Zemana20160905.txt
2016-09-05 19:07 - 2016-09-05 19:07 - 00002076 _____ C:\Users\Dave\Desktop\rkill.txt
2016-09-05 19:03 - 2016-09-05 19:04 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\iExplore.exe
2016-09-05 19:02 - 2016-09-05 19:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\rkill.com
2016-09-05 18:57 - 2016-09-05 18:58 - 00063502 _____ C:\Users\Dave\Desktop\Addition.txt
2016-09-05 18:56 - 2016-09-05 21:05 - 00027087 _____ C:\Users\Dave\Desktop\FRST.txt
2016-09-05 17:45 - 2016-09-05 17:45 - 02397696 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2016-09-05 17:26 - 2016-09-05 21:05 - 00301862 _____ C:\WINDOWS\ZAM.krnl.trace
2016-09-05 17:26 - 2016-09-05 21:05 - 00296305 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-09-05 17:26 - 2016-09-05 17:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-09-05 17:26 - 2016-09-05 17:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-09-05 17:26 - 2016-09-05 17:26 - 00001232 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-09-05 17:26 - 2016-09-05 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-09-05 17:26 - 2016-09-05 17:26 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-09-05 17:25 - 2016-09-05 17:25 - 00000000 ____D C:\Users\Dave\AppData\Local\Zemana
2016-09-05 17:24 - 2016-09-05 17:24 - 05292304 _____ ( ) C:\Users\Dave\Desktop\Zemana.AntiMalware.Setup.exe
2016-09-05 17:20 - 2016-09-05 17:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Desktop\rkill.exe
2016-09-05 06:41 - 2016-09-05 06:42 - 00065951 _____ C:\Users\Dave\Downloads\Addition.txt
2016-09-05 06:40 - 2016-09-05 21:04 - 00000000 ____D C:\FRST
2016-09-05 06:40 - 2016-09-05 06:42 - 00052321 _____ C:\Users\Dave\Downloads\FRST.txt
2016-09-05 06:38 - 2016-09-05 06:39 - 02397696 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe
2016-09-02 12:07 - 2016-09-04 11:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-01 14:50 - 2016-09-01 14:50 - 00801692 _____ C:\Users\Dave\Downloads\2016_FFS_Catalogue_page_101_Standard_Bag_Range_-_SB.pdf
2016-08-26 07:40 - 2016-08-26 07:40 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-26 07:39 - 2016-08-26 07:39 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Skype
2016-08-22 15:53 - 2016-08-22 15:53 - 00000010 _____ C:\Users\Dave\Desktop\Blas a Fronlas.txt
2016-08-11 15:24 - 2016-08-11 15:25 - 00111224 _____ C:\Users\Dave\Downloads\3196 Beveridge.pdf
2016-08-10 15:41 - 2016-08-10 15:41 - 04927969 _____ C:\Users\Dave\Downloads\Joint Administrators Progress Report 14.11.15 to 13.05.16.pdf
2016-08-10 15:29 - 2016-08-10 15:29 - 05081674 _____ C:\Users\Dave\Downloads\Joint Administrators Statement of Proposals.pdf
2016-08-10 11:33 - 2016-08-10 11:33 - 00059010 _____ C:\Users\Dave\Downloads\downloadfile(10).PDF
2016-08-10 11:32 - 2016-08-10 11:32 - 00058476 _____ C:\Users\Dave\Downloads\downloadfile(9).PDF
2016-08-10 11:31 - 2016-08-10 11:31 - 00060543 _____ C:\Users\Dave\Downloads\downloadfile(8).PDF
2016-08-10 11:29 - 2016-08-10 11:29 - 00058883 _____ C:\Users\Dave\Downloads\downloadfile(7).PDF
2016-08-10 11:28 - 2016-08-10 11:28 - 00054927 _____ C:\Users\Dave\Downloads\downloadfile(6).PDF
2016-08-10 10:14 - 2016-08-10 10:14 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-08-10 10:14 - 2016-08-10 10:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-08-10 10:11 - 2016-08-03 12:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 10:11 - 2016-08-03 12:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 10:11 - 2016-08-03 12:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 10:11 - 2016-08-03 11:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 10:11 - 2016-08-03 11:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 10:11 - 2016-08-03 11:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 10:11 - 2016-08-03 11:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 10:11 - 2016-08-03 11:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 10:11 - 2016-08-03 11:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 10:11 - 2016-08-03 11:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 10:11 - 2016-08-03 11:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 10:11 - 2016-08-03 11:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 10:11 - 2016-08-03 11:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 10:11 - 2016-08-03 11:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 10:11 - 2016-08-03 11:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 10:11 - 2016-08-03 11:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 10:11 - 2016-08-03 11:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 10:11 - 2016-08-03 11:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 10:11 - 2016-08-03 11:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 10:11 - 2016-08-03 11:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 10:11 - 2016-08-03 11:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 10:11 - 2016-08-03 11:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 10:11 - 2016-08-03 11:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 10:11 - 2016-08-03 11:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 10:11 - 2016-08-03 11:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 10:11 - 2016-08-03 11:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 10:11 - 2016-08-03 10:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 10:11 - 2016-08-03 10:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 10:11 - 2016-08-03 10:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 10:11 - 2016-08-03 10:45 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2016-08-10 10:11 - 2016-08-03 10:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 10:11 - 2016-08-03 10:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 