[Resolved] Laptop slow running, image files mysteriously moved

Hi,
Below is the 1st scans of my laptop that has been running slow, thought it was my ISP but, I think it is malware, etc. And, for some reason, a few months ago, 40,000 image files disappeared from their respective folders and were found in a folder that was designated for music. There were duplicates of originals and duplicates of duplicates and, I found some images that were not the same but, had the same name. I thought it was "operator error", not sure. I've been moving and reconstructing the image folders but, wanted to see if the scan showed anything and if so, is it possible to clean up without removing jpg's. I've also found "my Documents" and "My Pictures" duplicated but, have not yet checked the contents to see what they contain. Thanks

"Addition" is in 2nd post

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-06-2019 01
Ran by BC (administrator) on LENOVO_520 (LENOVO 4239CTO) (14-06-2019 13:44:26)
Running from C:\Users\BC\Desktop
Loaded Profiles: BC (Available Profiles: UpdatusUser & BC)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() R:\140066.enu\Office14\EXCELC.EXE
() R:\140066.enu\Office14\OffSpon.EXE
(ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(CCH Small Firm Services -> CCH Small Firm Services) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.ServerHost.exe
(CCH Small Firm Services -> CCH Small Firm Services) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.ServerHost.exe
(CCH Small Firm Services -> CCH Small Firm Services) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.ServerHost.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation - Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation - Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Lenovo Group Limited) [File not signed] C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo(Japan)Ltd. -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo(Japan)Ltd. -> Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation -> ) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Ricoh co.,Ltd.) [File not signed] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Symantec Corp -> Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Ulead Systems, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo(Japan)Ltd. -> Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] (Fortemedia Inc -> )
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant Systems, Inc. -> Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [309680 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) [File not signed]
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-16] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Leader Technologies Inc -> Lenovo, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION) [File not signed]
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-10] (Google Inc -> Google Inc.)
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\BC\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=0214c
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_0414b] => C:\Users\BC\AppData\Roaming\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=0414b
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_0814av] => C:\Users\BC\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=0814av
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_1114av] => C:\Users\BC\AppData\Roaming\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=1114av
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\BC\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=1214av
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\MountPoints2: {8b6c8d46-6b23-11e1-b4f9-806e6f6e6963} - Q:\LenovoQDrive.exe
HKLM\...\Drivers32: [msacm.ulmp3acm] => C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm [319488 2006-01-23] (Ulead systems) [File not signed]
HKLM\...\Drivers32: [msacm.mpegacm] => C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\mpegacm.acm [69632 2006-04-17] (Ulead Systems, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.dvacm] => C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm [32768 2008-05-16] (Ulead Systems, Inc.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.90\Installer\chrmstp.exe [2019-06-14] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\ThinkPad\Bluetooth Software\\BtwCP.dll [2010-12-18] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-05-31] (NVIDIA Corporation -> NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-05-31] (NVIDIA Corporation -> NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-03-10]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10F817E1-1B81-4D8D-B039-7A19D41D2791} - System32\Tasks\{28978BC3-53D6-435A-A92D-4484D6EF0EC4} => C:\Program Files (x86)\SwannView Link\MyDVR.exe [4674048 2015-09-30] () [File not signed]
Task: {38712038-053C-4F71-A94D-55C0BE845C34} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe [113512 2011-08-13] (Symantec Corporation -> Symantec Corporation)
Task: {40BB7FC8-BAF8-45FC-8027-3F110B03E818} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd)
Task: {4113EACF-D0D0-491B-B72C-1B02850AB25F} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [65336 2011-12-21] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
Task: {4420F5A1-A360-479F-AB95-038F780EB759} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [50544 2011-08-11] (Symantec Corporation -> Symantec Corporation)
Task: {4A8A4548-18E5-43F3-9E14-8BDA62DC8578} - System32\Tasks\{3446E710-91F1-42D3-B2EF-7F3D9822F106} => C:\Program Files (x86)\SwannView Link\MyDVR.exe [4674048 2015-09-30] () [File not signed]
Task: {51B8CF2E-82F3-484F-82F5-D17E54B5A1C8} - System32\Tasks\1015avUpdateInfo => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe
Task: {52061F86-5839-4D5C-95D8-F58E6B558E3E} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [542056 2011-08-31] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
Task: {5A24443B-929B-4E26-8E85-16FF7CB472FE} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [50544 2011-08-11] (Symantec Corporation -> Symantec Corporation)
Task: {62DEA9B7-4C49-4A0E-8F57-FCADFF6E2151} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2981808 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {B31E9EA6-82F6-4949-B1A6-11998EA0A3E6} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [65336 2011-12-21] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
Task: {B50FBCB2-9087-4979-B8FC-DF211A90F672} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {BF3E8C10-9EE0-4373-98F1-D587314C7A0B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {CFCB20F0-43B1-4270-AA00-CB124CE0DDE5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DCF1CA2F-853B-478A-8AA2-91D589110F28} - System32\Tasks\{B8D5221F-0F02-4939-A5F8-9BEBB7AC8E9F} => C:\Windows\system32\pcalua.exe -a "C:\Users\BC\Documents\G7PS\VersaCheck 2002\VCheck.exe"
Task: {E3D83C9B-3D73-4356-87F8-4576D57A5B3E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2400776 2019-06-14] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {E8603BA5-1730-4FBD-ADD3-309FD41F782C} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [6656 2009-02-09] () [File not signed]
Task: {F1482E8E-749F-4C52-B4CB-75E1CD7B0E3A} - System32\Tasks\{6819900C-8790-4D39-885D-993FDD4DCCA0} => C:\Windows\system32\pcalua.exe -a "C:\Users\BC\Documents\VersaCheck 2002\VCheck.exe"
Task: {FC660943-E989-4DF4-8C95-8790DD366632} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\1015avUpdateInfo.job => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{07631ECC-23A6-4F57-AFB0-2AFA483AD605}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DAF7FC41-BAD0-4F31-90A5-6CF3A19F3236}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3430477350-3253428499-66189328-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS577
