Hi Jo,
Thanks for responding so quickly.
Here are the results from Security Check:
--- BEGIN ---
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 91
Java version 32-bit out of Date!
Adobe Reader XI
Google Chrome (49.0.2623.110)
Google Chrome (49.0.2623.112)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
--- END ---
Before MBAR began its scan, it displayed a dialog box
AppInit_Dlls.JPG 32.39KB
0 downloads stating that this registry value has been found which may be caused by rootkit activity. I answered "No" to remove, as I was unsure.
Here are the results from the subsequent MBAR scan:
--- BEGIN ---
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.18282
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.790000 GHz
Memory total: 8466448384, free: 5669986304
Downloaded database version: v2016.04.28.04
Downloaded database version: v2016.04.17.01
Downloaded database version: v2016.04.19.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
04/28/2016 22:29:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\DRIVERS\DzHDD64.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\DRIVERS\ApsHM64.sys
\SystemRoot\system32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\DRIVERS\Apsx64.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1606000.08E\ccSetx64.sys
\SystemRoot\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\1606000.08E\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\MTiCtwl.sys
\??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\Tppwr64v.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\nvkflt.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\smiifx64.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20160426.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20160418.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Netwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\risdxc64.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dne64x.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\Tvti2c.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\Mbm3CBus.sys
\SystemRoot\system32\DRIVERS\Mbm3wh.sys
\SystemRoot\system32\DRIVERS\Mbm3Mdm.sys
\SystemRoot\system32\DRIVERS\Mbm3cm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\Mbm3mdfl.sys
\SystemRoot\system32\DRIVERS\Mbm3DevMt.sys
\SystemRoot\System32\Drivers\wwuss64.sys
\SystemRoot\System32\Drivers\wwussf64.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\WwanUsbMp64.sys
\SystemRoot\System32\Drivers\LenovoRd.sys
\SystemRoot\System32\Drivers\SMCLIB.SYS
\SystemRoot\System32\DRIVERS\scfilter.sys
\SystemRoot\system32\DRIVERS\5U877.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\l36wgps64.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\WinUsb.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\Drivers\CVPNDRVA.sys
\??\C:\Users\David\AppData\Local\Temp\QDrive.sys
\SystemRoot\System32\Drivers\N360x64\1606000.08E\SRTSP64.SYS
\??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20160427.001\EX64.SYS
\??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20160427.001\ENG64.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\USBSTOR.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\sechost.dll
\Windows\System32\ws2_32.dll
\Windows\System32\iertutil.dll
\Windows\System32\nsi.dll
\Windows\System32\advapi32.dll
\Windows\System32\user32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\gdi32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\setupapi.dll
\Windows\System32\shell32.dll
\Windows\System32\ole32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\wininet.dll
\Windows\System32\difxapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\msctf.dll
\Windows\System32\urlmon.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\psapi.dll
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\comdlg32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
Scan started
Database versions:
main: v2016.04.28.04
rootkit: v2016.04.17.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800a083060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a084a00, DeviceName: \Device\DozeHDD0\, DriverName: \Driver\DzHDD64\
DevicePointer: 0xfffffa800a083b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a084040, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xfffffa800a083060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009ee3c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa80077a85d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80077ac050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1A23200D
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition is bootable
Partition file system is NTFS
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3074048 Numsec = 276736000
Partition is bootable
Partition file system is NTFS
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 279810048 Numsec = 32768000
Partition is not bootable
Partition file system is NTFS
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Disk Size: 160041885696 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007a0b790, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007605040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007a0b790, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800f8fb040, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa8006efc060, DeviceName: \Device\000000c7\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1E9F56B
Partition information:
Partition 0 type is Other (0x6)
Partition is ACTIVE.
Partition starts at LBA: 32 Numsec = 2027488
Partition is not bootable
Partition file system is FAT
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Disk Size: 1038090240 bytes
Sector size: 512 bytes
Done!
File "C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\QBackup\index.qbs" is sparse (flags = 32768)
Infected: C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\vfnws.dll --> [Trojan.Bedep]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A} --> [Trojan.Bedep]
Infected: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A} --> [Trojan.Bedep]
Infected: C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} --> [Trojan.Clicker.FMS]
Infected: C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a --> [Trojan.Clicker.FMS]
Scan finished
--- END ---
Here are the results from AdwCleaner:
--- BEGIN ---
# AdwCleaner v5.114 - Logfile created 28/04/2016 at 22:44:51
# Updated 27/04/2016 by Xplode
# Database : 2016-04-24.3 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : David - THINKING
# Running from : C:\Users\David\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Application Data\Ask
Folder Found : C:\ProgramData\Application Data\Partner
***** [ Files ] *****
File Found : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\s
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67C71B35-A416-4A54-BD1D-15965A4FE41C}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\Software\Conduit
Key Found : HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\Software\IM
Key Found : HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\Software\ImInstaller
Key Found : HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\Software\Softonic
Key Found : HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\Software\StartSearch
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{595C041B-BAFB-4893-88F4-E049DB531B6E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F94E17F4-1DB4-4700-8ADF-F1DB0605668F}
Key Found : HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\Software\Microsoft\Internet Explorer\SearchScopes\{595C041B-BAFB-4893-88F4-E049DB531B6E}
Key Found : HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\Software\Microsoft\Internet Explorer\SearchScopes\{F94E17F4-1DB4-4700-8ADF-F1DB0605668F}
***** [ Web browsers ] *****
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\prefs.js] Found : user_pref("browser.search.selectedEngine", "Ask.com");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\prefs.js] Found : user_pref("browser.search.order.1", "Ask.com");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\prefs.js] Found : user_pref("browser.search.defaultengine", "Ask.com");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\prefs.js] Found : user_pref("browser.search.defaultenginename", "Ask.com");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\prefs.js] Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.newTab", false);
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8kt00LrR&loc=IB_TB&i=26&search=");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.id", "34b54f6000000000000024770347b04d");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.hardId", "34b54f6000000000000024770347b04d");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.instlDay", "15390");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2713:53:33");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.smplGrp", "none");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.tlbrId", "base");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.instlRef", "");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.dfltLng", "");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.excTlbr", "false");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.ms_url_id", "");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.upn2", "6R8kt00LrR");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.upn2n", "92823880363176667");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.productid", "26");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.installerproductid", "26");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.did", "10606");
[C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js] Found : user_pref("extensions.incredibar_i.ppd", "1");
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [7424 bytes] - [28/04/2016 22:44:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7497 bytes] ##########
--- END ---
Regarding those 6 files in C:\Users\David\:
a. All of those 4 .bat files were created by me; and
b. Both of those 2 .exe files were downloaded by me (unix style utilities) some years ago.