10:11 - 2016-08-03 10:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 10:11 - 2016-08-03 10:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 10:11 - 2016-08-03 10:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-10 10:11 - 2016-08-03 10:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-10 10:11 - 2016-08-03 10:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 10:11 - 2016-08-03 10:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 10:11 - 2016-08-03 10:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-10 10:11 - 2016-08-03 10:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 10:11 - 2016-08-03 10:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 10:11 - 2016-08-03 10:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 10:11 - 2016-08-03 10:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 10:11 - 2016-08-03 10:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 10:11 - 2016-08-03 10:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 10:11 - 2016-08-03 10:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 10:11 - 2016-08-03 10:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 10:11 - 2016-08-03 10:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 10:11 - 2016-08-03 10:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 10:11 - 2016-08-03 10:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 10:11 - 2016-08-03 10:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 10:11 - 2016-08-03 10:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 10:11 - 2016-08-03 10:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 10:11 - 2016-08-03 10:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 10:11 - 2016-08-03 10:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 10:11 - 2016-08-03 10:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 10:11 - 2016-08-03 10:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 10:11 - 2016-08-03 10:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 10:11 - 2016-08-03 10:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 10:11 - 2016-08-03 10:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 10:11 - 2016-08-03 10:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 10:11 - 2016-08-03 10:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 10:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 10:11 - 2016-08-03 10:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 10:11 - 2016-08-03 10:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 10:11 - 2016-08-03 10:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 10:11 - 2016-08-03 10:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-10 10:11 - 2016-08-03 10:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 10:11 - 2016-08-03 10:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-10 10:11 - 2016-08-03 10:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 10:11 - 2016-08-03 10:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 10:11 - 2016-08-03 10:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 10:11 - 2016-08-03 10:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 10:11 - 2016-08-03 10:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 10:11 - 2016-08-03 10:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 10:11 - 2016-08-03 10:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 10:11 - 2016-08-03 10:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 10:11 - 2016-08-03 10:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 10:11 - 2016-08-03 10:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 10:11 - 2016-08-03 10:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 10:11 - 2016-08-03 10:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 10:11 - 2016-08-03 10:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 10:11 - 2016-08-03 10:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 10:11 - 2016-08-03 10:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 10:11 - 2016-08-03 10:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 10:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 10:11 - 2016-08-03 10:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 10:11 - 2016-08-03 10:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 10:11 - 2016-08-03 10:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 10:11 - 2016-08-03 06:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 10:11 - 2016-08-03 06:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 10:11 - 2016-08-03 06:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 10:11 - 2016-08-03 06:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 10:11 - 2016-08-03 06:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 10:11 - 2016-08-03 06:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 10:11 - 2016-08-03 06:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 10:11 - 2016-08-03 06:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 10:11 - 2016-08-03 06:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 10:11 - 2016-08-03 06:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 10:11 - 2016-08-03 05:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 10:11 - 2016-08-03 05:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 10:11 - 2016-08-03 05:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 10:11 - 2016-08-03 05:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 10:11 - 2016-08-03 05:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 10:11 - 2016-08-03 05:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 10:11 - 2016-08-03 05:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 10:11 - 2016-08-03 05:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 10:11 - 2016-08-03 05:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 10:11 - 2016-08-03 05:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 10:11 - 2016-08-03 05:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 10:11 - 2016-08-03 05:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 10:11 - 2016-08-03 05:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 10:11 - 2016-08-03 05:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 05:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 10:11 - 2016-08-03 05:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 10:11 - 2016-08-03 05:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 10:11 - 2016-08-03 05:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 10:11 - 2016-08-03 05:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 10:11 - 2016-08-03 05:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 10:11 - 2016-08-03 05:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 10:11 - 2016-08-03 05:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 10:11 - 2016-08-03 05:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 10:11 - 2016-08-03 05:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 10:11 - 2016-08-03 05:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 10:11 - 2016-08-03 05:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 10:11 - 2016-08-03 05:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 10:11 - 2016-08-03 05:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 10:11 - 2016-08-03 05:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-10 10:11 - 2016-08-03 05:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 21:00 - 2012-03-21 17:22 - 00000000 ____D C:\Users\Dave\AppData\LocalLow\WinZipBar
2016-09-05 21:00 - 2012-02-16 18:05 - 00000000 ____D C:\Program Files (x86)\ReImageCompanion
2016-09-05 20:54 - 2012-01-06 00:01 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2016-09-05 20:09 - 2012-04-10 11:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-05 19:53 - 2014-05-19 10:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-05 19:28 - 2012-01-06 04:42 - 00000000 ____D C:\Users\Dave\Documents\Outlook Files
2016-09-05 19:28 - 2012-01-06 03:22 - 00000000 ____D C:\Users\Dave\Documents\Email Folders
2016-09-05 19:07 - 2016-04-16 02:31 - 00000000 ____D C:\Users\Dave
2016-09-05 19:00 - 2012-01-06 00:01 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2016-09-05 18:59 - 2014-10-17 15:47 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000UA.job
2016-09-05 18:53 - 2016-02-09 15:57 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-05 18:25 - 2016-05-10 14:32 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E5A19858-B5EF-4BC6-82B9-E98777E8C8AB}
2016-09-05 17:47 - 2016-07-28 17:23 - 00000000 ____D C:\Users\Dave\AppData\Local\Deployment
2016-09-05 15:59 - 2014-10-17 15:47 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3195402160-3620752181-2962431074-1000Core.job
2016-09-05 12:51 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-05 11:52 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-05 10:33 - 2016-04-16 02:31 - 01013760 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-05 10:33 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-04 11:20 - 2012-04-26 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-02 22:29 - 2016-07-05 06:42 - 00000000 ____D C:\Users\Dave\AppData\Roaming\foobar2000
2016-09-01 16:40 - 2012-01-05 20:30 - 00000000 ____D C:\Users\Dave\Documents\Pop's
2016-09-01 12:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-01 12:06 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-26 07:40 - 2016-04-16 07:30 - 00002416 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-26 07:40 - 2016-04-16 07:30 - 00000000 ___RD C:\Users\Dave\OneDrive
2016-08-24 11:50 - 2012-01-05 20:30 - 00000000 ____D C:\Users\Dave\Documents\QUOTES
2016-08-22 11:42 - 2016-06-01 15:20 - 00000000 ____D C:\Users\Dave\AppData\Local\HTC MediaHub
2016-08-22 11:41 - 2016-02-13 14:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-18 10:09 - 2016-04-28 15:54 - 00000000 ____D C:\Users\Dave\Desktop\Dave Poole
2016-08-17 09:04 - 2011-11-01 23:03 - 00000000 ____D C:\ProgramData\PCDr
2016-08-15 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-13 10:33 - 2016-02-13 14:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-12 10:11 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-12 10:10 - 2016-02-13 14:04 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-12 10:10 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 10:20 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 10:20 - 2013-08-15 03:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 10:15 - 2012-01-07 17:55 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 10:14 - 2016-06-13 15:30 - 00002126 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-08-10 10:14 - 2016-06-13 15:30 - 00002124 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-08-10 10:14 - 2016-06-13 15:30 - 00002114 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-08-10 10:14 - 2016-06-13 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-08 20:16 - 2016-02-09 15:57 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2012-01-09 12:59 - 2016-04-14 15:11 - 0079200 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2016-01-01 21:21 - 2016-02-28 23:10 - 0003584 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-20 10:27 - 2016-01-20 10:27 - 0000852 _____ () C:\Users\Dave\AppData\Local\recently-used.xbel
2015-09-21 14:51 - 2015-09-21 14:51 - 0007605 _____ () C:\Users\Dave\AppData\Local\Resmon.ResmonCfg
2012-08-16 11:49 - 2015-02-03 18:58 - 0006536 _____ () C:\ProgramData\hpzinstall.log
2013-03-24 21:15 - 2016-03-19 18:42 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\Dave\AppData\Local\Temp\iv_uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-05 06:22

