1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Inactive] Webpage just popped up, claiming "Do not shut down, contact us, etc."

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by bgc, Jul 27, 2019.

  1. bgc

    bgc Established Techie7 Member

    Just got one of those messages claiming my Lenovo laptop was under the control of a hacker. Please review my logs below. I shut down and opened in safemode at a restore point. Thanks


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
    Ran by BC (administrator) on LENOVO_520 (LENOVO 4239CTO) (27-07-2019 11:50:18)
    Running from C:\Users\BC\Desktop
    Loaded Profiles: BC (Available Profiles: UpdatusUser & BC)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
    (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    (CCH Small Firm Services -> CCH Small Firm Services) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.ServerHost.exe
    (CCH Small Firm Services -> CCH Small Firm Services) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.ServerHost.exe
    (CCH Small Firm Services -> CCH Small Firm Services) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.ServerHost.exe
    (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
    (Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
    (Intel Corporation - Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel Corporation - Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel® Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Lenovo Group Limited) [File not signed] C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
    (Lenovo(Japan)Ltd. -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
    (Lenovo(Japan)Ltd. -> Lenovo.) C:\Windows\System32\TpShocks.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (Ricoh co.,Ltd.) [File not signed] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
    (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
    (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
    (Symantec Corp -> Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    (Ulead Systems, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated -> Synaptics Incorporated)
    HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo(Japan)Ltd. -> Lenovo.)
    HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] (Fortemedia Inc -> )
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant Systems, Inc. -> Conexant systems, Inc.)
    HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
    HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [309680 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) [File not signed]
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-16] (Intel Corporation -> Intel Corporation)
    HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
    HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Leader Technologies Inc -> Lenovo, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION) [File not signed]
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION) [File not signed]
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-10] (Google Inc -> Google Inc.)
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_0414b] => C:\Users\BC\AppData\Roaming\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=0414b
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_0814av] => C:\Users\BC\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=0814av
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_1114av] => C:\Users\BC\AppData\Roaming\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=1114av
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\BC\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=1214av
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd -> Piriform Ltd)
    HKLM\...\Drivers32: [msacm.ulmp3acm] => C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm [319488 2006-01-23] (Ulead systems) [File not signed]
    HKLM\...\Drivers32: [msacm.mpegacm] => C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\mpegacm.acm [69632 2006-04-17] (Ulead Systems, Inc.) [File not signed]
    HKLM\...\Drivers32: [msacm.dvacm] => C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm [32768 2008-05-16] (Ulead Systems, Inc.) [File not signed]
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-15] (Google LLC -> Google LLC)
    HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
    HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\ThinkPad\Bluetooth Software\\BtwCP.dll [2010-12-18] (Broadcom Corporation -> Broadcom Corporation.)
    HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-05-31] (NVIDIA Corporation -> NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-05-31] (NVIDIA Corporation -> NVIDIA Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-03-10]
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {10F817E1-1B81-4D8D-B039-7A19D41D2791} - System32\Tasks\{28978BC3-53D6-435A-A92D-4484D6EF0EC4} => C:\Program Files (x86)\SwannView Link\MyDVR.exe [4674048 2015-09-30] () [File not signed]
    Task: {194E0517-0C75-4D2C-A9C2-3A4999CC4387} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [3987888 2019-06-29] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    Task: {40BB7FC8-BAF8-45FC-8027-3F110B03E818} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd)
    Task: {4113EACF-D0D0-491B-B72C-1B02850AB25F} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [65336 2011-12-21] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
    Task: {4A8A4548-18E5-43F3-9E14-8BDA62DC8578} - System32\Tasks\{3446E710-91F1-42D3-B2EF-7F3D9822F106} => C:\Program Files (x86)\SwannView Link\MyDVR.exe [4674048 2015-09-30] () [File not signed]
    Task: {52061F86-5839-4D5C-95D8-F58E6B558E3E} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [542056 2011-08-31] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
    Task: {B31E9EA6-82F6-4949-B1A6-11998EA0A3E6} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [65336 2011-12-21] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
    Task: {B50FBCB2-9087-4979-B8FC-DF211A90F672} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
    Task: {BF3E8C10-9EE0-4373-98F1-D587314C7A0B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
    Task: {CFCB20F0-43B1-4270-AA00-CB124CE0DDE5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {DCF1CA2F-853B-478A-8AA2-91D589110F28} - System32\Tasks\{B8D5221F-0F02-4939-A5F8-9BEBB7AC8E9F} => C:\Windows\system32\pcalua.exe -a "C:\Users\BC\Documents\G7PS\VersaCheck 2002\VCheck.exe"