Here are the results from FRST - FRST.txt:
--- BEGIN ---
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
Ran by David (administrator) on THINKING (28-04-2016 22:46:59)
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\n360.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corporation) C:\Windows\System32\cacls.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(QNAP Systems, Inc.) C:\Program Files\QNAP\NetBak\QVssService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\n360.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(QNAP Systems, Inc.) C:\Program Files\QNAP\NetBak\NetBak.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo, Japan, Ltd. ) C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
() C:\Program Files (x86)\MultiScreen\MultiScreen.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
() C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Lenovo) C:\Users\David\AppData\Local\Apps\2.0\WR6ZT4H9.1TT\TVECNGQL.8X8\lsb...tion_91a10ba61c75c82d_0001.0006_e3bbae03e10aca14\LSB.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-10] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-25] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388600 2013-04-15] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (Lenovo)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2168976 2015-12-22] ()
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [MagicTuneEngine] => C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe [24064 2009-06-15] (Samsung Electronics Co. Ltd.)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [113656 2013-07-02] (Intel Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-23] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCInstallQueue] => rundll32 netman.dll,ProcessQueue
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-02] (Google Inc.)
HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\...\Run: [MultiScreen] => C:\Program Files (x86)\MultiScreen\MultiScreen.exe [303104 2009-08-11] ()
HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-05-16] (Macrovision Corporation)
HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\David\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50676864 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\...\MountPoints2: {25a01f47-4d87-11e1-86fc-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\...\MountPoints2: {50e07675-caa4-11e5-a586-028037ec0200} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\...\MountPoints2: {ac8ce2c3-cff8-11e3-b48f-028037ec0200} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\...\MountPoints2: {ec067731-cdfb-11e5-ba86-028037ec0200} - E:\HTC_Sync_Manager_PC.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [185816 2015-12-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164008 2015-12-22] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
Lsa: [Notification Packages] scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-19] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-19] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-19] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-02-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.lnk [2012-02-17]
ShortcutTarget: GammaTray.lnk -> C:\Program Files (x86)\MagicTune Premium\GammaTray.exe ()
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2012-09-20]
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-15]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3514529109-4073190309-4292251120-1002] => 220.173.139.172:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A7453476-232F-4DC1-A72D-7E4FFBB69CFE}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/
HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002 -> DefaultScope {A2B6DCA7-91B3-4ABE-8908-967880222CB4} URL = hxxp://www.google.com.au/search?hl=en&source=hp&q={searchTerms}&btnG=Google+Search&meta=&aq=f&oq=&rlz=1I7LENP_enAU470
SearchScopes: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002 -> {07921B9E-C4E0-41BE-9E2B-F17685907888} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002 -> {39A5CE29-F8BE-425B-BB52-3D9FCEC0586E} URL = hxxp://www.linkedin.com/search/fpsearch?name={searchTerms}
SearchScopes: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002 -> {595C041B-BAFB-4893-88F4-E049DB531B6E} URL = hxxp://abr.business.gov.au/search.aspx?SearchText={searchTerms}&StartSearch=True&bqs=1
SearchScopes: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002 -> {903BF549-8979-484A-A2BD-097AF77D6FE0} URL = hxxp://dictionary.reference.com/browse/{searchTerms}?r=75&src=ref&ch=dic
SearchScopes: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002 -> {A2B6DCA7-91B3-4ABE-8908-967880222CB4} URL = hxxp://www.google.com.au/search?hl=en&source=hp&q={searchTerms}&btnG=Google+Search&meta=&aq=f&oq=&rlz=1I7LENP_enAU470
SearchScopes: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=AU&ver=22&locale=en_AU&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002 -> {CB81E7B2-E6A9-42F6-BBA0-2ACF465F2F87} URL = hxxp://www.facebook.com/#/search/?ref=search&q={searchTerms}&init=quick
SearchScopes: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002 -> {F94E17F4-1DB4-4700-8ADF-F1DB0605668F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=871A8FAE-CBEB-4251-B84D-A34A4ED0D763&apn_sauid=B0F14DB3-F3ED-4CC5-8D1E-F01470E19596
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-14] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2013-11-28] (CANON INC.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-14] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2013-11-28] (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-14] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2013-11-28] (CANON INC.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2013-11-28] (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2013-11-28] (CANON INC.)
Toolbar: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
DPF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP9-15980/webex/ieatgpc1.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default
FF Homepage: hxxp://www.google.com.au/
FF NetworkProxy: "ftp", "220.173.139.172"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "220.173.139.172"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "220.173.139.172"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "220.173.139.172"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "220.173.139.172"
FF NetworkProxy: "ssl_port", 8080
FF SelectedSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF DefaultSearchEngine: Ask.com
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @abr.gov.au/KeyMgmtPlugin -> C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll [2010-08-19] (Commonwealth Government of Australia)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-07-27] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2014-07-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2014-07-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3514529109-4073190309-4292251120-1002: @citrixonline.com/appdetectorplugin -> C:\Users\David\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-09-05] (Citrix Online)
FF Plugin HKU\S-1-5-21-3514529109-4073190309-4292251120-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3514529109-4073190309-4292251120-1002: @talk.google.com/O1DPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3514529109-4073190309-4292251120-1002: @tools.google.com/Google Update;version=3 -> C:\Users\David\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3514529109-4073190309-4292251120-1002: @tools.google.com/Google Update;version=9 -> C:\Users\David\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3514529109-4073190309-4292251120-1002: LWAPlugin15.8 -> C:\Users\David\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF user.js: detected! => C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fk8n9qcc.default\user.js [2012-02-20]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginAOC.dll [2016-03-14] ()
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2016-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2016-03-21] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com.au/
CHR StartupUrls: Default -> "hxxp://google.com.au/"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Norton Confidential) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ABR_AUSkey Mozilla Plugin) - C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Identity Safe) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-19]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-07-16]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-07-16]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2016-04-14] (Lenovo.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
R3 Lenovo.RapidDrive.Advanced.Svc; C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe [209920 2011-10-07] (Lenovo, Japan, Ltd. ) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2016-01-08] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe [289080 2016-02-26] (Symantec Corporation)
S2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 QVssService; C:\Program Files\QNAP\NetBak\QVssService.exe [2203824 2015-10-07] (QNAP Systems, Inc.)