SearchScopes: HKU\S-1-5-21-3430477350-3253428499-66189328-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS577
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2011-06-29] (Symantec Corp -> Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll [2011-08-11] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL [2011-07-25] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc -> Google Inc.)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2011-06-29] (Symantec Corp -> Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll [2011-08-11] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-3430477350-3253428499-66189328-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\197en489.default [2019-06-14]
FF Homepage: Mozilla\Firefox\Profiles\197en489.default -> hxxps://www.google.com/advanced_search
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn
FF Extension: (Norton Vulnerability Protection) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2012-03-17] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
FF Extension: (Norton Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2019-06-14] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2012-03-10] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll [2014-10-28] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll [2014-10-28] (Adobe Systems Incorporated -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-25] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-25] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default [2019-06-14]
CHR Extension: (Norton Security Toolbar) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2016-07-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-14]
CHR Profile: C:\Users\BC\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-08-21]
CHR Profile: C:\Users\BC\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-21]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Extensions\Chrome.crx [2012-03-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [409280 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [6858376 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo(Japan)Ltd. -> Lenovo.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation -> Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R2 Sfs.Server.2014; C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.ServerHost.exe [229264 2015-02-04] (CCH Small Firm Services -> CCH Small Firm Services)
R2 Sfs.Server.2016; C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.ServerHost.exe [234200 2016-10-08] (CCH Small Firm Services -> CCH Small Firm Services)
R2 Sfs.Server.2017; C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.ServerHost.exe [234208 2017-10-16] (CCH Small Firm Services -> CCH Small Firm Services)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-06-29] (Symantec Corp -> Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 5U877; C:\Windows\System32\DRIVERS\5U877.sys [166016 2011-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Ricoh co.,Ltd.)
R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37160 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [207496 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [263056 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [206408 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [61520 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42336 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [167920 2019-06-14] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [112360 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [87992 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1030832 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [477632 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [225656 2019-06-14] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [385904 2019-06-14] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys [1151096 2011-08-19] (Symantec Corporation -> Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation -> Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys [488568 2011-07-20] (Symantec Corporation -> Symantec Corporation)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12264384 2011-03-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS [117880 2011-08-09] (Symantec Corporation -> Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS [2048632 2011-08-09] (Symantec Corporation -> Symantec Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [8604672 2011-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R0 nlem64nt; C:\Windows\System32\Drivers\nlem64nt.sys [72808 2009-10-13] (Communication Horizons -> )
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
R2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [101888 2011-05-25] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation -> Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation -> Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation -> Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation -> Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-10] (Symantec Corporation -> Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation -> Symantec Corporation)
R3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation -> Symantec Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo (United States) Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-14 13:44 - 2019-06-14 13:45 - 000037727 _____ C:\Users\BC\Desktop\FRST.txt
2019-06-14 13:44 - 2019-06-14 13:44 - 000000000 ____D C:\FRST
2019-06-14 13:39 - 2019-06-14 13:40 - 002418688 _____ (Farbar) C:\Users\BC\Desktop\FRST64.exe
2019-06-14 12:16 - 2019-06-14 12:16 - 000019172 _____ C:\Users\BC\Documents\2019_6 rent lower 001.pdf
2019-06-14 01:15 - 2019-06-14 01:16 - 000000000 ____D C:\Users\BC\AppData\Local\{90E83776-237E-4DD2-9EE8-AD5137E311A3}
2019-06-11 09:57 - 2019-06-11 09:57 - 000000000 _____ C:\Windows\system32\TEMPDFRG193332.EDB
2019-06-11 09:57 - 2019-06-11 09:57 - 000000000 _____ C:\Windows\system32\TEMP193332.EDB
2019-06-11 09:55 - 2019-06-11 09:55 - 000000000 ____D C:\Users\BC\AppData\Local\{3913D24D-6012-44BD-B6E0-5193A2DF144C}
2019-06-10 21:55 - 2019-06-10 21:55 - 000000000 ____D C:\Users\BC\AppData\Local\{7E8A43DA-040D-433C-9F3D-BC177AD119B4}
2019-06-10 09:55 - 2019-06-10 09:55 - 000000000 ____D C:\Users\BC\AppData\Local\{65735E84-30E2-485A-BB42-1741F1B26D43}
2019-06-09 14:39 - 2019-06-09 14:39 - 000000000 _____ C:\Windows\system32\TEMPDFRG170120.EDB
2019-06-09 14:39 - 2019-06-09 14:39 - 000000000 _____ C:\Windows\system32\TEMP170120.EDB
2019-06-09 14:37 - 2019-06-09 14:37 - 000000000 ____D C:\Users\BC\AppData\Local\{544F93A6-A3D6-4848-BEBB-2AAD567E27B0}
2019-06-05 09:47 - 2019-06-05 09:47 - 000106076 _____ C:\Users\BC\Documents\2019_6 H2O bill 001.pdf
2019-06-05 02:10 - 2019-06-05 02:10 - 000063344 _____ C:\Users\BC\Documents\2019_6 upper 001.pdf
2019-06-05 01:59 - 2019-06-05 01:59 - 000000000 ____D C:\Users\BC\AppData\Local\{C5D008D9-E7D8-4309-A9E6-1BE5C24CB242}
2019-06-04 14:25 - 2019-06-04 14:10 - 000363440 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2019-06-04 13:58 - 2019-06-04 13:58 - 000000000 ____D C:\Users\BC\AppData\Local\{DFEEDB2F-CAC9-48F5-8E8A-88FD6B3D1CD7}
2019-05-23 19:34 - 2019-05-23 19:35 - 000000000 ____D C:\Users\BC\AppData\Local\{62C60094-8ACF-4179-A880-F9602C933533}
2019-05-22 15:38 - 2019-05-22 15:38 - 000000000 ____D C:\Users\BC\AppData\Local\{CF7D3CF3-B951-4DAD-B696-F77C4E2A3385}
2019-05-18 14:48 - 2019-05-18 14:48 - 000000000 ____D C:\Users\BC\AppData\Local\{E78AC36A-4C48-44DE-AE32-B2EDE59686DE}
2019-05-15 13:49 - 2019-05-15 13:49 - 000000000 ____D C:\Users\BC\AppData\Local\{6E6226C6-886F-44F3-9FEC-1A3509CCB42B}