    Task: {E3D83C9B-3D73-4356-87F8-4576D57A5B3E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2314008 2019-06-15] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    Task: {E8603BA5-1730-4FBD-ADD3-309FD41F782C} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [6656 2009-02-09] () [File not signed]
    Task: {F1482E8E-749F-4C52-B4CB-75E1CD7B0E3A} - System32\Tasks\{6819900C-8790-4D39-885D-993FDD4DCCA0} => C:\Windows\system32\pcalua.exe -a "C:\Users\BC\Documents\VersaCheck 2002\VCheck.exe"
    Task: {FC660943-E989-4DF4-8C95-8790DD366632} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{07631ECC-23A6-4F57-AFB0-2AFA483AD605}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{DAF7FC41-BAD0-4F31-90A5-6CF3A19F3236}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3430477350-3253428499-66189328-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS577
    SearchScopes: HKU\S-1-5-21-3430477350-3253428499-66189328-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS577
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.)
    BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2011-06-29] (Symantec Corp -> Symantec Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc -> Google Inc.)
    BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2011-06-29] (Symantec Corp -> Symantec Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc -> Google Inc.)
    Toolbar: HKU\S-1-5-21-3430477350-3253428499-66189328-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\197en489.default [2019-07-27]
    FF Homepage: Mozilla\Firefox\Profiles\197en489.default -> hxxps://www.google.com/advanced_search
    FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
    FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2012-03-10] [Legacy] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll [2014-10-28] (Adobe Systems Incorporated -> )
    FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll [2014-10-28] (Adobe Systems Incorporated -> )
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) [File not signed]
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-25] (NVIDIA Corporation -> NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-25] (NVIDIA Corporation -> NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default [2019-07-27]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-04]
    CHR Extension: (Chrome Media Router) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-14]
    CHR Profile: C:\Users\BC\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-07-14]
    CHR Profile: C:\Users\BC\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-21]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY)
    S2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [409280 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [6893160 2019-06-14] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo(Japan)Ltd. -> Lenovo.)
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
    R2 Sfs.Server.2014; C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.ServerHost.exe [229264 2015-02-04] (CCH Small Firm Services -> CCH Small Firm Services)
    R2 Sfs.Server.2016; C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.ServerHost.exe [234200 2016-10-08] (CCH Small Firm Services -> CCH Small Firm Services)
    R2 Sfs.Server.2017; C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.ServerHost.exe [234208 2017-10-16] (CCH Small Firm Services -> CCH Small Firm Services)
    R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
    R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
    R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-06-29] (Symantec Corp -> Symantec Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
    S3 GoogleChromeElevationService; "C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.90\elevation_service.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 5U877; C:\Windows\System32\DRIVERS\5U877.sys [166016 2011-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Ricoh co.,Ltd.)
    R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37368 2019-06-29] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [209304 2019-06-29] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [263784 2019-06-29] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [206624 2019-06-29] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [61736 2019-06-29] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42552 2019-06-29] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [112568 2019-06-29] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [88208 2019-06-29] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1031048 2019-06-29] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [477336 2019-06-29] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [387952 2019-07-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-07-27] (Malwarebytes Corporation -> Malwarebytes)
    R0 nlem64nt; C:\Windows\System32\Drivers\nlem64nt.sys [72808 2009-10-13] (Communication Horizons -> )
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
    R2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [101888 2011-05-25] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
    R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo (United States) Inc.)
    S2 avgMonFlt; system32\drivers\avgMonFlt.sys [X]
    S2 avgStm; system32\drivers\avgStm.sys [X]
    S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
    U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-07-27 11:50 - 2019-07-27 11:51 - 000031779 _____ C:\Users\BC\Desktop\FRST.txt
    2019-07-27 11:49 - 2019-07-27 11:50 - 000000000 ____D C:\FRST
    2019-07-27 11:46 - 2019-07-27 11:46 - 002095104 _____ (Farbar) C:\Users\BC\Desktop\FRST64.exe
    2019-07-27 00:19 - 2019-07-27 00:20 - 000000000 ____D C:\Users\BC\AppData\Local\{5B857B83-C10E-4A5E-89A9-B7F968F1CA6E}
    2019-07-26 12:19 - 2019-07-26 12:19 - 000000000 ____D C:\Users\BC\AppData\Local\{AD9C5396-D79B-4BBC-9C4D-8FA0C65CF522}
    2019-07-26 10:27 - 2019-07-26 10:27 - 000128938 _____ C:\Users\BC\Documents\2019 July DWP bill.pdf
    2019-07-26 00:19 - 2019-07-26 00:19 - 000000000 ____D C:\Users\BC\AppData\Local\{6A18D735-C951-4B7E-9786-CD9F0328EEA5}