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31176 2016-01-20] (SHAREit Technologies Co.Ltd)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-11] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [594984 2011-04-08] (Ericsson AB)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20160418.001\BHDrvx64.sys [1766640 2016-03-10] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-28] (Symantec Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20160426.001\IDSvia64.sys [767224 2016-02-15] (Symantec Corporation)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-03-01] (Ericsson AB)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
R1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-14] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-14] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-14] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-14] (MCCI Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20160427.001\ENG64.SYS [138488 2015-12-30] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20160427.001\EX64.SYS [2148080 2015-12-30] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [308368 2015-12-22] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1606000.08E\SRTSP64.SYS [928504 2016-02-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-24] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS [295664 2016-02-24] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS [577768 2016-02-24] (Symantec Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [284912 2013-11-22] (Ericsson AB)
R3 QDrive; \??\C:\Users\David\AppData\Local\Temp\QDrive.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-28 22:46 - 2016-04-28 22:47 - 00043660 _____ C:\Users\David\Desktop\FRST.txt
2016-04-28 22:44 - 2016-04-28 22:44 - 00000000 ____D C:\AdwCleaner
2016-04-28 22:29 - 2016-04-28 22:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-28 22:26 - 2016-04-28 22:44 - 00000000 ____D C:\Users\David\Desktop\mbar
2016-04-28 22:22 - 2016-04-28 22:02 - 03581504 _____ C:\Users\David\Desktop\AdwCleaner.exe
2016-04-28 22:22 - 2016-04-28 21:58 - 16563352 _____ (Malwarebytes Corp.) C:\Users\David\Desktop\mbar-1.09.3.1001.exe
2016-04-28 22:22 - 2016-04-28 21:55 - 00852798 _____ C:\Users\David\Desktop\SecurityCheck.exe
2016-04-28 22:22 - 2016-04-28 15:53 - 02376704 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2016-04-28 22:18 - 2016-04-28 22:18 - 00000000 ____D C:\Users\David\AppData\Roaming\LSC
2016-04-28 14:47 - 2016-04-28 15:01 - 00000000 ____D C:\Users\David\AppData\Local\NPE
2016-04-28 14:40 - 2016-04-28 14:40 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2016-04-28 09:16 - 2016-04-28 09:16 - 00002002 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2016-04-26 16:58 - 2016-04-26 16:58 - 00000000 ____D C:\Users\David\AppData\Roaming\AccdbMerge
2016-04-21 11:38 - 2016-04-21 11:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-15 16:11 - 2016-04-15 16:11 - 00069770 _____ C:\Users\David\Desktop\David you are invited.htm
2016-04-15 16:11 - 2016-04-15 16:11 - 00000000 ____D C:\Users\David\Desktop\David you are invited_files
2016-04-13 03:19 - 2016-04-01 04:55 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 03:19 - 2016-04-01 04:11 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-13 03:19 - 2016-03-31 10:24 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 03:19 - 2016-03-31 10:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 03:19 - 2016-03-31 10:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 03:19 - 2016-03-31 10:01 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 03:19 - 2016-03-31 09:58 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 03:19 - 2016-03-31 09:58 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 03:19 - 2016-03-31 09:57 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 03:19 - 2016-03-31 09:57 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 03:19 - 2016-03-31 09:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 03:19 - 2016-03-31 09:55 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 03:19 - 2016-03-31 09:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 03:19 - 2016-03-31 09:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 03:19 - 2016-03-31 09:49 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 03:19 - 2016-03-31 09:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 03:19 - 2016-03-31 09:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 03:19 - 2016-03-31 09:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 03:19 - 2016-03-31 09:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 03:19 - 2016-03-31 09:41 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 03:19 - 2016-03-31 09:38 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 03:19 - 2016-03-31 09:33 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-13 03:19 - 2016-03-31 09:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-13 03:19 - 2016-03-31 09:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 03:19 - 2016-03-31 09:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 03:19 - 2016-03-31 09:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 03:19 - 2016-03-31 09:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 03:19 - 2016-03-31 09:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 03:19 - 2016-03-31 09:23 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-13 03:19 - 2016-03-31 09:23 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 03:19 - 2016-03-31 09:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-13 03:19 - 2016-03-31 09:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-13 03:19 - 2016-03-31 09:22 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-13 03:19 - 2016-03-31 09:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-13 03:19 - 2016-03-31 09:21 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-13 03:19 - 2016-03-31 09:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-13 03:19 - 2016-03-31 09:18 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-13 03:19 - 2016-03-31 09:16 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-13 03:19 - 2016-03-31 09:15 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-13 03:19 - 2016-03-31 09:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-13 03:19 - 2016-03-31 09:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 03:19 - 2016-03-31 09:15 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-13 03:19 - 2016-03-31 09:13 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 03:19 - 2016-03-31 09:13 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 03:19 - 2016-03-31 09:12 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 03:19 - 2016-03-31 09:12 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 03:19 - 2016-03-31 09:09 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 03:19 - 2016-03-31 09:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-13 03:19 - 2016-03-31 09:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-13 03:19 - 2016-03-31 09:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-13 03:19 - 2016-03-31 09:01 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-13 03:19 - 2016-03-31 09:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-13 03:19 - 2016-03-31 09:00 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-13 03:19 - 2016-03-31 09:00 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 03:19 - 2016-03-31 09:00 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-13 03:19 - 2016-03-31 08:59 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-13 03:19 - 2016-03-31 08:54 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-13 03:19 - 2016-03-31 08:53 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-13 03:19 - 2016-03-31 08:53 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-13 03:19 - 2016-03-31 08:52 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-13 03:19 - 2016-03-31 08:51 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-13 03:19 - 2016-03-31 08:48 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 03:19 - 2016-03-31 08:36 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 03:19 - 2016-03-31 08:35 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-13 03:19 - 2016-03-31 08:32 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-13 03:19 - 2016-03-31 08:30 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-13 03:19 - 2016-03-30 03:23 