==================== End of FRST.txt ============================

Any other suggestions please?

 

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the Scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Thank you,

Kevin...

Fixlist.txt

Link to post
Share on other sites

Hi Kevin,

Thanks for your continued support - looks like we still have 1 issue.  Here's the logs you asked for, please let me know if you need anything else.

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Dave (06-09-2016 07:57:28) Run:1
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave (Available Profiles: Dave & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
GHKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {3f802dee-6919-11e2-a303-e89a8ffca9b0} - "D:\AutoRun.exe"
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\...\MountPoints2: {d83995d4-6138-11e6-bdeb-9439e5917cfa} - "D:\AutoRun.exe"
Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
U3 idsvc; no ImagePath
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
U3 wpcsvc; no ImagePath
C:\Users\Dave\AppData\LocalLow\WinZipBar
C:\Users\Dave\AppData\Local\Temp\iv_uninstall.exe
EmptyTemp:
Hosts:
end

 

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\GS-1-5-21-3195402160-3620752181-2962431074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f802dee-6919-11e2-a303-e89a8ffca9b0} => key not found.
HKCR\CLSID\{3f802dee-6919-11e2-a303-e89a8ffca9b0} => key not found.
"HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d83995d4-6138-11e6-bdeb-9439e5917cfa}" => key removed successfully
HKCR\CLSID\{d83995d4-6138-11e6-bdeb-9439e5917cfa} => key not found.
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
"HKCR\PROTOCOLS\Handler\WSWSVCUchrome" => key removed successfully
idsvc => service removed successfully
PCDSRVC{127174DC-C366ED8B-06020200}_0 => Unable to stop service.
PCDSRVC{127174DC-C366ED8B-06020200}_0 => service removed successfully
wpcsvc => service removed successfully
C:\Users\Dave\AppData\LocalLow\WinZipBar => moved successfully
C:\Users\Dave\AppData\Local\Temp\iv_uninstall.exe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24730772 B
Java, Flash, Steam htmlcache => 24918 B
Windows/system/drivers => 430499536 B
Edge => 346655 B
Chrome => 383499518 B
Firefox => 396251612 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 48505115 B
systemprofile32 => 128 B
LocalService => 3273014 B
NetworkService => 23431404 B
Dave => 591542748 B
DefaultAppPool => 0 B

RecycleBin => 13769524959 B
EmptyTemp: => 14.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:00:48 ====

# AdwCleaner v6.010 - Logfile created 06/09/2016 at 08:17:10
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-05.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Dave - DAVE-THINK
# Running from : C:\Users\Dave\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum

 

***** [ Services ] *****

[-] Service deleted: Suite Service


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Dave\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\FromDocToPDF_65
[-] Folder deleted: C:\ProgramData\apn
[-] Folder deleted: C:\ProgramData\Ask
[-] Folder deleted: C:\ProgramData\Partner
[#] Folder deleted on reboot: C:\ProgramData\Application Data\apn
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Ask
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Partner
[-] Folder deleted: C:\Program Files (x86)\ReImageCompanion
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\yset