    2019-07-25 12:19 - 2019-07-25 12:19 - 000000000 ____D C:\Users\BC\AppData\Local\{2FE56A5B-0654-4DDA-9252-2E8441449628}
    2019-07-25 00:18 - 2019-07-25 00:18 - 000000000 ____D C:\Users\BC\AppData\Local\{E69633AD-F9D5-493D-9E4F-648B6DB3C83A}
    2019-07-24 12:18 - 2019-07-24 12:18 - 000000000 ____D C:\Users\BC\AppData\Local\{00C5268D-2B89-4986-AD89-526C9418B521}
    2019-07-24 00:18 - 2019-07-24 00:18 - 000000000 ____D C:\Users\BC\AppData\Local\{724ABFC3-C75F-4BB3-8C89-D1C6126FB294}
    2019-07-23 12:17 - 2019-07-23 12:18 - 000000000 ____D C:\Users\BC\AppData\Local\{7A98D828-FF72-43B7-A531-9519BBF91037}
    2019-07-23 00:17 - 2019-07-23 00:17 - 000000000 ____D C:\Users\BC\AppData\Local\{36C9F08C-66F9-44F0-9A46-9048AD57BD77}
    2019-07-22 12:17 - 2019-07-22 12:17 - 000000000 ____D C:\Users\BC\AppData\Local\{F27645E5-210A-42D2-ACCE-7C9413050200}
    2019-07-21 23:49 - 2019-07-21 23:49 - 000000000 ____D C:\Users\BC\AppData\Local\{C1431167-52BC-4722-9E7A-482A6766B7B6}
    2019-07-21 10:27 - 2019-07-21 10:27 - 000000000 ____D C:\Users\BC\AppData\Local\{323386B1-1C7A-4995-A482-8DA6C4C6B64C}
    2019-07-20 11:48 - 2019-07-20 11:48 - 000000000 ____D C:\Users\BC\AppData\Local\{D95F33B9-0E20-4777-A661-3D4CE83DAFCD}
    2019-07-19 23:37 - 2019-07-19 23:37 - 000000000 ____D C:\Users\BC\AppData\Local\{8932FC84-8A1D-4DDF-B19F-6800B5160413}
    2019-07-19 08:33 - 2019-07-19 08:34 - 000000000 ____D C:\Users\BC\AppData\Local\{D90911E1-9A7E-4093-8D7C-EF31F4DAB7D1}
    2019-07-17 23:44 - 2019-07-18 11:59 - 000000000 ____D C:\Users\BC\AppData\Local\{AA18ECD5-1435-4D80-98AB-04D979053EC5}
    2019-07-17 03:37 - 2019-07-17 03:37 - 000000000 ____D C:\Users\BC\AppData\Local\{5BECFEF4-C6B7-4166-B01E-579793F3885F}
    2019-07-16 13:47 - 2019-07-16 13:47 - 000000000 ____D C:\Users\BC\AppData\Local\{B0421F55-1D40-4D8E-BF82-6817F5D6110D}
    2019-07-16 00:33 - 2019-07-16 00:33 - 000000000 ____D C:\Users\BC\AppData\Local\{46DFC4F2-A317-4370-B855-7AF36FC27FAB}
    2019-07-15 11:55 - 2019-07-15 11:55 - 000000000 ____D C:\Users\BC\AppData\Local\{3B6EFEBB-12B7-4FBC-9C15-647E86276628}
    2019-07-14 23:54 - 2019-07-14 23:55 - 000000000 ____D C:\Users\BC\AppData\Local\{90334F24-0518-479C-B35D-3C6A75C5E22F}
    2019-07-14 11:46 - 2019-07-14 11:47 - 000000000 ____D C:\Users\BC\AppData\Local\{04E14441-0914-47A8-9730-F82CE9B5EEA1}
    2019-07-13 23:46 - 2019-07-13 23:46 - 000000000 ____D C:\Users\BC\AppData\Local\{EB947B7D-3B59-4068-8EA0-26FEF66878DA}
    2019-07-13 11:45 - 2019-07-13 11:45 - 000000000 ____D C:\Users\BC\AppData\Local\{24B40A9F-DE2B-4BA5-9076-873AEED72171}
    2019-07-12 23:38 - 2019-07-12 23:38 - 000000000 ____D C:\Users\BC\AppData\Local\{D30FE175-EE25-470D-92E6-5CA35393B580}
    2019-07-12 20:57 - 2019-07-14 21:46 - 000000000 ____D C:\Users\BC\Documents\Fullerton 1970s phone books
    2019-07-12 20:52 - 2019-07-12 20:52 - 000033890 _____ C:\Users\BC\Documents\2019 July lower rent 001.pdf
    2019-07-12 11:38 - 2019-07-12 11:38 - 000000000 ____D C:\Users\BC\AppData\Local\{59FFEAF8-512D-4194-BC82-E812D1703D22}
    2019-07-11 23:37 - 2019-07-11 23:38 - 000000000 ____D C:\Users\BC\AppData\Local\{79B0E985-A79D-477E-8080-897CCCB529D6}
    2019-07-11 11:37 - 2019-07-11 11:37 - 000000000 ____D C:\Users\BC\AppData\Local\{6D948754-9113-47E6-A7C8-300DE70CD39C}
    2019-07-10 23:32 - 2019-07-10 23:32 - 000000000 ____D C:\Users\BC\AppData\Local\{19911599-F901-457F-BF8F-B1754FBD3BCD}
    2019-07-10 00:29 - 2019-07-10 00:29 - 000012686 _____ C:\Users\BC\Desktop\USStorageCenters-MarinaDelRey_EmailReminder9thDayofthemonth_1182_20190709_781 (1).pdf
    2019-07-10 00:28 - 2019-07-10 00:28 - 000012686 _____ C:\Users\BC\Desktop\USStorageCenters-MarinaDelRey_EmailReminder9thDayofthemonth_1182_20190709_781.pdf
    2019-07-09 23:47 - 2019-07-09 23:47 - 000000000 ____D C:\Users\BC\AppData\Local\{C288B878-544C-452C-B8C1-91FE096D345D}
    2019-07-09 11:47 - 2019-07-09 11:47 - 000000000 ____D C:\Users\BC\AppData\Local\{F5B91738-1727-45E7-8C5E-66F48F244EDC}
    2019-07-08 23:47 - 2019-07-08 23:47 - 000000000 ____D C:\Users\BC\AppData\Local\{475E2094-7C8B-4D68-A568-8AE03A5A8729}
    2019-07-08 11:46 - 2019-07-08 11:47 - 000000000 ____D C:\Users\BC\AppData\Local\{0327549F-C73E-4DBE-B2A3-F337E31032B5}
    2019-07-07 22:27 - 2019-07-07 22:28 - 000000000 ____D C:\Users\BC\AppData\Local\{8221D07F-FEB6-4C84-A199-4C7325A8EEBE}
    2019-07-07 11:43 - 2019-07-07 11:43 - 000003584 _____ C:\Users\BC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2019-07-07 10:27 - 2019-07-07 10:27 - 000000000 ____D C:\Users\BC\AppData\Local\{0043B6CD-0D8D-47E7-8A36-0157406DC7F8}
    2019-07-03 22:25 - 2019-07-03 22:25 - 000000000 ____D C:\Users\BC\AppData\Local\{D3EF4CD7-379C-4F3B-8393-08811AD1B008}
    2019-07-03 10:25 - 2019-07-03 10:25 - 000000000 ____D C:\Users\BC\AppData\Local\{00C8BFE2-2EAF-4511-A22C-9F2C896A28C6}
    2019-07-02 18:56 - 2019-07-02 18:56 - 000000000 ____D C:\Users\BC\AppData\Local\{B4FBF1D8-7BA2-4F1C-8BD7-A51961019000}
    2019-07-02 13:23 - 2019-07-02 13:32 - 057417056 _____ C:\Users\BC\Desktop\VID_20190626_132439.mp4
    2019-07-02 06:55 - 2019-07-02 06:55 - 000000000 ____D C:\Users\BC\AppData\Local\{4E9D3998-D9B4-4FED-835D-528F6855E3C5}
    2019-07-01 19:01 - 2019-07-01 19:01 - 000071780 _____ C:\Users\BC\Documents\2019 July Upper rent 001.pdf
    2019-07-01 18:55 - 2019-07-01 18:55 - 000000000 ____D C:\Users\BC\AppData\Local\{870D8A72-7E87-4A78-A72F-F55A1BF524E8}
    2019-06-29 09:41 - 2019-06-29 09:41 - 000110430 _____ C:\Users\BC\Desktop\G751068.pdf
    2019-06-29 01:42 - 2019-06-29 01:42 - 000363440 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
    2019-06-29 01:42 - 2019-06-29 01:42 - 000225864 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw4193876821d4d5f1.tmp
    2019-06-29 01:42 - 2019-06-29 01:42 - 000169160 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswac7aab4c2d5a0416.tmp
    2019-06-29 01:35 - 2019-06-29 01:35 - 000000000 ____D C:\Users\BC\AppData\Local\{91302DF8-E93C-422A-8F4A-F9D567089FE0}
    2019-06-28 11:22 - 2019-06-28 11:23 - 000000000 ____D C:\Users\BC\AppData\Local\{029061B0-4461-48B2-B0AD-2A9E1C719655}
    2019-06-27 20:25 - 2019-06-27 20:25 - 000000000 ____D C:\Users\BC\AppData\Local\{4326ED14-5E08-465D-A44E-57ECFEA2DCE2}
    2019-06-27 08:24 - 2019-06-27 08:24 - 000000000 ____D C:\Users\BC\AppData\Local\{1B785832-CF92-4556-BAEB-65927C476E9E}