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 03:19 - 2016-03-18 08:34 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 03:19 - 2016-03-18 08:34 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-13 03:19 - 2016-03-18 08:34 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 03:19 - 2016-03-18 08:34 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 03:19 - 2016-03-18 08:31 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 03:19 - 2016-03-18 08:31 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-13 03:19 - 2016-03-18 08:28 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 03:19 - 2016-03-18 08:28 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-13 03:19 - 2016-03-18 08:28 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-13 03:19 - 2016-03-18 08:28 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 03:19 - 2016-03-18 08:28 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 03:19 - 2016-03-18 08:28 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 03:19 - 2016-03-18 08:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 03:19 - 2016-03-18 08:28 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 03:19 - 2016-03-18 08:28 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 03:19 - 2016-03-18 08:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-13 03:19 - 2016-03-18 08:27 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 03:19 - 2016-03-18 08:27 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 03:19 - 2016-03-18 08:27 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 03:19 - 2016-03-18 08:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 03:19 - 2016-03-18 08:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 03:19 - 2016-03-18 08:26 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 03:19 - 2016-03-18 08:26 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-13 03:19 - 2016-03-18 08:24 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 03:19 - 2016-03-18 08:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 03:19 - 2016-03-18 08:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 03:19 - 2016-03-18 08:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 03:19 - 2016-03-18 08:23 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 03:19 - 2016-03-18 08:23 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 03:19 - 2016-03-18 08:23 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 03:19 - 2016-03-18 08:23 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 08:06 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-13 03:19 - 2016-03-18 08:06 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-13 03:19 - 2016-03-18 08:03 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-13 03:19 - 2016-03-18 08:01 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-13 03:19 - 2016-03-18 08:01 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-13 03:19 - 2016-03-18 08:01 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-13 03:19 - 2016-03-18 08:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-13 03:19 - 2016-03-18 08:01 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-13 03:19 - 2016-03-18 08:00 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-13 03:19 - 2016-03-18 08:00 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-13 03:19 - 2016-03-18 08:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-13 03:19 - 2016-03-18 07:59 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-13 03:19 - 2016-03-18 07:59 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-13 03:19 - 2016-03-18 07:59 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-13 03:19 - 2016-03-18 07:58 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-13 03:19 - 2016-03-18 07:57 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-13 03:19 - 2016-03-18 07:57 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-13 03:19 - 2016-03-18 07:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-13 03:19 - 2016-03-18 07:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-13 03:19 - 2016-03-18 07:56 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-13 03:19 - 2016-03-18 07:55 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 07:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 03:19 - 2016-03-18 07:22 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 03:19 - 2016-03-18 07:22 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 03:19 - 2016-03-18 07:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 03:19 - 2016-03-18 07:14 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 03:19 - 2016-03-18 07:13 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 03:19 - 2016-03-18 07:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-13 03:19 - 2016-03-18 07:08 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 03:19 - 2016-03-18 07:07 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 03:19 - 2016-03-18 07:07 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 03:19 - 2016-03-18 07:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 03:19 - 2016-03-18 07:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 03:19 - 2016-03-18 07:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-13 03:19 - 2016-03-18 07:00 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-13 03:19 - 2016-03-18 07:00 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-13 03:19 - 2016-03-18 07:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-13 03:19 - 2016-03-18 06:59 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-13 03:19 - 2016-03-18 06:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 06:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 03:19 - 2016-03-18 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 03:19 - 2016-03-16 09:46 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 03:19 - 2016-03-16 09:46 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 03:19 - 2016-03-16 09:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-13 03:19 - 2016-03-12 04:27 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 03:19 - 2016-03-12 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-13 03:19 - 2016-03-07 04:23 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 03:19 - 2016-03-07 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 03:19 - 2016-03-07 04:08 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-13 03:19 - 2016-03-07 04:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-12 23:51 - 2016-04-12 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raw Image Viewer
2016-04-12 23:51 - 2016-04-12 23:51 - 00000000 ____D C:\Program Files (x86)\Raw Image Viewer
2016-04-11 20:57 - 2016-04-26 21:51 - 00000000 ____D C:\Users\David\AppData\LocalLow\uTorrent
2016-04-11 11:56 - 2016-04-11 11:56 - 00000000 ____D C:\Users\David\AppData\Local\{6F00555C-B600-4F47-9542-3D14B028719F}
2016-04-04 17:57 - 2016-04-04 18:01 - 00003418 _____ C:\Windows\System32\Tasks\CMDLine
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-28 22:46 - 2015-12-01 15:58 - 00000000 ____D C:\FRST
2016-04-28 22:46 - 2014-11-24 21:24 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3514529109-4073190309-4292251120-1002UA.job
2016-04-28 22:29 - 2015-11-16 12:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-28 22:27 - 2015-11-16 12:54 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-28 22:23 - 2012-02-02 20:05 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-28 22:16 - 2009-07-14 14:43 - 00786578 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-28 22:16 - 2009-07-14 14:15 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-28 22:16 - 2009-07-14 14:15 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-28 22:16 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\inf
2016-04-28 22:15 - 2012-01-06 15:12 - 00000000 ____D C:\Users\David\AppData\Local\Htc
2016-04-28 22:14 - 2008-01-13 13:23 - 00000000 ____D C:\Users\David\AppData\Roaming\Skype
2016-04-28 22:11 - 2014-11-25 07:17 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3514529109-4073190309-4292251120-1002.job
2016-04-28 22:09 - 2015-08-17 09:53 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-28 22:09 - 2014-03-13 16:46 - 00000000 ____D C:\Users\David\AppData\Local\Deployment
2016-04-28 22:09 - 2012-02-02 20:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-28 22:08 - 2014-04-30 09:50 - 00000000 ____D C:\Users\David\AppData\Local\HTC MediaHub