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-14 13:43 - 2009-07-13 21:45 - 000031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-06-14 13:43 - 2009-07-13 21:45 - 000031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-06-14 12:00 - 2018-12-24 00:58 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2019-06-14 12:00 - 2018-09-08 14:00 - 000003102 _____ C:\Windows\System32\Tasks\{B8D5221F-0F02-4939-A5F8-9BEBB7AC8E9F}
2019-06-14 12:00 - 2018-09-08 13:59 - 000003092 _____ C:\Windows\System32\Tasks\{6819900C-8790-4D39-885D-993FDD4DCCA0}
2019-06-14 12:00 - 2018-04-13 15:53 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-06-14 12:00 - 2017-05-04 17:53 - 000002958 _____ C:\Windows\System32\Tasks\{3446E710-91F1-42D3-B2EF-7F3D9822F106}
2019-06-14 12:00 - 2017-05-04 17:52 - 000002958 _____ C:\Windows\System32\Tasks\{28978BC3-53D6-435A-A92D-4484D6EF0EC4}
2019-06-14 12:00 - 2017-03-16 13:19 - 000003916 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2019-06-14 12:00 - 2015-11-06 23:22 - 000002452 _____ C:\Windows\System32\Tasks\1015avUpdateInfo
2019-06-14 12:00 - 2015-11-06 23:22 - 000000338 _____ C:\Windows\Tasks\1015avUpdateInfo.job
2019-06-14 12:00 - 2014-03-26 13:31 - 000002766 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-06-14 12:00 - 2012-03-17 15:54 - 000002836 _____ C:\Windows\System32\Tasks\DiskUpdate
2019-06-14 12:00 - 2012-03-10 20:19 - 000003376 _____ C:\Windows\System32\Tasks\MCP
2019-06-14 12:00 - 2012-03-10 20:15 - 000003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2019-06-14 12:00 - 2012-03-10 20:10 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-06-14 12:00 - 2012-03-10 20:10 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-06-14 12:00 - 2012-03-10 20:00 - 000002958 _____ C:\Windows\System32\Tasks\PMTask
2019-06-14 11:36 - 2009-07-13 22:13 - 000783400 _____ C:\Windows\system32\PerfStringBackup.INI
2019-06-14 11:36 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2019-06-14 11:34 - 2009-07-13 19:34 - 000000438 _____ C:\Windows\win.ini
2019-06-14 11:30 - 2018-08-27 12:26 - 001696060 _____ C:\Windows\system32\Data.INTEG.RAW
2019-06-14 11:29 - 2017-03-16 13:19 - 000385904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2019-06-14 11:29 - 2017-03-16 13:19 - 000225656 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2019-06-14 11:29 - 2017-03-16 13:19 - 000167920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2019-06-14 11:29 - 2012-03-10 19:57 - 000000000 ____D C:\ProgramData\NVIDIA
2019-06-14 11:27 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-14 11:26 - 2014-03-26 13:31 - 000000000 ____D C:\Program Files\CCleaner
2019-06-14 11:26 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files\Windows Sidebar
2019-06-14 01:24 - 2012-03-10 20:10 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-10 12:32 - 2014-01-15 02:14 - 000000000 ____D C:\Users\BC\Documents\PLAYA HOUSE
2019-06-04 14:11 - 2018-10-22 13:21 - 000042336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2019-06-04 14:11 - 2017-03-16 13:19 - 000477632 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2019-06-04 14:11 - 2017-03-16 13:19 - 000112360 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2019-06-04 14:11 - 2017-03-16 13:19 - 000087992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2019-06-04 14:09 - 2019-01-17 10:21 - 000037160 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2019-06-04 14:09 - 2017-11-28 01:04 - 000207496 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2019-06-04 14:09 - 2017-03-16 13:19 - 001030832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2019-06-04 14:08 - 2019-01-17 10:21 - 000263056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2019-06-04 14:08 - 2019-01-17 10:21 - 000206408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2019-06-04 14:08 - 2019-01-17 10:21 - 000061520 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2019-05-22 18:09 - 2014-01-15 02:15 - 000000000 ____D C:\Users\BC\Documents\temp

==================== Files in the root of some directories ================

2014-03-02 20:14 - 2014-03-02 20:14 - 000033134 _____ () C:\Users\BC\AppData\Roaming\UserTile.png
2017-11-02 12:10 - 2017-11-02 12:10 - 000000000 _____ () C:\Users\BC\AppData\Local\{7EC7DD7F-BA7C-4DF5-BB00-96E35EB4DD45}
2018-01-18 15:03 - 2018-01-18 15:03 - 000000000 _____ () C:\Users\BC\AppData\Local\{EF312064-5AA6-48C6-937B-40545899A983}