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-07-27 11:49 - 2009-07-13 19:34 - 000000438 _____ C:\Windows\win.ini
    2019-07-27 11:47 - 2009-07-13 21:45 - 000031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2019-07-27 11:47 - 2009-07-13 21:45 - 000031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2019-07-27 11:35 - 2009-07-13 22:13 - 000783400 _____ C:\Windows\system32\PerfStringBackup.INI
    2019-07-27 11:35 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
    2019-07-27 11:34 - 2019-06-16 02:28 - 000000000 ____D C:\Users\UpdatusUser\AppData\Local\CrashDumps
    2019-07-27 11:34 - 2018-08-27 12:26 - 001982198 _____ C:\Windows\system32\Data.INTEG.RAW
    2019-07-27 11:32 - 2019-06-16 02:24 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2019-07-27 11:31 - 2012-03-10 19:57 - 000000000 ____D C:\ProgramData\NVIDIA
    2019-07-27 11:29 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2019-07-27 10:23 - 2015-05-22 20:27 - 000000000 ____D C:\Users\BC\AppData\Roaming\MuseScore
    2019-07-26 10:48 - 2016-09-20 15:39 - 000000000 ____D C:\Users\BC\Documents\Water bill scans
    2019-07-25 09:43 - 2017-03-16 13:19 - 000387952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
    2019-07-24 15:55 - 2014-03-26 13:31 - 000000986 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2019-07-24 15:54 - 2019-06-21 16:18 - 000000000 ____D C:\Users\BC\Documents\Medical_Kaiser
    2019-07-22 19:41 - 2014-01-15 02:15 - 000000000 ____D C:\Users\BC\Documents\temp
    2019-07-22 11:34 - 2017-03-16 13:19 - 000004174 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
    2019-07-16 00:37 - 2012-03-10 20:10 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-07-15 15:17 - 2009-07-13 22:32 - 000000000 ____D C:\Windows\system32\FxsTmp
    2019-07-14 14:11 - 2017-03-14 20:49 - 000000000 ____D C:\Users\BC\AppData\Roaming\vlc
    2019-07-12 19:00 - 2018-12-24 00:58 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2019-07-12 19:00 - 2018-09-08 14:00 - 000003102 _____ C:\Windows\System32\Tasks\{B8D5221F-0F02-4939-A5F8-9BEBB7AC8E9F}
    2019-07-12 19:00 - 2018-09-08 13:59 - 000003092 _____ C:\Windows\System32\Tasks\{6819900C-8790-4D39-885D-993FDD4DCCA0}
    2019-07-12 19:00 - 2018-04-13 15:53 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
    2019-07-12 19:00 - 2017-05-04 17:53 - 000002958 _____ C:\Windows\System32\Tasks\{3446E710-91F1-42D3-B2EF-7F3D9822F106}
    2019-07-12 19:00 - 2017-05-04 17:52 - 000002958 _____ C:\Windows\System32\Tasks\{28978BC3-53D6-435A-A92D-4484D6EF0EC4}
    2019-07-12 19:00 - 2014-03-26 13:31 - 000002766 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2019-07-12 19:00 - 2012-03-17 15:54 - 000002836 _____ C:\Windows\System32\Tasks\DiskUpdate
    2019-07-12 19:00 - 2012-03-10 20:19 - 000003376 _____ C:\Windows\System32\Tasks\MCP
    2019-07-12 19:00 - 2012-03-10 20:10 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2019-07-12 19:00 - 2012-03-10 20:10 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2019-07-12 19:00 - 2012-03-10 20:00 - 000002958 _____ C:\Windows\System32\Tasks\PMTask
    2019-07-02 14:18 - 2014-01-15 02:15 - 000000000 ____D C:\Users\BC\Documents\TAX CEI
    2019-06-29 02:00 - 2014-01-15 02:15 - 000000000 ____D C:\Users\BC\Documents\TAX BC
    2019-06-29 01:42 - 2019-01-17 10:21 - 000263784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
    2019-06-29 01:42 - 2019-01-17 10:21 - 000206624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
    2019-06-29 01:42 - 2019-01-17 10:21 - 000061736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
    2019-06-29 01:42 - 2019-01-17 10:21 - 000037368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
    2019-06-29 01:42 - 2018-10-22 13:21 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
    2019-06-29 01:42 - 2017-11-28 01:04 - 000209304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
    2019-06-29 01:42 - 2017-03-16 13:19 - 001031048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
    2019-06-29 01:42 - 2017-03-16 13:19 - 000477336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
    2019-06-29 01:42 - 2017-03-16 13:19 - 000112568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
    2019-06-29 01:42 - 2017-03-16 13:19 - 000088208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys

    ==================== Files in the root of some directories ================

    2019-07-07 11:43 - 2019-07-07 11:43 - 000003584 _____ () C:\Users\BC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)


    LastRegBack: 2019-07-12 01:41
    ==================== End of FRST.txt ============================


    Addition results follow in 2nd posting.
     
  2. bgc

    bgc Established Techie7 Member

    Scan additional:



    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
    Ran by BC (27-07-2019 11:52:29)
    Running from C:\Users\BC\Desktop
    Windows 7 Professional Service Pack 1 (X64) (2012-03-17 22:54:06)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3430477350-3253428499-66189328-500 - Administrator - Disabled)
    BC (S-1-5-21-3430477350-3253428499-66189328-1001 - Administrator - Enabled) => C:\Users\BC
    Guest (S-1-5-21-3430477350-3253428499-66189328-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3430477350-3253428499-66189328-1003 - Limited - Enabled)
    UpdatusUser (S-1-5-21-3430477350-3253428499-66189328-1000 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG Antivirus (Disabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG Antivirus (Disabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    2013 Lacerte Tax (HKLM-x32\...\2013 Lacerte Tax) (Version: - Intuit Inc.)
    2013 Lacerte Tax Planner (HKLM-x32\...\2013 Lacerte Tax Planner) (Version: - Intuit Inc.)
    2014 Lacerte Tax (HKLM-x32\...\2014 Lacerte Tax) (Version: - Intuit Inc.)
    2014 Lacerte Tax Planner (HKLM-x32\...\2014 Lacerte Tax Planner) (Version: - Intuit Inc.)
    2016 Lacerte Tax (HKLM-x32\...\2016 Lacerte Tax) (Version: - Intuit Inc.)
    64 Bit HP CIO Components Installer (HKLM\...\{9F560BEB-021F-43AC-825F-AA60442D8DE4}) (Version: 1.0.0 - Hewlett-Packard) Hidden
    ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
    ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
    Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
    AIO_CDB_ProductContext (HKLM-x32\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    AIO_CDB_Software (HKLM-x32\...\{E09575B2-498D-4C8B-A9D2-623F78574F29}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    AIO_Scan (HKLM-x32\...\{0D2E9DCB-9938-475E-B4DD-8851738852FF}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    ATX 2014 (HKLM-x32\...\{BFB9811D-CA96-45E5-9242-9497D74B1548}) (Version: 14.6.0 - CCH Small Firm Services)
    ATX 2016 (HKLM-x32\...\{E59557AB-A1E2-4C43-8F52-E5FBD1332D12}) (Version: 16.6.0 - CCH Small Firm Services)
    ATX 2017 (HKLM-x32\...\{9E587DD8-8D07-4140-97BC-38BCD2BC307B}) (Version: 17.3.0 - CCH Small Firm Services)
    ATX Server 2014 (HKLM-x32\...\{80A2D786-E075-478B-BE44-4458F74A3DBE}) (Version: 14.5.0 - CCH Small Firm Services)
    ATX Server 2016 (HKLM-x32\...\{71272489-0F94-470B-B38F-446353340568}) (Version: 16.0.0 - CCH Small Firm Services)
    ATX Server 2017 (HKLM-x32\...\{968735CC-D34A-47BC-974B-0BEC9C82B92B}) (Version: 17.0.0 - CCH Small Firm Services)
    AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.6.3098 - AVG Technologies)
    Batch Thumbs 1.7 (HKLM-x32\...\Batch Thumbs 1.7) (Version: 1.7 - HarmWare)
    Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
    BufferChm (HKLM-x32\...\{BE77A81F-B315-4666-9BF3-AE70C0ADB057}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Burn.Now 4.5 (HKLM-x32\...\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Hidden
    Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.51.2 - Canon Inc.)
    Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.12.2.1 - Canon Inc.)
    Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
    Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.12.2.0 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
    Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.0 - Conexant)
    Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
    Corel DVD MovieFactory 7 (HKLM-x32\...\{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Hidden
    Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
    Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
    Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
    Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Direct DiscRecorder (HKLM-x32\...\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
    Direct DiscRecorder (HKLM-x32\...\InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
    Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
    Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
    Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
    Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
    Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version: - SEIKO EPSON Corporation)
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
    Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
    Fax (HKLM-x32\...\{7A7DC702-DEDE-42A8-8722-B3BA724D546F}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
    Go PlayAlong (HKLM-x32\...\{E8AD89F3-C2D9-80E0-94A7-8461F8967E93}) (Version: 2.93 - UNKNOWN) Hidden
    Go PlayAlong (HKLM-x32\...\com.goplayalong.41DF8ADAAE31CA841C48A6C358D6E3DCCEC38798.1) (Version: 2.93 - UNKNOWN)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    HP Deskjet 3000 J310 series Basic Device Software (HKLM\...\{C77B1ED4-A026-4E2F-8C91-184AEF5D1D87}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
    HP Deskjet 3000 J310 series Help (HKLM-x32\...\{654A65DA-7173-4B51-ACEB-F855201EE033}) (Version: 140.0.66.66 - Hewlett Packard)
    HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
    Image Resizer for Windows (64 bit) (HKLM\...\{617CA6E9-D5FB-4017-8130-82E68C56C34D}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
    Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
    Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
    Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
    Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version: - ) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
    Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
    Intuit PTG MachID (HKLM-x32\...\{24226917-7238-4477-8583-5BB632A89FC0}) (Version: 1.03.0000 - Intuit Inc)
    Intuit Runtime Components 6.0.16 (HKLM-x32\...\{6A3CAA8E-6DDB-4AA7-A411-9982FF9180FE}) (Version: 6.0.16 - Intuit Inc.)
    Intuit Runtime Components 8.0.92 (HKLM-x32\...\{901AFFCC-3992-4388-8D4B-414113ADE0E9}) (Version: 8.0.92 - Intuit, Inc.)
    Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
    Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Lacerte DMS (HKLM-x32\...\{5999E160-C1BC-4C32-B2A0-4CB22E71594D}) (Version: 11.1.0 - Intuit)
    Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
    Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
    Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
    Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
    Lenovo Solution Center (HKLM\...\{828CE72E-718B-4FDC-A469-8DE674CE8C4D}) (Version: 1.0.006.00 - Lenovo Group Limited)
    Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
    Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
    Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
    Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Message Center Plus (HKLM-x32\...\{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}) (Version: 3.0.0011.00 - Lenovo Group Limited)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MuseScore 2 (HKLM-x32\...\{703926DE-F24B-11E4-AA68-472FB664A5DC}) (Version: 2.0.1 - Werner Schweer and Others)
    NetLib Encryptionizer (HKLM\...\{FD0E376F-D30A-477C-AA84-2F4F5B51D713}) (Version: 1.00.0000 - CCH Small Firm Services)
    NVIDIA 3D Vision Driver 268.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.71 - NVIDIA Corporation)
    NVIDIA Graphics Driver 268.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.71 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
    On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.03 - )
    Quicken 2005 (HKLM-x32\...\{2DBE41DD-2129-4C65-A3D3-5647236A60F3}) (Version: 14.00.0000 - Intuit) Hidden
    Quicken 2005 (HKLM-x32\...\InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}) (Version: 14.00.0000 - Intuit)
    RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
    Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
    RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
    RogueKiller version 13.2.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.2.0 - Adlice Software)
    Scan (HKLM-x32\...\{1746EA69-DCB6-4408-B5A5-E75F55439CDF}) (Version: 8.1.0.0 - Hewlett-Packard) Hidden
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
    SwannView Link version 2.1.2.10 (HKLM-x32\...\{992EF7D5-3D70-5A7F-AFDC-8C946676BD5D}_is1) (Version: 2.1.2.10 - )
    System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
    TaxACT 2013 California Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2013 California Preparer's - 1040 Edition) (Version: - TaxACT, Inc.)
    TaxACT 2013 California Preparer's - 1120 Edition (HKLM-x32\...\TaxACT 2013 California Preparer's - 1120 Edition) (Version: - TaxACT, Inc.)
    TaxACT 2013 Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2013 Preparer's - 1040 Edition) (Version: - TaxACT, Inc.)
    TaxACT 2013 Preparer's - 1120 Edition (HKLM-x32\...\TaxACT 2013 Preparer's - 1120 Edition) (Version: - TaxACT, Inc.)
    TaxACT 2014 Preparer's - 1120 Edition (HKLM-x32\...\TaxACT 2014 Preparer's - 1120 Edition) (Version: 1.02 - TaxACT, Inc.)
    ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
    ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
    ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.61.00.11 - )
    ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
    ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.8.0 - )
    ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
    ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
    ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
    ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
    Toolbox (HKLM-x32\...\{C716522C-3731-4667-8579-40B098294500}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
    TurboTax Business 2012 (HKLM-x32\...\TurboTax Business 2012) (Version: 2012.0 - Intuit, Inc)
    UnloadSupport (HKLM-x32\...\{E06F04B9-45E6-4AC0-8083-85F7515F40F7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
    VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.2.140 - VeriSign)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    WebReg (HKLM-x32\...\{179C56A4-F57F-4561-8BBF-F911D26EB435}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
    Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
    Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel)
    Windows Driver Package - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
    Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
    Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
    Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2013-02-23] (Brice Lambson) [File not signed]
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-03-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2011-05-25] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
    WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
    WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