2016-04-28 22:07 - 2012-02-02 19:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-28 22:07 - 2009-07-14 14:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-28 16:17 - 2012-02-20 17:21 - 01287132 _____ C:\Windows\ntbtlog.txt
2016-04-28 14:47 - 2012-02-02 20:08 - 00000000 ____D C:\ProgramData\Norton
2016-04-28 14:44 - 2012-06-07 09:24 - 00007667 _____ C:\Users\David\AppData\Local\Resmon.ResmonCfg
2016-04-28 13:48 - 2015-06-01 18:49 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3514529109-4073190309-4292251120-1002.job
2016-04-28 13:16 - 2009-07-14 15:02 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-04-28 09:23 - 2014-11-24 21:24 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3514529109-4073190309-4292251120-1002Core.job
2016-04-28 09:17 - 2012-02-02 20:04 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2016-04-28 09:17 - 2012-02-02 20:00 - 00003020 _____ C:\Windows\System32\Tasks\PMTask
2016-04-28 09:17 - 2009-07-14 12:50 - 00000000 __RSD C:\Windows\Media
2016-04-28 09:16 - 2012-02-02 20:04 - 00000000 ____D C:\Windows\Downloaded Installations
2016-04-28 09:16 - 2012-02-02 19:50 - 00000000 ____D C:\Program Files\Lenovo
2016-04-27 12:56 - 2013-05-21 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-26 21:52 - 2014-08-08 17:27 - 00000000 ____D C:\Program Files\PeerBlock
2016-04-26 21:52 - 2012-02-11 15:29 - 00000000 ____D C:\Users\David\AppData\Local\Google
2016-04-26 21:51 - 2012-12-09 20:28 - 00000000 ____D C:\Users\David\AppData\Roaming\uTorrent
2016-04-25 20:24 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\rescache
2016-04-25 18:15 - 2009-07-14 14:15 - 00467896 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-21 11:41 - 2013-08-19 03:00 - 00000000 ____D C:\Windows\system32\MRT
2016-04-21 11:38 - 2012-12-12 11:50 - 00002617 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync 2010 Attendee.lnk
2016-04-21 11:38 - 2012-12-12 11:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync Attendee
2016-04-21 11:38 - 2012-02-12 23:27 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-21 11:34 - 2013-10-20 20:14 - 00000000 ____D C:\ProgramData\Oracle
2016-04-21 11:33 - 2015-09-02 11:36 - 00000000 ____D C:\Users\David\.oracle_jre_usage
2016-04-21 11:33 - 2014-10-29 13:17 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-21 11:33 - 2014-10-29 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-21 11:33 - 2014-10-29 13:17 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-21 08:50 - 2012-02-17 07:48 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps
2016-04-19 09:13 - 2013-05-21 12:07 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-19 09:13 - 2013-05-21 11:59 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-04-16 14:28 - 2009-07-14 14:38 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-15 09:18 - 2015-06-01 18:49 - 00003684 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3514529109-4073190309-4292251120-1002
2016-04-15 09:18 - 2014-11-25 07:17 - 00003588 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3514529109-4073190309-4292251120-1002
2016-04-14 19:07 - 2014-05-10 15:27 - 00000316 _____ C:\Windows\Tasks\NetBak-Thinking-David-Job1.job
2016-04-14 06:08 - 2012-02-02 20:00 - 02872488 _____ (Lenovo Group Limited) C:\Windows\system32\PWMCP64V.cpl
2016-04-14 06:08 - 2012-02-02 20:00 - 02692776 ____N (Lenovo Group Limited) C:\Windows\PWMBTHLV.EXE
2016-04-14 06:08 - 2012-02-02 20:00 - 00029512 _____ (Lenovo.) C:\Windows\system32\Drivers\DZHDD64.SYS
2016-04-14 06:08 - 2012-02-02 20:00 - 00029008 _____ (Lenovo Group Limited) C:\Windows\system32\Drivers\TPPWR64V.SYS
2016-04-12 09:14 - 2016-03-21 13:26 - 00000000 ____D C:\Users\David\AppData\Local\Screencast-O-Matic-v2
2016-04-08 17:44 - 2008-01-13 13:22 - 00000000 ____D C:\ProgramData\Skype
2016-04-08 17:43 - 2014-09-26 10:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-08 06:26 - 2012-02-02 20:05 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-06 19:10 - 2014-04-30 09:45 - 00000000 ____D C:\Temp
2016-04-06 14:22 - 2011-05-03 23:52 - 00000000 ____D C:\Users\David\AppData\Roaming\AUSkey
2016-04-06 11:29 - 2009-12-28 17:24 - 00000000 ____D C:\Users\David\AppData\Local\Citrix
2016-04-04 10:55 - 2012-02-24 10:22 - 00000000 ____D C:\Users\David\AppData\Local\CutePDF Writer
2016-04-03 16:53 - 2016-01-31 13:59 - 00000000 ____D C:\Program Files (x86)\PRTG Network Monitor
2016-04-03 16:53 - 2012-05-21 18:15 - 00000000 ____D C:\ProgramData\Temp
2016-03-30 17:31 - 2016-01-31 13:59 - 00000000 ____D C:\Program Files\WinPcap
==================== Files in the root of some directories =======
2014-07-09 09:02 - 2014-07-09 09:02 - 0205422 _____ () C:\Users\David\AppData\Roaming\2SQL.zip
2015-03-25 12:08 - 2015-06-12 16:34 - 0000034 _____ () C:\Users\David\AppData\Roaming\AdobeWLCMCache.dat
2014-07-09 12:01 - 2014-07-09 12:01 - 0022976 _____ (Intel Corporation) C:\Users\David\AppData\Roaming\JomCap.dll
2014-05-02 17:30 - 2014-05-02 17:37 - 0038418 _____ () C:\Users\David\AppData\Roaming\Microsoft Excel 97-2003.ADR
2012-02-13 16:44 - 2011-08-10 10:06 - 0223808 _____ () C:\Users\David\AppData\Roaming\wanancsp.dat
2013-09-18 17:13 - 2013-09-18 19:17 - 0000600 _____ () C:\Users\David\AppData\Local\PUTTY.RND
2012-06-07 09:24 - 2016-04-28 14:44 - 0007667 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
2014-08-27 21:19 - 2014-08-27 21:19 - 0015036 _____ () C:\Users\David\AppData\Local\WiDiSetupLog.20140827.211905.wdl
2014-08-27 21:23 - 2014-08-27 21:23 - 0015869 _____ () C:\Users\David\AppData\Local\WiDiSetupLog.20140827.212325.wdl
2014-08-27 22:38 - 2014-08-27 22:39 - 0015758 _____ () C:\Users\David\AppData\Local\WiDiSetupLog.20140827.223854.wdl
2014-08-27 22:39 - 2014-08-27 22:43 - 0015870 _____ () C:\Users\David\AppData\Local\WiDiSetupLog.20140827.223956.wdl
2014-10-28 11:19 - 2014-10-28 11:20 - 0015870 _____ () C:\Users\David\AppData\Local\WiDiSetupLog.20141028.121955.wdl
2014-10-28 11:31 - 2014-10-28 11:32 - 0015870 _____ () C:\Users\David\AppData\Local\WiDiSetupLog.20141028.123146.wdl
2014-12-14 22:43 - 2014-12-14 22:44 - 0015868 _____ () C:\Users\David\AppData\Local\WiDiSetupLog.20141214.234356.wdl
2014-12-14 22:48 - 2014-12-14 22:49 - 0015870 _____ () C:\Users\David\AppData\Local\WiDiSetupLog.20141214.234842.wdl
2014-12-14 22:49 - 2014-12-14 22:49 - 0015868 _____ () C:\Users\David\AppData\Local\WiDiSetupLog.20141214.234924.wdl
2012-08-14 22:22 - 2014-01-29 18:14 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
Files to move or delete:
====================
C:\Users\David\hex2text.exe
C:\Users\David\humbole.bat
C:\Users\David\Nightly.bat
C:\Users\David\Run.bat
C:\Users\David\sed.exe
C:\Users\David\wbstatus.bat
Some files in TEMP:
====================
C:\Users\David\AppData\Local\Temp\mpegc.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-28 09:13
==================== End of FRST.txt ============================
--- END ---
Here are the results from FRST - Addition.txt:
--- BEGIN ---
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
Ran by David (2016-04-28 22:47:19)
Running from C:\Users\David\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-02-11 05:56:44)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3514529109-4073190309-4292251120-500 - Administrator - Disabled)
David (S-1-5-21-3514529109-4073190309-4292251120-1002 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-3514529109-4073190309-4292251120-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3514529109-4073190309-4292251120-1003 - Limited - Enabled)
PRTGAdmin (S-1-5-21-3514529109-4073190309-4292251120-1004 - Administrator - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
2SQL Version 5.5.5 (HKLM-x32\...\2SQL for Microsoft Access 2010/SQL Server 2008 R2_is1) (Version: 5.5.5 - ConvertU2 Technologies Pty Ltd)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AUSkey software 1.4.0.3 (HKLM-x32\...\{1976B721-8F15-4B86-92D2-725364AF8CE0}) (Version: 1.4.0.3 - ABR)
AutoRotation (HKLM-x32\...\{8C94F0BE-D9D6-4AA9-A27E-7FBBB8DFA70F}) (Version: 1.00.0000 - Samsung Electronics Co. Ltd)
AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.63.1071 - AB Team, d.o.o.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
calibre 64bit (HKLM\...\{9B70C080-F90A-49EA-B8A4-3E4D7BDDA853}) (Version: 2.36.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MX720 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX720_series) (Version: 1.00 - Canon Inc.)