==================== FLock ================

2019-06-09 20:23 C:\System Volume Information

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-06-04 21:55
==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2019 01
Ran by BC (14-06-2019 13:45:59)
Running from C:\Users\BC\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-03-17 22:54:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3430477350-3253428499-66189328-500 - Administrator - Disabled)
BC (S-1-5-21-3430477350-3253428499-66189328-1001 - Administrator - Enabled) => C:\Users\BC
Guest (S-1-5-21-3430477350-3253428499-66189328-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3430477350-3253428499-66189328-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-3430477350-3253428499-66189328-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2013 Lacerte Tax (HKLM-x32\...\2013 Lacerte Tax) (Version: - Intuit Inc.)
2013 Lacerte Tax Planner (HKLM-x32\...\2013 Lacerte Tax Planner) (Version: - Intuit Inc.)
2014 Lacerte Tax (HKLM-x32\...\2014 Lacerte Tax) (Version: - Intuit Inc.)
2014 Lacerte Tax Planner (HKLM-x32\...\2014 Lacerte Tax Planner) (Version: - Intuit Inc.)
2016 Lacerte Tax (HKLM-x32\...\2016 Lacerte Tax) (Version: - Intuit Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{9F560BEB-021F-43AC-825F-AA60442D8DE4}) (Version: 1.0.0 - Hewlett-Packard) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (HKLM-x32\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM-x32\...\{E09575B2-498D-4C8B-A9D2-623F78574F29}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{0D2E9DCB-9938-475E-B4DD-8851738852FF}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
ATX 2014 (HKLM-x32\...\{BFB9811D-CA96-45E5-9242-9497D74B1548}) (Version: 14.6.0 - CCH Small Firm Services)
ATX 2016 (HKLM-x32\...\{E59557AB-A1E2-4C43-8F52-E5FBD1332D12}) (Version: 16.6.0 - CCH Small Firm Services)
ATX 2017 (HKLM-x32\...\{9E587DD8-8D07-4140-97BC-38BCD2BC307B}) (Version: 17.3.0 - CCH Small Firm Services)
ATX Server 2014 (HKLM-x32\...\{80A2D786-E075-478B-BE44-4458F74A3DBE}) (Version: 14.5.0 - CCH Small Firm Services)
ATX Server 2016 (HKLM-x32\...\{71272489-0F94-470B-B38F-446353340568}) (Version: 16.0.0 - CCH Small Firm Services)
ATX Server 2017 (HKLM-x32\...\{968735CC-D34A-47BC-974B-0BEC9C82B92B}) (Version: 17.0.0 - CCH Small Firm Services)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.5.3093 - AVG Technologies)
Batch Thumbs 1.7 (HKLM-x32\...\Batch Thumbs 1.7) (Version: 1.7 - HarmWare)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
BufferChm (HKLM-x32\...\{BE77A81F-B315-4666-9BF3-AE70C0ADB057}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Burn.Now 4.5 (HKLM-x32\...\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Hidden
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.51.2 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.12.2.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.12.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.0 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (HKLM-x32\...\{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (HKLM-x32\...\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Direct DiscRecorder (HKLM-x32\...\InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Fax (HKLM-x32\...\{7A7DC702-DEDE-42A8-8722-B3BA724D546F}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
Go PlayAlong (HKLM-x32\...\{E8AD89F3-C2D9-80E0-94A7-8461F8967E93}) (Version: 2.93 - UNKNOWN) Hidden
Go PlayAlong (HKLM-x32\...\com.goplayalong.41DF8ADAAE31CA841C48A6C358D6E3DCCEC38798.1) (Version: 2.93 - UNKNOWN)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.90 - Google LLC)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 3000 J310 series Basic Device Software (HKLM\...\{C77B1ED4-A026-4E2F-8C91-184AEF5D1D87}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3000 J310 series Help (HKLM-x32\...\{654A65DA-7173-4B51-ACEB-F855201EE033}) (Version: 140.0.66.66 - Hewlett Packard)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
Image Resizer for Windows (64 bit) (HKLM\...\{617CA6E9-D5FB-4017-8130-82E68C56C34D}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intuit PTG MachID (HKLM-x32\...\{24226917-7238-4477-8583-5BB632A89FC0}) (Version: 1.03.0000 - Intuit Inc)
Intuit Runtime Components 6.0.16 (HKLM-x32\...\{6A3CAA8E-6DDB-4AA7-A411-9982FF9180FE}) (Version: 6.0.16 - Intuit Inc.)
Intuit Runtime Components 8.0.92 (HKLM-x32\...\{901AFFCC-3992-4388-8D4B-414113ADE0E9}) (Version: 8.0.92 - Intuit, Inc.)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lacerte DMS (HKLM-x32\...\{5999E160-C1BC-4C32-B2A0-4CB22E71594D}) (Version: 11.1.0 - Intuit)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Solution Center (HKLM\...\{828CE72E-718B-4FDC-A469-8DE674CE8C4D}) (Version: 1.0.006.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}) (Version: 3.0.0011.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{703926DE-F24B-11E4-AA68-472FB664A5DC}) (Version: 2.0.1 - Werner Schweer and Others)
NetLib Encryptionizer (HKLM\...\{FD0E376F-D30A-477C-AA84-2F4F5B51D713}) (Version: 1.00.0000 - CCH Small Firm Services)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.1.0.28 - Symantec Corporation)
NVIDIA 3D Vision Driver 268.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.71 - NVIDIA Corporation)
NVIDIA Graphics Driver 268.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.03 - )
Quicken 2005 (HKLM-x32\...\{2DBE41DD-2129-4C65-A3D3-5647236A60F3}) (Version: 14.00.0000 - Intuit) Hidden
Quicken 2005 (HKLM-x32\...\InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}) (Version: 14.00.0000 - Intuit)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scan (HKLM-x32\...\{1746EA69-DCB6-4408-B5A5-E75F55439CDF}) (Version: 8.1.0.0 - Hewlett-Packard) Hidden
SwannView Link version 2.1.2.10 (HKLM-x32\...\{992EF7D5-3D70-5A7F-AFDC-8C946676BD5D}_is1) (Version: 2.1.2.10 - )
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
TaxACT 2013 California Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2013 California Preparer's - 1040 Edition) (Version: - TaxACT, Inc.)
TaxACT 2013 California Preparer's - 1120 Edition (HKLM-x32\...\TaxACT 2013 California Preparer's - 1120 Edition) (Version: - TaxACT, Inc.)
TaxACT 2013 Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2013 Preparer's - 1040 Edition) (Version: - TaxACT, Inc.)
TaxACT 2013 Preparer's - 1120 Edition (HKLM-x32\...\TaxACT 2013 Preparer's - 1120 Edition) (Version: - TaxACT, Inc.)
TaxACT 2014 Preparer's - 1120 Edition (HKLM-x32\...\TaxACT 2014 Preparer's - 1120 Edition) (Version: 1.02 - TaxACT, Inc.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.61.00.11 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.8.0 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