    ==================== Loaded Modules (Whitelisted) ==============

    2012-03-10 19:59 - 2011-08-31 11:03 - 000045568 ____N () [File not signed] C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
    2011-07-27 21:07 - 2011-07-27 21:07 - 001501696 _____ () [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2012-03-10 20:01 - 2010-04-06 10:05 - 002085888 _____ () [File not signed] C:\Program Files\Lenovo\AutoLock\cv210.dll
    2012-03-10 20:01 - 2010-04-06 10:04 - 002201088 _____ () [File not signed] C:\Program Files\Lenovo\AutoLock\cxcore210.dll
    2012-03-10 19:50 - 2011-01-16 18:19 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
    2007-03-13 03:23 - 2007-03-13 03:23 - 000442368 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll
    2007-03-13 03:23 - 2007-03-13 03:23 - 000135168 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll
    2007-03-13 03:23 - 2007-03-13 03:23 - 000225280 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll
    2007-03-13 03:23 - 2007-03-13 03:23 - 000184320 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll
    2007-03-13 03:23 - 2007-03-13 03:23 - 000131072 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll
    2006-11-08 17:38 - 2006-11-08 17:38 - 000069632 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
    2006-11-08 17:38 - 2006-11-08 17:38 - 000088064 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
    2012-03-10 19:50 - 2011-01-16 18:31 - 000015360 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\AMT_COM_InterfaceLib.dll
    2012-03-10 19:50 - 2011-01-16 18:20 - 000471040 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\AMT_SW_GUI.dll
    2012-03-10 19:50 - 2011-01-16 18:14 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
    2011-07-27 21:44 - 2011-07-27 21:44 - 001077248 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
    2011-07-27 21:46 - 2011-07-27 21:46 - 001045504 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll
    2011-07-27 21:46 - 2011-07-27 21:46 - 003719168 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll
    2011-07-27 21:46 - 2011-07-27 21:46 - 000841728 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IntStngs.dll
    2011-07-27 21:46 - 2011-07-27 21:46 - 000336896 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
    2011-07-27 21:51 - 2011-07-27 21:51 - 001278976 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\MurocApi.dll
    2011-07-27 21:44 - 2011-07-27 21:44 - 000177152 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
    2011-07-27 21:59 - 2011-07-27 21:59 - 002338816 _____ (Intel(R) Corporation) [File not signed] C:\Windows\System32\IWMSSvc.dll
    2011-07-26 00:18 - 2011-07-26 00:18 - 000028672 _____ (Lenovo Group Limited) [File not signed] C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    2008-04-11 12:54 - 2008-04-11 12:54 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\MSVCR71.dll
    2015-11-05 18:20 - 2015-11-05 18:20 - 000111616 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    2015-11-05 18:29 - 2015-11-05 18:29 - 000125952 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    2012-03-10 20:09 - 2012-03-10 20:09 - 001656320 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80.DLL
    2012-03-10 20:09 - 2012-03-10 20:09 - 001652736 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
    2012-03-10 20:09 - 2012-03-10 20:09 - 000047104 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_fc42961a63b5a82b\MFC80ENU.DLL
    2012-03-10 19:46 - 2008-10-30 16:24 - 000055808 _____ (Ricoh co.,Ltd.) [File not signed] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
    2005-01-13 11:47 - 2005-01-13 11:47 - 000049152 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
    2010-10-12 10:54 - 2010-10-12 10:54 - 000055808 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ScnMgr10.dll
    2010-11-19 12:06 - 2010-11-19 12:06 - 000112640 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
    2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
    2010-10-12 10:58 - 2010-10-12 10:58 - 000136704 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ScanEngine30.dll
    2016-02-23 19:20 - 2011-03-09 01:00 - 000085504 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\EbpD4Fax.dll
    2016-02-23 19:20 - 2011-03-09 01:00 - 000212992 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUADRFIL.dll
    2016-02-23 19:20 - 2011-03-09 01:00 - 000278528 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXCFG.dll
    2016-02-23 19:20 - 2011-03-09 01:00 - 000430080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXCSR.DLL
    2016-02-23 19:20 - 2011-03-09 01:00 - 000385024 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXLDB.dll
    2016-02-23 19:20 - 2011-03-09 01:00 - 000495616 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
    2016-02-23 19:20 - 2011-03-09 01:00 - 000856064 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
    2016-02-23 19:20 - 2011-03-09 01:00 - 000536576 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXTIF.dll
    2016-02-23 19:20 - 2011-03-09 01:00 - 000421888 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUIMGCDC.dll
    2016-02-23 19:20 - 2011-03-09 01:00 - 000262144 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FULEPP.dll
    2016-02-23 19:20 - 2011-03-09 01:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUSTMMSG.dll
    2016-02-23 19:20 - 2011-03-09 01:00 - 000303104 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUSVCCLT.dll
    2016-02-23 19:20 - 2011-03-09 01:00 - 000065536 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUUSBHLP.dll
    2016-02-23 19:20 - 2011-03-09 01:00 - 000249856 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUVERDLG.dll
    2016-02-23 19:20 - 2011-03-09 01:00 - 000065536 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUDEVCOM.dll
    2016-02-23 19:20 - 2011-03-09 01:00 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUDRVUTL.dll
    2016-02-23 19:20 - 2011-03-09 01:00 - 000335872 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUPRBDEV.dll
    2016-02-23 19:20 - 2011-03-09 01:00 - 000229376 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUSNMPUT.dll
    2016-02-23 19:20 - 2011-03-08 08:00 - 000081920 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
    2016-02-23 19:20 - 2011-03-08 08:00 - 000090112 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll
    2016-02-23 19:20 - 2011-03-08 08:00 - 000241664 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
    2016-02-23 19:20 - 2011-03-08 08:00 - 000106496 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXSTM.dll
    2016-02-23 19:20 - 2011-03-08 08:00 - 000022016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
    2016-02-23 19:20 - 2011-03-08 08:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
    2016-02-23 19:21 - 2010-09-13 16:00 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
    2016-02-23 19:21 - 2008-06-18 12:49 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enpres.dll
    2016-02-23 19:20 - 2011-03-08 08:00 - 000039936 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXGI09A.DLL
    2016-02-23 19:20 - 2011-03-08 08:00 - 000181248 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXMI09A.dll
    2016-02-23 19:20 - 2011-03-08 08:00 - 000228864 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXUI09A.DLL
    2016-02-23 19:20 - 2011-03-09 01:00 - 000786432 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENCM.dll
    2016-02-23 19:20 - 2011-03-09 01:00 - 000278528 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENNW.dll
    2016-02-23 19:20 - 2011-03-09 01:00 - 000299008 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENUTIL.dll
    2008-01-10 13:13 - 2008-01-10 13:13 - 000061440 _____ (Ulead Systems, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\hsaservicecenter.com -> hxxps://www.hsaservicecenter.com
    IE trusted site: HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\piriform.com -> hxxp://www.piriform.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:34 - 2018-12-03 07:20 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\ThinkPad\Bluetooth Software\;C:\Program Files\ThinkPad\Bluetooth Software\syswow64;C:\Program Files\Broadcom\WHL\;C:\Program Files\Broadcom\WHL\syswow64;C:\Program Files\Broadcom\WHL\SysWow64\;C:\Program Files\Broadcom\WHL\SysWow64\syswow64;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Lenovo;C:\Program Files (x86)\Windows Live\Shared;C:\SWTOOLS\ReadyApps;C:\Program Files (x86)\Intel\Services\IPT\;C:\Program Files (x86)\Symantec\VIP Access Client\;C:\Program Files (x86)\Common Files\Lenovo
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\BC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{AF721C4F-14F9-42B9-B256-E49F710F498A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{7E90317B-5058-4DC3-A966-D2F028BE8799}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{A604C6DC-EFA7-47A6-966F-8BD9D604415F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{AD2B08BF-E37D-4963-AB9A-87E8AC60DFE0}] => (Allow) LPort=2869
    FirewallRules: [{395E969A-02F7-4609-8318-5FBD5E497D8E}] => (Allow) LPort=1900