Canon MX720 series On-screen Manual (HKLM-x32\...\Canon MX720 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.3.0.55 - Citrix Systems, Inc.)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version: - )
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Custom UI Editor for Microsoft Office (HKLM-x32\...\{C644FAAE-42FD-4FEC-B170-AB40B128B9AF}) (Version: 3.14.1592 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
easyFBT 2015 (HKLM-x32\...\{DDA6CDAE-33B7-492F-98D1-20C95EA9A419}) (Version: 15.1.0.6 - One Plus One Solutions Pty Limited)
ECI Client v6.0 (HKLM-x32\...\{DE730F37-A198-4112-A3B6-97786F34354A}) (Version: v6.0.1 - Australian Taxation Office)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
Full Desktop (HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\...\gateway-5a812d51@@XenApp:Full Desktop) (Version: 1.0 - Delivered by Citrix)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync (HKLM-x32\...\{1F9E5C64-165D-4679-BBB3-498D216D017B}) (Version: 3.3.7 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.69.5 - HTC)
Icecream PDF Split and Merge version 2.2 (HKLM-x32\...\{95DC4DB4-99FB-4FB2-ADBD-97F194EDEB4D}_is1) (Version: 2.2 - Icecream Apps)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Identity Protection Technology 1.2.32.0 (HKLM-x32\...\{2D793E41-F598-1014-9984-F3B169A93F79}) (Version: 1.2.32.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1211 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Battery Utility 2015 2.2 (HKLM-x32\...\{62D5A67D-E5CC-4D79-8998-DCFDB7750346}_is1) (Version: 2.2 - Lenovo Corp)
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.11.08 - Lenovo)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Service Bridge (HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\...\cbe8636f7dd0cf1d) (Version: 1.6.3.1 - Lenovo)
Lenovo SimpleTap (HKLM\...\{EFC9FE7C-ECE8-4282-8F77-FEDCAD374C77}) (Version: 3.0.0010.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{49277B39-D2E8-4342-9CE8-FC080C3FA344}) (Version: 2.8.007.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Lexmark Printer Software Uninstall (HKLM-x32\...\Lexmark Printer Software Uninstall) (Version: - )
Logitech Unifying Software 2.00 (HKLM\...\Logitech Unifying) (Version: 2.00.43 - Logitech)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{EE4D9822-C7F3-4386-8703-889CDDA22FAA}) (Version: 3.4.0001.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Lync 2010 Attendee (HKLM-x32\...\{09335E49-1C8F-4973-9929-941BE9C6EF33}) (Version: 4.0.7577.4498 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{1E9C25E0-B68A-4A73-8B11-BC3C2EE88ACF}) (Version: 15.8.8308.866 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4815.1001 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM-x32\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visio Professional 2013 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 15.0.4815.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 6.4.1.6 - Ericsson AB)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MultiScreen (HKLM-x32\...\{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}) (Version: 1.00.0000 - Samsung Electronics Ltd.)
MYOB AccountRight Premier v19.10 (HKLM-x32\...\InstallShield_{14CD4651-23C3-4D99-9A13-D1DBE4835E16}) (Version: 19.10.0 - MYOB Technology Pty Ltd)
MYOB AccountRight Premier v19.10 (x32 Version: 19.10.0 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v10 AUS (x32 Version: 10.0.0 - MYOB Technology Pty Ltd) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
Norton 360 (HKLM-x32\...\N360) (Version: 22.6.0.142 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA 3D Vision Driver 354.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 354.45 - NVIDIA Corporation)
NVIDIA Graphics Driver 354.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 354.45 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA nView 146.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 146.78 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.10 - Lenovo Group Limited)
QNAP Finder (HKLM-x32\...\QNAP_FINDER) (Version: - )
QNAP NetBak Replicator (HKLM-x32\...\NetBak) (Version: 4.5.1.1007 - QNAP Systems, Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
RapidDrive Advanced version 1.0.12 (HKLM-x32\...\{F8F9F1AC-5CB0-4DBB-87FA-1A6BC4EA02E5}_is1) (Version: 1.0.12 - LENOVO, Inc.)
RAW Image Viewer (HKLM-x32\...\{3C867AA0-22EC-4B27-8C60-A354AA37D68C}_is1) (Version: - IdeaMK)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
RoboCache (HKLM-x32\...\{D64D5555-9C89-4CAB-84E0-244225A0C41C}) (Version: 1.1.1 - ManuSoft)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Screen Recorder Launcher (HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\...\ScreenRecorderLauncher) (Version: 2.0 - )
Self-service Plug-in (x32 Version: 3.3.0.27839 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.2.0.543 - Lenovo)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.07 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.81 - Lenovo)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows Driver Package - Lenovo (LenovoRd) SmartCardReader (05/11/2009 4.1.0.1) (HKLM\...\9B84710FFAE6C50914FCE568B59E426F1386E7F6) (Version: 05/11/2009 4.1.0.1 - Lenovo)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
XnView 2.32 (HKLM-x32\...\XnView_is1) (Version: 2.32 - Gougelet Pierre-e)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\David\AppData\Local\Citrix\GoToMeeting\4670\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0097AE7D-1466-4DAA-A344-ECD4E678BFFD} - System32\Tasks\NetBak-Thinking-David-Job1 => C:\Program Files\QNAP\NetBak\NetBak.exe [2015-10-07] (QNAP Systems, Inc.)
Task: {04A321C5-F4D5-4293-8DCD-6C81BA7AB480} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {11EDD87F-945A-4EDC-95AD-E08DE5693A0B} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] ()
Task: {131D564D-95F7-46DB-A520-D0D31435CE8A} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2016-01-08] (Lenovo)
Task: {1E0CED7A-AEFB-40E9-949C-436BA3A951DF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-11] (Symantec Corporation)
Task: {2647E977-EC14-4D09-9B28-5A64C9A8C5FD} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {2BE665AE-26C5-4782-8933-8EFE02AA15C0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {2F5AC320-D965-4C5F-90B6-707FBDDFEACF} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2016-04-14] (Lenovo Group Limited)
Task: {320C5F88-9412-4004-B0B1-56438A9BD2B3} - System32\Tasks\CMDLine => \NAS\Documents\Consultancy\Helping Hand\Development\cmdline.bat
Task: {338DF1F9-F0C8-4E10-BD94-B48DB4ABF71B} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Thinking.David => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2011-12-21] (Lenovo)
Task: {3D9AF38E-04AE-4B99-9858-0897D9FBEE47} - System32\Tasks\G2MUploadTask-S-1-5-21-3514529109-4073190309-4292251120-1002 => C:\Users\David\AppData\Local\Citrix\GoToMeeting\4800\g2mupload.exe [2016-04-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {3DDDBC9A-186B-47B3-B3C2-A33835EF96FA} - System32\Tasks\NetBak-Thinking-David-AutoStartup => C:\Program Files\QNAP\NetBak\NetBak.exe [2015-10-07] (QNAP Systems, Inc.)