Toolbox (HKLM-x32\...\{C716522C-3731-4667-8579-40B098294500}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax Business 2012 (HKLM-x32\...\TurboTax Business 2012) (Version: 2012.0 - Intuit, Inc)
UnloadSupport (HKLM-x32\...\{E06F04B9-45E6-4AC0-8083-85F7515F40F7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.2.140 - VeriSign)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebReg (HKLM-x32\...\{179C56A4-F57F-4561-8BBF-F911D26EB435}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2013-02-23] (Brice Lambson) [File not signed]
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\19.1.0.28\NavShExt.dll [2011-08-13] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\19.1.0.28\NavShExt.dll [2011-08-13] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-03-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2011-05-25] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\19.1.0.28\NavShExt.dll [2011-08-13] (Symantec Corporation -> Symantec Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2009-02-27 12:52 - 2009-02-27 12:52 - 000258048 _____ () [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll
2012-03-10 19:59 - 2011-08-31 11:03 - 000045568 ____N () [File not signed] C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2011-07-27 21:07 - 2011-07-27 21:07 - 001501696 _____ () [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-03-10 20:01 - 2010-04-06 10:05 - 002085888 _____ () [File not signed] C:\Program Files\Lenovo\AutoLock\cv210.dll
2012-03-10 20:01 - 2010-04-06 10:04 - 002201088 _____ () [File not signed] C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2011-06-07 18:16 - 2011-06-07 18:16 - 000784384 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll
2013-05-08 12:49 - 2013-05-08 12:49 - 005714944 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll
2009-02-27 16:35 - 2009-02-27 16:35 - 000102400 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIB.dll
2009-02-27 12:59 - 2009-02-27 12:59 - 000153088 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIBUtils.dll
2013-05-08 13:54 - 2013-05-08 13:54 - 002441216 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\CoolType.dll
2013-05-08 12:48 - 2013-05-08 12:48 - 004863075 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api
2013-05-08 12:47 - 2013-05-08 12:47 - 001526883 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.api
2013-05-08 12:59 - 2013-05-08 12:59 - 000231523 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api
2012-03-10 19:50 - 2011-01-16 18:19 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2013-02-23 11:47 - 2013-02-23 11:47 - 000166400 _____ (Brice Lambson) [File not signed] C:\Program Files\Image Resizer for Windows\ShellExtensions.dll
2007-03-13 03:23 - 2007-03-13 03:23 - 000442368 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll
2007-03-13 03:23 - 2007-03-13 03:23 - 000135168 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll
2007-03-13 03:23 - 2007-03-13 03:23 - 000225280 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll
2007-03-13 03:23 - 2007-03-13 03:23 - 000184320 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll
2007-03-13 03:23 - 2007-03-13 03:23 - 000131072 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll
2006-11-08 17:38 - 2006-11-08 17:38 - 000069632 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2006-11-08 17:38 - 2006-11-08 17:38 - 000088064 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2012-03-10 19:50 - 2011-01-16 18:31 - 000015360 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\AMT_COM_InterfaceLib.dll
2012-03-10 19:50 - 2011-01-16 18:20 - 000471040 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\AMT_SW_GUI.dll
2012-03-10 19:50 - 2011-01-16 18:14 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2011-07-27 21:44 - 2011-07-27 21:44 - 001077248 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
2011-07-27 21:46 - 2011-07-27 21:46 - 001045504 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll
2011-07-27 21:46 - 2011-07-27 21:46 - 003719168 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll
2011-07-27 21:46 - 2011-07-27 21:46 - 000841728 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IntStngs.dll
2011-07-27 21:46 - 2011-07-27 21:46 - 000336896 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2011-07-27 21:51 - 2011-07-27 21:51 - 001278976 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\MurocApi.dll
2011-07-27 21:44 - 2011-07-27 21:44 - 000177152 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
2011-07-27 21:59 - 2011-07-27 21:59 - 002338816 _____ (Intel(R) Corporation) [File not signed] C:\Windows\System32\IWMSSvc.dll
2011-07-26 00:18 - 2011-07-26 00:18 - 000028672 _____ (Lenovo Group Limited) [File not signed] C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2008-04-11 12:54 - 2008-04-11 12:54 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\MSVCR71.dll
2015-11-05 18:20 - 2015-11-05 18:20 - 000111616 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2015-11-05 18:29 - 2015-11-05 18:29 - 000125952 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2012-03-10 20:09 - 2012-03-10 20:09 - 001656320 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80.DLL
2012-03-10 20:09 - 2012-03-10 20:09 - 001652736 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
2012-03-10 20:09 - 2012-03-10 20:09 - 000047104 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_fc42961a63b5a82b\MFC80ENU.DLL
2012-03-10 19:46 - 2008-10-30 16:24 - 000055808 _____ (Ricoh co.,Ltd.) [File not signed] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
2005-01-13 11:47 - 2005-01-13 11:47 - 000049152 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
2010-10-12 10:54 - 2010-10-12 10:54 - 000055808 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ScnMgr10.dll
2010-11-19 12:06 - 2010-11-19 12:06 - 000112640 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2010-10-12 10:58 - 2010-10-12 10:58 - 000136704 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ScanEngine30.dll
2016-02-23 19:20 - 2011-03-09 01:00 - 000085504 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\EbpD4Fax.dll
2016-02-23 19:20 - 2011-03-09 01:00 - 000212992 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUADRFIL.dll
2016-02-23 19:20 - 2011-03-09 01:00 - 000278528 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXCFG.dll
2016-02-23 19:20 - 2011-03-09 01:00 - 000430080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXCSR.DLL