***** [ Files ] *****

[-] File deleted: C:\WINDOWS\Reimage.ini


***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\wit4ie.WitBHO
[-] Key deleted: HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Key deleted: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\BrowserCompanion
[-] Key deleted: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Reimage
[-] Key deleted: HKU\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\AppDataLow\Toolbar
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3195402160-3620752181-2962431074-1000\Software\Blabbers
[#] Key deleted on reboot: HKCU\Software\BrowserCompanion
[#] Key deleted on reboot: HKCU\Software\Reimage
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Toolbar
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89EA4F1B8FBCDEF47AE328E455E28AA0
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97ECFF59EE08D4F47BB1464DEC37DA87
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CB937199A57E748B6AC433DA453EE2
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4E78E12704AFCE408C7FBE501F1AA0A
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0390A76D28822743A68D7F1AB22E6D0
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A5AC497E6BBC8D45BE8AD6619DA8217
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [CommonToolkitTray]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CommonToolkitTray]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
[-] Key deleted: HKLM\SOFTWARE\Classes\f


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "extensions.toolbar.mindspark.lastInstalled" -  "fromdoctopdf@mindspark.com"
[-] [uk.ask.com] [Search Provider] Deleted: uk.ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7510 Bytes] - [06/09/2016 08:17:10]
C:\AdwCleaner\AdwCleaner[S0].txt - [7551 Bytes] - [06/09/2016 08:16:02]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7656 Bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 06/09/2016
Scan Time: 08:23
Logfile: MBAM.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.06.02
Rootkit Database: v2016.08.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Dave

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377911
Time Elapsed: 13 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.MindSpark.Generic, C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mcc9ev6a.default-1430035036918\prefs.js, Good: (), Bad: (user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1437072598476");), Replaced,[eefc8de12278a4924477dbfea85c5ca4]

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

I` assuming the Firefox profile entry is the issue you are referring to...

Make a "Clean" install Firefox:

Use the following link for instructions how to back up your bookmarks, same link can be used to import saved Bookmarks:

https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Next,

Go here: http://www.mozilla.org/en-US/ download save the latest version of Firefox.. We will install this later...

Next,

Lets totally remove Firefox and start over.

Go here: https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer and follow those instructions...

Ensure when the uninstall completes to navigate to and delete the firefox installation folder (if present):

(32-bit Windows) C:\Program Files\Mozilla Firefox
(64-bit Windows) C:\Program Files (x86)\Mozilla Firefox

It is essential the installation folder is removed. Re-boot your system when that is completed....

Next,

To remove all remaining data and profile information...

Press "Windows key + R" to open the Run box
In the Run box, type in or copy and paste %APPDATA%
Click OK. A Windows Explorer window will appear.
In this window, choose/open in succession Mozilla > Firefox > Profiles.
Select Delete on each entry in reverse, eg Profiles > Delete. Firefox > Delete. Mozilla > Delete.

Re-boot your system when complete!

Next,

Use the Mozilla Firefox installer to reinstall your Browser....

When Firefox is installed and open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons/extensions, use, start, stop or disable those features etc....

Ensure to use search to find and install AdBlock plus, Flashblock and DrWeb Anti-Virus Link Checker plus any other addons you normally use.... Now try surfing, see what happens...
 
Run another scan with Malwarebytes, is the issue cleared?
 
Thank you,
 
Kevin...
Link to post
Share on other sites

Hi Kevin,  I think we're there now, been surfing for the last hour and monitoring the spyware, ran MBAM and it came out clean.  Thanks very much for your help, couldn't have done it without you.

 

Regards

 

Dave

Edited by DaiDawes
Link to post
Share on other sites

Excellent, thank you for the update... Run the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Hi Kevin,

I asked for this thread to be re-opened as I have a problem with my CPU usage being continually very high - running at 100% sometimes.  This is what originally prompted me to run the MWB scan that detected the original infection and it improved after the Mindspark infection was removed.  I'm not even sure I still have a problem but obviously something is causing the high CPU usage so would just like the benefit of your experience as I troubleshoot this problem.

Here's the logs from the FRST scan I ran this morning.

Regards

Dave

Addition.txt

FRST.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.