Task: {3E80E80B-1C20-4DDA-8306-5B0C6021F918} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-10] ()
Task: {42A49916-8422-485F-8D37-F0855E758956} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2015-03-23] (Lenovo)
Task: {4B1DAD20-46BF-407C-AE7D-B0BD0E748D16} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {4BE3582C-03AB-434E-A0C8-2653F93892DE} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-01-08] ()
Task: {4BF3734F-477C-44CF-91B0-63107A0B2EC1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3514529109-4073190309-4292251120-1002UA => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {546BBFCB-6B0B-40CB-9F47-0803101CBDE1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {5BBDBE02-720A-4F56-9894-341FE67CAD7D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {5E60276C-2A8B-48CA-9EE9-1134DE9A5A6E} - System32\Tasks\G2MUpdateTask-S-1-5-21-3514529109-4073190309-4292251120-1002 => C:\Users\David\AppData\Local\Citrix\GoToMeeting\4800\g2mupdate.exe [2016-04-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {641988FA-6C31-471F-B560-1678F60DB853} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3514529109-4073190309-4292251120-1002Core => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {6A07AA93-CC94-4EE8-BA8C-E240337DAD53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {758E3EDE-6FD5-4911-BA15-DD1F232932B6} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {773501A7-DE99-4CBB-87F6-C82E7420527B} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-01-08] (Lenovo)
Task: {7F452EC9-70D7-4408-87B2-5044D9FBD8EC} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-01-08] ()
Task: {82EE52E5-91EC-4E1C-A011-1764EFB5C232} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {84A17430-E0FD-40D5-886D-D08F5436BA91} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {8E70DBCE-E01E-4901-9783-B329DC9A8B40} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3514529109-4073190309-4292251120-1002 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {9A51F902-A50C-4A7B-A963-205248C53418} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: {9CCFFD7B-2009-4575-9C60-9D0AC8B087E2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {A1D072CF-0D40-4ABB-A8C2-EB44DC96DFBD} - System32\Tasks\Microsoft\Windows\SyncCenter\S-1-5-21-3514529109-4073190309-4292251120-1002\{750FDF10-2A26-11D1-A3EA-080036587F03}\Offline Files Sync Schedule 1 => C:\Windows\system32\mobsync.exe [2010-11-21] (Microsoft Corporation)
Task: {A8EB77E8-074B-4EA2-B1BA-3410D1858C72} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2015-03-23] (Lenovo)
Task: {AEBC2F5A-CC74-4AEF-AF51-7BE022C50742} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {AEEFE17C-A8EC-425D-809F-1EFAE7D019DA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {BEDCA02C-A242-4A48-AB70-4235D5D062EE} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-05-29] ()
Task: {C22A66FC-3591-4F77-9BDE-04E0C3057F00} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-11] (Symantec Corporation)
Task: {C4247DFF-6D42-4419-9CEE-0DCC715AF0B2} - System32\Tasks\StartRapidDriveAdvancedServiceTask => net
Task: {E79AE6A2-8884-4D9C-8BED-7CEACE588FA3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3514529109-4073190309-4292251120-1002.job => C:\Users\David\AppData\Local\Citrix\GoToMeeting\4800\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3514529109-4073190309-4292251120-1002.job => C:\Users\David\AppData\Local\Citrix\GoToMeeting\4800\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3514529109-4073190309-4292251120-1002Core.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3514529109-4073190309-4292251120-1002UA.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NetBak-Thinking-David-Job1.job => C:\Program Files\QNAP\NetBak\NetBak.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\David\Desktop\Windows Backup Status.lnk -> C:\Users\David\wbstatus.bat ()
==================== Loaded Modules (Whitelisted) ==============
2012-02-13 18:15 - 2009-11-05 07:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2014-03-19 09:50 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-02-02 19:59 - 2015-12-22 10:33 - 00020624 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-01-18 11:09 - 2015-11-05 21:21 - 00126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-07-22 01:02 - 2015-07-22 01:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-10-30 02:19 - 2015-09-02 01:34 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-02-02 20:00 - 2016-04-14 06:08 - 00107008 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2010-12-19 09:20 - 2010-12-19 09:20 - 00173856 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2012-06-19 00:54 - 2012-06-19 00:54 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2015-10-07 19:31 - 2015-10-07 19:31 - 00142512 _____ () C:\Program Files\QNAP\NetBak\RdiffDll.dll
2016-02-25 14:12 - 2016-02-25 14:12 - 00821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2012-02-02 19:58 - 2011-03-06 20:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-02 19:54 - 2010-10-26 09:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-02-17 00:48 - 2009-08-11 12:57 - 00303104 _____ () C:\Program Files (x86)\MultiScreen\MultiScreen.exe
2012-02-17 00:36 - 2008-10-01 14:46 - 00036864 _____ () C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
2015-07-22 01:02 - 2015-07-22 01:02 - 31535264 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2010-12-19 09:20 - 2010-12-19 09:20 - 00171296 _____ () C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
2012-05-29 09:06 - 2012-05-29 09:06 - 00655360 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2015-06-08 12:07 - 2015-06-08 12:07 - 00065776 _____ () C:\Program Files (x86)\Lenovo\Access Connections\ACSonyEricssonHlpr.dll
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2014-03-21 15:05 - 2014-03-21 15:05 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2016-02-25 14:11 - 2016-02-25 14:11 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-03-21 15:06 - 2014-03-21 15:06 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-03-21 15:06 - 2014-03-21 15:06 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-03-21 15:06 - 2014-03-21 15:06 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-03-21 15:08 - 2014-03-21 15:08 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-03-21 15:09 - 2014-03-21 15:09 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2012-02-02 19:58 - 2011-03-11 04:36 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2015-02-25 11:32 - 2015-12-22 10:33 - 00020808 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-02-17 00:48 - 2009-08-11 12:54 - 00094208 _____ () C:\Program Files (x86)\MultiScreen\TitleBar.dll
2012-02-02 20:08 - 2011-10-01 09:27 - 00218624 _____ () C:\Program Files (x86)\Lenovo\RapidDrive Advanced\SSDetectPartition.dll
2014-08-27 20:56 - 2011-06-29 18:09 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2014-08-27 20:56 - 2011-06-29 18:09 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2012-02-17 00:48 - 2009-08-11 12:54 - 00053248 _____ () C:\Program Files (x86)\MultiScreen\SmartMouseDll.dll
2012-02-17 00:48 - 2009-08-11 12:56 - 00053248 _____ () C:\Program Files (x86)\MultiScreen\MGResEng.dll
2012-05-29 09:06 - 2012-05-29 09:06 - 00104448 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
2012-05-29 09:06 - 2012-05-29 09:06 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
2012-05-29 09:06 - 2012-05-29 09:06 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
2012-05-29 09:06 - 2012-05-29 09:06 - 00393216 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
2012-05-29 09:06 - 2012-05-29 09:06 - 00151552 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
2012-05-29 09:06 - 2012-05-29 09:06 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
2012-05-29 09:06 - 2012-05-29 09:06 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
2012-05-29 09:06 - 2012-05-29 09:06 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:9A870F8B [992]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\...\europcar.com.au -> hxxps://www.europcar.com.au
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 12:04 - 2009-06-11 06:30 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3514529109-4073190309-4292251120-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\David\Pictures\P1020272.JPG
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: wbengine => 3
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{930E33EE-28DE-441B-9A07-B27535C4EAAA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{DDEF3A8D-E451-48D4-A062-A676E84BE58E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{20A86D67-BD88-47E1-9E07-DD6B758BB9B7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E628B83B-0E11-453A-BEE3-69DE0B566E0C}] => (Allow) LPort=2869