2016-02-23 19:20 - 2011-03-09 01:00 - 000385024 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXLDB.dll
2016-02-23 19:20 - 2011-03-09 01:00 - 000495616 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
2016-02-23 19:20 - 2011-03-09 01:00 - 000856064 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
2016-02-23 19:20 - 2011-03-09 01:00 - 000536576 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXTIF.dll
2016-02-23 19:20 - 2011-03-09 01:00 - 000421888 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUIMGCDC.dll
2016-02-23 19:20 - 2011-03-09 01:00 - 000262144 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FULEPP.dll
2016-02-23 19:20 - 2011-03-09 01:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUSTMMSG.dll
2016-02-23 19:20 - 2011-03-09 01:00 - 000303104 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUSVCCLT.dll
2016-02-23 19:20 - 2011-03-09 01:00 - 000065536 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUUSBHLP.dll
2016-02-23 19:20 - 2011-03-09 01:00 - 000249856 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUVERDLG.dll
2016-02-23 19:20 - 2011-03-09 01:00 - 000065536 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUDEVCOM.dll
2016-02-23 19:20 - 2011-03-09 01:00 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUDRVUTL.dll
2016-02-23 19:20 - 2011-03-09 01:00 - 000335872 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUPRBDEV.dll
2016-02-23 19:20 - 2011-03-09 01:00 - 000229376 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUSNMPUT.dll
2016-02-23 19:20 - 2011-03-08 08:00 - 000081920 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
2016-02-23 19:20 - 2011-03-08 08:00 - 000090112 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll
2016-02-23 19:20 - 2011-03-08 08:00 - 000241664 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
2016-02-23 19:20 - 2011-03-08 08:00 - 000106496 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXSTM.dll
2016-02-23 19:20 - 2011-03-08 08:00 - 000022016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
2016-02-23 19:20 - 2011-03-08 08:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
2016-02-23 19:21 - 2010-09-13 16:00 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
2016-02-23 19:21 - 2008-06-18 12:49 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enpres.dll
2016-02-23 19:20 - 2011-03-08 08:00 - 000039936 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXGI09A.DLL
2016-02-23 19:20 - 2011-03-08 08:00 - 000181248 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXMI09A.dll
2016-02-23 19:20 - 2011-03-08 08:00 - 000228864 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXUI09A.DLL
2016-02-23 19:20 - 2011-03-09 01:00 - 000786432 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENCM.dll
2016-02-23 19:20 - 2011-03-09 01:00 - 000278528 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENNW.dll
2016-02-23 19:20 - 2011-03-09 01:00 - 000299008 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENUTIL.dll
2008-01-10 13:13 - 2008-01-10 13:13 - 000061440 _____ (Ulead Systems, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\hsaservicecenter.com -> hxxps://www.hsaservicecenter.com
IE trusted site: HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\piriform.com -> hxxp://www.piriform.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2018-12-03 07:20 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\ThinkPad\Bluetooth Software\;C:\Program Files\ThinkPad\Bluetooth Software\syswow64;C:\Program Files\Broadcom\WHL\;C:\Program Files\Broadcom\WHL\syswow64;C:\Program Files\Broadcom\WHL\SysWow64\;C:\Program Files\Broadcom\WHL\SysWow64\syswow64;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Lenovo;C:\Program Files (x86)\Windows Live\Shared;C:\SWTOOLS\ReadyApps;C:\Program Files (x86)\Intel\Services\IPT\;C:\Program Files (x86)\Symantec\VIP Access Client\;C:\Program Files (x86)\Common Files\Lenovo
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\BC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AF721C4F-14F9-42B9-B256-E49F710F498A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7E90317B-5058-4DC3-A966-D2F028BE8799}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A604C6DC-EFA7-47A6-966F-8BD9D604415F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AD2B08BF-E37D-4963-AB9A-87E8AC60DFE0}] => (Allow) LPort=2869
FirewallRules: [{395E969A-02F7-4609-8318-5FBD5E497D8E}] => (Allow) LPort=1900
FirewallRules: [{34063AD1-A6F5-4C5E-962A-F91B97B179BC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C1FF7254-7440-4324-A330-21C73866FF9B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1A7DCDD8-1484-4214-A2C2-A1B6E2605961}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe No File
FirewallRules: [{ACE8B46C-222E-45E9-8544-0EC5AE0FE1C2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe No File
FirewallRules: [{C3D252C6-3FCF-4D42-8B9A-7F34E64F2203}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe No File
FirewallRules: [{EAF5BD83-469D-433B-AA46-000B237A826A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe No File
FirewallRules: [{B3710FB3-1CCE-44CD-A093-33D11C423B4D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{2DA9FB56-DB82-4658-B40D-EA9E3CBEA71D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{71FB0B5D-04F5-45B3-A06F-6CAE4079D6AD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe No File
FirewallRules: [{B26BBC24-5C35-47FD-8A7A-08DDA1774137}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe No File
FirewallRules: [{E522FF1C-C258-444D-B860-82E6A563DFDC}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{62478CD9-394B-4A5B-AC25-A3B80E9115E4}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{557835A1-B93A-4F58-A0F4-9B85C9259139}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{A752A2E1-7370-41B0-8B7F-E1B8566768B4}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{4BE07C0C-6B31-41E8-B567-B44774DD1432}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{22AFF734-48CB-47A4-84F9-2A4B4AB6D04C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{5FC93890-A2FB-468F-8993-AFEEF46B6CE5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{4E641D80-43A9-4AF6-A2FA-83F2EAD10BFC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{E3E8B2E9-090C-4156-97AC-35A89EB00E60}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{5D442641-96C6-41F4-8E4C-D0629E59C152}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{3FCFA61F-FFD9-4D20-840C-648D5A261E70}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6D1AE10F-1620-48F4-82F0-1A535603D87B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{A161DDAF-13C2-45B4-A7E1-981232DB56E3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{C71BB1F6-F001-4340-A26B-151F95988178}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{28A0D073-EE7B-4973-B12C-C8CA484E0F98}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> )