    FirewallRules: [{34063AD1-A6F5-4C5E-962A-F91B97B179BC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{C1FF7254-7440-4324-A330-21C73866FF9B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{1A7DCDD8-1484-4214-A2C2-A1B6E2605961}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe No File
    FirewallRules: [{ACE8B46C-222E-45E9-8544-0EC5AE0FE1C2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe No File
    FirewallRules: [{C3D252C6-3FCF-4D42-8B9A-7F34E64F2203}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe No File
    FirewallRules: [{EAF5BD83-469D-433B-AA46-000B237A826A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe No File
    FirewallRules: [{B3710FB3-1CCE-44CD-A093-33D11C423B4D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
    FirewallRules: [{2DA9FB56-DB82-4658-B40D-EA9E3CBEA71D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
    FirewallRules: [{71FB0B5D-04F5-45B3-A06F-6CAE4079D6AD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe No File
    FirewallRules: [{B26BBC24-5C35-47FD-8A7A-08DDA1774137}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe No File
    FirewallRules: [{E522FF1C-C258-444D-B860-82E6A563DFDC}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{62478CD9-394B-4A5B-AC25-A3B80E9115E4}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{557835A1-B93A-4F58-A0F4-9B85C9259139}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{A752A2E1-7370-41B0-8B7F-E1B8566768B4}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{4BE07C0C-6B31-41E8-B567-B44774DD1432}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{22AFF734-48CB-47A4-84F9-2A4B4AB6D04C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{5FC93890-A2FB-468F-8993-AFEEF46B6CE5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{4E641D80-43A9-4AF6-A2FA-83F2EAD10BFC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{E3E8B2E9-090C-4156-97AC-35A89EB00E60}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{5D442641-96C6-41F4-8E4C-D0629E59C152}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{3FCFA61F-FFD9-4D20-840C-648D5A261E70}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{6D1AE10F-1620-48F4-82F0-1A535603D87B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [TCP Query User{A161DDAF-13C2-45B4-A7E1-981232DB56E3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [UDP Query User{C71BB1F6-F001-4340-A26B-151F95988178}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{28A0D073-EE7B-4973-B12C-C8CA484E0F98}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> )
    FirewallRules: [{31936644-F06F-460A-A6FB-6BFD52503936}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> )
    FirewallRules: [{3D77FE30-B00B-4A7B-9078-8B3FC8CC09BF}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2014\ATX.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{6793F16C-D4F3-42E3-A10D-2BF96064C514}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2014\Sfs.Max.RolloverService.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{59AAEFB4-8963-4F09-B71C-FCDD36C5A7EB}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2014\Sfs.PrintProcess.exe No File
    FirewallRules: [{797170D6-C1C9-44C0-B01E-6EFF40DFEA3A}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.Serverhost.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{2E9EDB41-9521-4EBE-B689-2CF7DF458543}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.ServerHost.AdminConsole.exe No File
    FirewallRules: [{48B34730-174F-4F9B-9615-C0E325250D10}] => (Allow) LPort=60616
    FirewallRules: [{AE2F6E1F-DA6C-42B0-AA58-3A402BDE4581}] => (Allow) LPort=60617
    FirewallRules: [{00E4C4B3-E2D9-4592-B586-C3FA063C4CCD}] => (Allow) LPort=60618
    FirewallRules: [{5C18B589-A6EF-42C1-9A86-CCA691857163}] => (Allow) LPort=31300
    FirewallRules: [{8F18E7F9-30EA-4537-A9D9-E113AE187F80}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
    FirewallRules: [{13840B08-AD46-458C-A2B7-F5E80C41D8E3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
    FirewallRules: [TCP Query User{683E012B-FC81-4846-87D0-481207766E4E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    FirewallRules: [UDP Query User{C8DA6645-ED2E-44B0-8DE1-FC3BC2B5A785}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    FirewallRules: [TCP Query User{659D6D8E-E231-495A-A139-D4EC270A2E24}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    FirewallRules: [UDP Query User{C6712213-F0E2-4D67-A35B-0D6B0B42F317}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    FirewallRules: [{6EEAD4E8-F32E-4FBA-B838-0EB7B7E0627E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File
    FirewallRules: [{C194E06B-A313-42A0-A070-656682D4C2B6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File
    FirewallRules: [{330934E9-BEC1-4FC5-9064-53739B2BE2D7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File
    FirewallRules: [{736DB4C9-9137-4228-A82A-6464C0B7BB14}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File
    FirewallRules: [{A67079EA-A500-4C5E-9A57-2D70C0458389}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
    FirewallRules: [{89642E62-C989-4ADA-B560-3AF0B3C467FD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
    FirewallRules: [{3427D388-BF58-482B-8966-AC2ADD89BE94}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{BCE9A74B-0B82-4C83-BA20-1BBD7C5B241E}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [TCP Query User{7630D7BF-EC60-477E-B05E-3E0C7F314066}C:\program files (x86)\swannview link\mydvr.exe] => (Allow) C:\program files (x86)\swannview link\mydvr.exe () [File not signed]
    FirewallRules: [UDP Query User{A181AFCD-60AE-4AEF-8C11-C6A0E0A8A434}C:\program files (x86)\swannview link\mydvr.exe] => (Allow) C:\program files (x86)\swannview link\mydvr.exe () [File not signed]
    FirewallRules: [TCP Query User{90C4D7D6-081F-441E-A5DE-4ADFDD9A214D}C:\program files (x86)\swannview link\mydvr.exe] => (Block) C:\program files (x86)\swannview link\mydvr.exe () [File not signed]
    FirewallRules: [UDP Query User{3C96E279-FB38-49D3-AFE2-EB18CA9E89BB}C:\program files (x86)\swannview link\mydvr.exe] => (Block) C:\program files (x86)\swannview link\mydvr.exe () [File not signed]
    FirewallRules: [{3C16C0CA-F1F0-4C7B-B132-69461B59BB53}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2016\ATX.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{43087017-A1FD-4FED-B132-DDE3EA0DF6FA}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2016\Sfs.Max.RolloverService.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{58405E2F-C852-43DB-96AE-A177038F1C7D}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2016\Sfs.PrintProcess.exe No File
    FirewallRules: [{35B8892D-BEA8-4CB3-BB34-1D08EE84DCB4}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.Serverhost.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{9CCBB48E-D409-46C8-A28F-27ECBB981E18}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.ServerHost.AdminConsole.exe No File
    FirewallRules: [{E28D9FC6-FA29-40CE-BE14-45EED59AC7BC}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Slps.Distributor.Host.exe No File
    FirewallRules: [{F9884FCB-0AE9-4921-97CB-FBB85BC41007}] => (Allow) LPort=60636
    FirewallRules: [{C98C85AC-BA49-44B8-BD2E-D15E63CD5362}] => (Allow) LPort=60637
    FirewallRules: [{B3322F12-7863-4957-8CBB-113EB176BAE3}] => (Allow) LPort=60638
    FirewallRules: [{88FAD717-8463-4FAA-A776-43ED41039565}] => (Allow) LPort=31300
    FirewallRules: [{C901635A-E4CD-4743-9B08-58D257D6560F}] => (Allow) LPort=51525
    FirewallRules: [{3C06F917-A67D-49F4-A0E8-0AFE5DEAFC0D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
    FirewallRules: [{D8177785-4073-4C13-AD0D-C7B9A4525578}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
    FirewallRules: [{26996E63-CF87-4019-B5D2-D68668BE93E1}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2017\ATX.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{C94768CB-FBBE-4956-97D7-C6D5679339E5}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2017\Sfs.Max.RolloverService.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{0ADD4AA8-6EF5-43FB-A208-F66FF3FE2DEE}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2017\Sfs.PrintProcess.exe No File
    FirewallRules: [{22BB711E-90EF-46E3-B837-37061EDD0506}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.Serverhost.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{2EDFDDC0-0FC3-4E2B-9F69-8F59859CE700}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.ServerHost.AdminConsole.exe No File
    FirewallRules: [{DD3BFB8C-85D8-44C6-A7BB-B8625E5B353E}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Slps.Distributor.Host.exe No File
    FirewallRules: [{D6BD70C5-54D9-435C-B7CF-E880BA6A1AFE}] => (Allow) LPort=60646
    FirewallRules: [{356822D7-CEEE-42F7-9006-A0EAD0EBA83B}] => (Allow) LPort=60647
    FirewallRules: [{B655E8DD-B805-4044-88CA-02ABCBEC66CE}] => (Allow) LPort=60648
    FirewallRules: [{3D3D1FD6-0F0C-4CFC-8CDF-65B21D838C91}] => (Allow) LPort=31310
    FirewallRules: [{C07BEF02-12FF-4AB4-90DB-31BAC9847A21}] => (Allow) LPort=51535
    FirewallRules: [{DF18E8AA-D321-4156-95A4-06A47EDF57BB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