FirewallRules: [{D34B82B3-49F3-4DC3-AB9F-2B4CDFD9FA55}] => (Allow) LPort=1900
FirewallRules: [{D5E97B58-30AD-4DF5-9DD9-60ABC6B068DF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{459C9330-0AF4-4AC7-BF0A-ED3F8F4C2E48}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{999C60EA-3495-4B41-9F37-511F5CFE4D14}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{70EEABB5-5F21-44FB-AA97-22127DF514B5}C:\users\david\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\david\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E0453474-DB66-438C-9B77-2CAB1B12B8E4}C:\users\david\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\david\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{CBA53CCE-7390-4B98-A6DC-4F1245D8589D}C:\users\david\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\david\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{89119F50-FAB3-4854-808D-D916262EB4F5}C:\users\david\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\david\appdata\local\akamai\netsession_win.exe
FirewallRules: [{480A40B3-D1B8-4990-BD0B-58115052A34D}] => (Allow) C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe
FirewallRules: [{3A254E6A-7955-49B7-8C81-8804421540FF}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2EC6C4AA-9C32-4F61-A09D-18971227EF23}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AE0F5571-A64C-4D47-8B4E-5D79DBBDD0AD}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{D875FD67-B4CA-42C4-8F04-938960EAA594}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7F946AE8-EBBA-45DF-847B-108F1D6A5F7D}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7F11C1F9-7548-4C13-BBB6-3E0602F83561}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{5F8C0AE2-A154-4E56-87C4-87DF5334EC31}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [TCP Query User{EAD54EAC-99ED-49C8-8D97-34827C5FB2FF}C:\program files (x86)\qnap\finder\finder.exe] => (Allow) C:\program files (x86)\qnap\finder\finder.exe
FirewallRules: [UDP Query User{FE4F8B43-29C5-4A8E-8D49-63B50981A601}C:\program files (x86)\qnap\finder\finder.exe] => (Allow) C:\program files (x86)\qnap\finder\finder.exe
FirewallRules: [{9FFFEAC1-1221-433F-8141-298C130CC63B}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{880AA532-E790-4870-B1DD-E93E3656E586}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{B480FCF4-81B9-42BC-8C20-1424E373CD98}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{1476A106-5CF5-45E6-9F81-103DEA774B78}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{2017362A-B68B-458C-9EC3-A9871F82C1B5}] => (Allow) C:\Users\David\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{92DCAD2F-2F8E-48B8-8FCF-8FE79CBE29BE}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{31758A6A-926A-4A51-A079-3DFFBB121F04}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{BF0D8D5C-BDDB-472B-8DB1-24B12ACE3A8C}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [TCP Query User{8E40521F-3F57-4A83-9B07-051746C6B3D9}C:\users\david\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\david\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [UDP Query User{75817BBF-4510-4FF4-A456-2B7D569AF380}C:\users\david\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\david\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [{3FBEAF0F-EF32-40AE-A90D-C8961745476F}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{4AE668F3-91E9-4121-8B6E-23C6A4201050}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{F1CFE397-99F7-4CE3-9FE3-566FE54B10A1}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{13FDEE9E-338B-4CA1-80E5-1F5B0FA746A6}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{8B8AAB5F-B833-479E-A1AD-4757A482C57E}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{9D86CC0E-362D-49A0-B40F-A10C18522F9E}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{41FFC8BE-53E0-4752-8572-57322C7DB53A}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{0EC8B98A-C6E9-41EB-BD93-E98DD109958C}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{B3CA0CF1-E765-4D1F-9345-934B45A59F6D}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{64C7AF2B-EA66-4917-8F18-83B2383BEAF1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B23F90A5-FB18-4E54-A056-AF82B538042C}] => (Block) LPort=443
==================== Restore Points =========================
27-04-2016 16:28:52 Removed AccdbMerge Pro
28-04-2016 09:17:25 Installed Power Manager
28-04-2016 14:56:58 Norton_Power_Eraser_20160428145658769
==================== Faulty Device Manager Devices =============
Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/28/2016 10:11:24 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )
Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives()
Error: (04/28/2016 10:11:23 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )
Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives()
Error: (04/28/2016 10:11:22 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )
Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives()
Error: (04/28/2016 10:11:21 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )
Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives()
Error: (04/28/2016 10:11:20 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )
Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives()
Error: (04/28/2016 10:11:09 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )
Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives()
Error: (04/28/2016 10:11:08 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )
Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives()
Error: (04/28/2016 10:11:07 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )
Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives()
Error: (04/28/2016 10:11:06 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )
Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives()
Error: (04/28/2016 10:11:05 PM) (Source: RapidDrive Advanced Service) (EventID: 12293) (User: )
Description: General Error: Disk serial number is empty.. at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk.GetPhysicalSerialNumber(String driveLetter)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.Disk..ctor(DriveInfo drive)
at Lenovo.RapidDriveAdvanced.DataProvidersAndWatchServices.DiskManager.EnumerateDrives()
System errors:
=============
Error: (04/28/2016 10:09:09 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6}
Error: (04/28/2016 10:08:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Identity Safe service failed to start due to the following error:
%%1053
Error: (04/28/2016 10:08:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Norton Identity Safe service to connect.
Error: (04/28/2016 04:17:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (04/28/2016 04:17:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (04/28/2016 04:16:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (04/28/2016 04:12:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (04/28/2016 04:12:48 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}
Error: (04/28/2016 04:12:48 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
Error: (04/28/2016 04:12:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
CodeIntegrity:
===================================
Date: 2014-01-13 20:07:06.033
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-13 20:07:05.803
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-13 20:07:05.583
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-13 20:07:05.233
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-13 20:07:04.953
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-13 20:07:04.633
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-13 20:07:04.373
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-13 20:07:04.133
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-13 20:07:03.903
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-13 20:07:03.513
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core i7-2640M CPU @ 2.80GHz
Percentage of memory in use: 33%
Total physical RAM: 8074.23 MB
Available physical RAM: 5406.55 MB
Total Virtual: 16146.66 MB
Available Virtual: 13028.42 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:131.96 GB) (Free:19.62 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (BACKUP) (Removable) (Total:0.97 GB) (Free:0.86 GB) FAT
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.64 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 1A23200D)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=132 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 990 MB) (Disk ID: 01E9F56B)
Partition 1: (Active) - (Size=990 MB) - (Type=06)
==================== End of Addition.txt ============================
--- END ---
Thank you.