FirewallRules: [{31936644-F06F-460A-A6FB-6BFD52503936}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> )
FirewallRules: [{3D77FE30-B00B-4A7B-9078-8B3FC8CC09BF}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2014\ATX.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{6793F16C-D4F3-42E3-A10D-2BF96064C514}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2014\Sfs.Max.RolloverService.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{59AAEFB4-8963-4F09-B71C-FCDD36C5A7EB}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2014\Sfs.PrintProcess.exe No File
FirewallRules: [{797170D6-C1C9-44C0-B01E-6EFF40DFEA3A}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.Serverhost.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{2E9EDB41-9521-4EBE-B689-2CF7DF458543}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.ServerHost.AdminConsole.exe No File
FirewallRules: [{48B34730-174F-4F9B-9615-C0E325250D10}] => (Allow) LPort=60616
FirewallRules: [{AE2F6E1F-DA6C-42B0-AA58-3A402BDE4581}] => (Allow) LPort=60617
FirewallRules: [{00E4C4B3-E2D9-4592-B586-C3FA063C4CCD}] => (Allow) LPort=60618
FirewallRules: [{5C18B589-A6EF-42C1-9A86-CCA691857163}] => (Allow) LPort=31300
FirewallRules: [{8F18E7F9-30EA-4537-A9D9-E113AE187F80}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [{13840B08-AD46-458C-A2B7-F5E80C41D8E3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [TCP Query User{683E012B-FC81-4846-87D0-481207766E4E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{C8DA6645-ED2E-44B0-8DE1-FC3BC2B5A785}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{659D6D8E-E231-495A-A139-D4EC270A2E24}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{C6712213-F0E2-4D67-A35B-0D6B0B42F317}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{6EEAD4E8-F32E-4FBA-B838-0EB7B7E0627E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File
FirewallRules: [{C194E06B-A313-42A0-A070-656682D4C2B6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File
FirewallRules: [{330934E9-BEC1-4FC5-9064-53739B2BE2D7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File
FirewallRules: [{736DB4C9-9137-4228-A82A-6464C0B7BB14}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File
FirewallRules: [{A67079EA-A500-4C5E-9A57-2D70C0458389}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
FirewallRules: [{89642E62-C989-4ADA-B560-3AF0B3C467FD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
FirewallRules: [{3427D388-BF58-482B-8966-AC2ADD89BE94}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{BCE9A74B-0B82-4C83-BA20-1BBD7C5B241E}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [TCP Query User{7630D7BF-EC60-477E-B05E-3E0C7F314066}C:\program files (x86)\swannview link\mydvr.exe] => (Allow) C:\program files (x86)\swannview link\mydvr.exe () [File not signed]
FirewallRules: [UDP Query User{A181AFCD-60AE-4AEF-8C11-C6A0E0A8A434}C:\program files (x86)\swannview link\mydvr.exe] => (Allow) C:\program files (x86)\swannview link\mydvr.exe () [File not signed]
FirewallRules: [TCP Query User{90C4D7D6-081F-441E-A5DE-4ADFDD9A214D}C:\program files (x86)\swannview link\mydvr.exe] => (Block) C:\program files (x86)\swannview link\mydvr.exe () [File not signed]
FirewallRules: [UDP Query User{3C96E279-FB38-49D3-AFE2-EB18CA9E89BB}C:\program files (x86)\swannview link\mydvr.exe] => (Block) C:\program files (x86)\swannview link\mydvr.exe () [File not signed]
FirewallRules: [{3C16C0CA-F1F0-4C7B-B132-69461B59BB53}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2016\ATX.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{43087017-A1FD-4FED-B132-DDE3EA0DF6FA}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2016\Sfs.Max.RolloverService.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{58405E2F-C852-43DB-96AE-A177038F1C7D}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2016\Sfs.PrintProcess.exe No File
FirewallRules: [{35B8892D-BEA8-4CB3-BB34-1D08EE84DCB4}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.Serverhost.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{9CCBB48E-D409-46C8-A28F-27ECBB981E18}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.ServerHost.AdminConsole.exe No File
FirewallRules: [{E28D9FC6-FA29-40CE-BE14-45EED59AC7BC}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Slps.Distributor.Host.exe No File
FirewallRules: [{F9884FCB-0AE9-4921-97CB-FBB85BC41007}] => (Allow) LPort=60636
FirewallRules: [{C98C85AC-BA49-44B8-BD2E-D15E63CD5362}] => (Allow) LPort=60637
FirewallRules: [{B3322F12-7863-4957-8CBB-113EB176BAE3}] => (Allow) LPort=60638
FirewallRules: [{88FAD717-8463-4FAA-A776-43ED41039565}] => (Allow) LPort=31300
FirewallRules: [{C901635A-E4CD-4743-9B08-58D257D6560F}] => (Allow) LPort=51525
FirewallRules: [{3C06F917-A67D-49F4-A0E8-0AFE5DEAFC0D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{D8177785-4073-4C13-AD0D-C7B9A4525578}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{26996E63-CF87-4019-B5D2-D68668BE93E1}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2017\ATX.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{C94768CB-FBBE-4956-97D7-C6D5679339E5}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2017\Sfs.Max.RolloverService.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{0ADD4AA8-6EF5-43FB-A208-F66FF3FE2DEE}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2017\Sfs.PrintProcess.exe No File
FirewallRules: [{22BB711E-90EF-46E3-B837-37061EDD0506}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.Serverhost.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{2EDFDDC0-0FC3-4E2B-9F69-8F59859CE700}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.ServerHost.AdminConsole.exe No File
FirewallRules: [{DD3BFB8C-85D8-44C6-A7BB-B8625E5B353E}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Slps.Distributor.Host.exe No File
FirewallRules: [{D6BD70C5-54D9-435C-B7CF-E880BA6A1AFE}] => (Allow) LPort=60646
FirewallRules: [{356822D7-CEEE-42F7-9006-A0EAD0EBA83B}] => (Allow) LPort=60647
FirewallRules: [{B655E8DD-B805-4044-88CA-02ABCBEC66CE}] => (Allow) LPort=60648
FirewallRules: [{3D3D1FD6-0F0C-4CFC-8CDF-65B21D838C91}] => (Allow) LPort=31310
FirewallRules: [{C07BEF02-12FF-4AB4-90DB-31BAC9847A21}] => (Allow) LPort=51535
FirewallRules: [{DF18E8AA-D321-4156-95A4-06A47EDF57BB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