    18-06-2019 13:01:44 End of disinfection
    25-06-2019 19:38:13 Scheduled Checkpoint
    03-07-2019 17:35:30 Scheduled Checkpoint
    11-07-2019 14:56:37 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name: avgStm
    Description: avgStm
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: avgStm
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/27/2019 11:41:01 AM) (Source: ESENT) (EventID: 489) (User: )
    Description: taskhost (2964) An attempt to open the file "C:\Users\BC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (07/27/2019 11:35:15 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

    Error: (07/27/2019 11:34:57 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: daemonu.exe, version: 1.0.21.0, time stamp: 0x4ddd7c84
    Faulting module name: daemonu.exe, version: 1.0.21.0, time stamp: 0x4ddd7c84
    Exception code: 0xc000000d
    Fault offset: 0x0004ddc6
    Faulting process id: 0x1870
    Faulting application start time: 0x01d544a9f0884b98
    Faulting application path: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    Faulting module path: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    Report Id: 3b665297-b09d-11e9-87a6-f0def1d5a7ac

    Error: (07/27/2019 11:34:18 AM) (Source: ESENT) (EventID: 454) (User: )
    Description: Raven (3388) 2-cniZE-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery/restore failed with unexpected error -1216.

    Error: (07/27/2019 11:34:18 AM) (Source: ESENT) (EventID: 494) (User: )
    Description: Raven (3388) 2-cniZE-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery failed with error -1216 because it encountered references to a database, 'C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

    Error: (07/27/2019 11:33:09 AM) (Source: ESENT) (EventID: 454) (User: )
    Description: esentutl (3520) Database recovery/restore failed with unexpected error -1216.

    Error: (07/27/2019 11:33:09 AM) (Source: ESENT) (EventID: 494) (User: )
    Description: esentutl (3520) Database recovery failed with error -1216 because it encountered references to a database, 'C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

    Error: (07/27/2019 11:32:42 AM) (Source: ESENT) (EventID: 454) (User: )
    Description: Raven (3388) 1-IWapF-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery/restore failed with unexpected error -1216.


    System errors:
    =============
    Error: (07/27/2019 11:34:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).

    Error: (07/27/2019 11:29:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The AVG Antivirus service depends on the avgMonFlt service which failed to start because of the following error:
    The system cannot find the file specified.

    Error: (07/27/2019 11:29:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The avgStm service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (07/27/2019 11:29:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MBAMChameleon service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (07/27/2019 11:29:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The avgMonFlt service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (07/27/2019 11:29:58 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 11:28:25 AM on ‎7/‎27/‎2019 was unexpected.

    Error: (07/26/2019 10:10:57 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

    Error: (07/24/2019 03:12:39 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.


    CodeIntegrity:
    ===================================

    Date: 2016-08-21 17:59:51.008
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-21 17:59:50.968
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-21 17:59:50.928
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-21 17:59:50.878
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-21 17:59:50.808
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-21 02:54:00.146
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-21 02:54:00.083
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-21 02:53:59.699
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    BIOS: LENOVO 8AET56WW (1.36 ) 12/06/2011
    Motherboard: LENOVO 4239CTO
    Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
    Percentage of memory in use: 65%
    Total physical RAM: 6027.23 MB
    Available physical RAM: 2090.45 MB
    Total Virtual: 12052.66 MB
    Available Virtual: 7010.2 MB

    ==================== Drives ================================

    Drive c: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:330.37 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:4.7 GB) NTFS

    \\?\Volume{8b6c8d44-6b23-11e1-b4f9-806e6f6e6963}\ (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:1.13 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 9BCB5F28)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=448.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  3. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    This is nothing more than just scare tactics.
    If you didn't follow any instructions from that popup, you're fine.
    I don't see anything malicious there.