19-04-2019 23:18:58 Scheduled Checkpoint
28-04-2019 18:43:44 Scheduled Checkpoint
06-05-2019 01:09:48 Scheduled Checkpoint
18-05-2019 17:12:49 Scheduled Checkpoint
04-06-2019 22:01:58 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2019 11:36:20 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (06/14/2019 11:35:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: daemonu.exe, version: 1.0.21.0, time stamp: 0x4ddd7c84
Faulting module name: daemonu.exe, version: 1.0.21.0, time stamp: 0x4ddd7c84
Exception code: 0xc000000d
Fault offset: 0x0004ddc6
Faulting process id: 0xaa0
Faulting application start time: 0x01d522dfc66d2b0b
Faulting application path: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Faulting module path: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Report Id: 3f41a87b-8ed3-11e9-8ebe-f0def1d5a7ac

Error: (06/14/2019 11:30:58 AM) (Source: ESENT) (EventID: 454) (User: )
Description: Raven (2940) 2-WAsF-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery/restore failed with unexpected error -1216.

Error: (06/14/2019 11:30:58 AM) (Source: ESENT) (EventID: 494) (User: )
Description: Raven (2940) 2-WAsF-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery failed with error -1216 because it encountered references to a database, 'C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

Error: (06/14/2019 11:30:16 AM) (Source: ESENT) (EventID: 454) (User: )
Description: esentutl (4988) Database recovery/restore failed with unexpected error -1216.

Error: (06/14/2019 11:30:16 AM) (Source: ESENT) (EventID: 494) (User: )
Description: esentutl (4988) Database recovery failed with error -1216 because it encountered references to a database, 'C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

Error: (06/14/2019 11:29:39 AM) (Source: ESENT) (EventID: 454) (User: )
Description: Raven (2940) 1-kh85O-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery/restore failed with unexpected error -1216.

Error: (06/14/2019 11:29:39 AM) (Source: ESENT) (EventID: 494) (User: )
Description: Raven (2940) 1-kh85O-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery failed with error -1216 because it encountered references to a database, 'C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.


System errors:
=============
Error: (06/14/2019 11:35:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).

Error: (06/14/2019 11:34:16 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Norton Internet Security service hung on starting.

Error: (06/14/2019 11:27:03 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:25:31 AM on ‎6/‎14/‎2019 was unexpected.

Error: (06/14/2019 11:09:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NVSvc service.

Error: (06/14/2019 01:15:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Sfs.Server.2016 service.

Error: (06/14/2019 01:14:33 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Lenovo.VIRTSCRLSVC service.

Error: (06/14/2019 01:14:33 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (06/11/2019 10:12:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ATX 2017 Service service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================

Date: 2016-08-21 17:59:51.008
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 17:59:50.968
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 17:59:50.928
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 17:59:50.878
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 17:59:50.808
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-21 02:54:00.146
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-21 02:54:00.083
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-21 02:53:59.699
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: LENOVO 8AET56WW (1.36 ) 12/06/2011
Motherboard: LENOVO 4239CTO
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 78%
Total physical RAM: 6027.23 MB
Available physical RAM: 1303.23 MB
Total Virtual: 12052.66 MB
Available Virtual: 6681.68 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:335.75 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:4.7 GB) NTFS

\\?\Volume{8b6c8d44-6b23-11e1-b4f9-806e6f6e6963}\ (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:1.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9BCB5F28)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

You're running two AV programs, AVG and Norton.
You have to uninstall one of them.
If AVG use AVG Clear: https://www.avg.com/en-us/avg-remover
If Norton use this: https://www.bleepingcomputer.com/download/norton-removal-tool/

Then....

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

RogueKiller Anti-Malware V13.2.2.0 (x64) [Jun 10 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : BC [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190614_091032, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/06/16 01:50:19 (Duration : 00:27:28)
Switches : -refid 3
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] HKEY_USERS\S-1-5-21-3430477350-3253428499-66189328-1001\Software\Microsoft\Windows\CurrentVersion\Run|AVG-Secure-Search-Update_0214c -- [%_BC_appdata%\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe \PROMPT \mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de \CMPID=0214c] -> Deleted


Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 6/16/19
Scan Time: 1:59 AM
Log File: 063b298c-9015-11e9-bebf-f0def1d5a7ac.json
-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.11074
License: Trial
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: LENOVO_520\BC
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 274093
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 9 min, 35 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)




# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-05-27.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-16-2019
# Duration: 00:00:30
# OS: Windows 7 Professional
# Scanned: 27501
# Detected: 6
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
Adware.LoadMoney C:\ProgramData\Partner
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
PUP.Adware.Heuristic C:\Windows\System32\Tasks\1015avUpdateInfo
PUP.Adware.Heuristic C:\Windows\Tasks\1015avUpdateInfo.job
***** [ Registry ] *****
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51B8CF2E-82F3-484F-82F5-D17E54B5A1C8}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51B8CF2E-82F3-484F-82F5-D17E54B5A1C8}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1015avUpdateInfo
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########



# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-05-27.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-16-2019
# Duration: 00:00:03
# OS: Windows 7 Professional
# Cleaned: 6
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\Partner
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted C:\Windows\System32\Tasks\1015avUpdateInfo
Deleted C:\Windows\Tasks\1015avUpdateInfo.job
***** [ Registry ] *****
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51B8CF2E-82F3-484F-82F5-D17E54B5A1C8}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51B8CF2E-82F3-484F-82F5-D17E54B5A1C8}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1015avUpdateInfo
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1784 octets] - [16/06/2019 02:15:33]

 

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

Logs follow.

I'm not familiar or understand all of the info in the logs but I noticed this:

"Error: (06/16/2019 10:27:36 AM) (Source: ESENT) (EventID: 494) (User: )
Description: Raven (2972) 4-1y44iH-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery failed with error -1216 because it encountered references to a database, 'C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message."

If this is an issue, I'll see if I can reconnect to the ATX 2016 server.

Thanks





Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2019
Ran by BC (administrator) on LENOVO_520 (LENOVO 4239CTO) (16-06-2019 10:30:56)
Running from C:\Users\BC\Desktop
Loaded Profiles: BC (Available Profiles: UpdatusUser & BC)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(CCH Small Firm Services -> CCH Small Firm Services) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.ServerHost.exe
(CCH Small Firm Services -> CCH Small Firm Services) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.ServerHost.exe
(CCH Small Firm Services -> CCH Small Firm Services) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.ServerHost.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation - Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Lenovo Group Limited) [File not signed] C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo(Japan)Ltd. -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo(Japan)Ltd. -> Lenovo.) C:\Windows\System32\TpShocks.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Ricoh co.,Ltd.) [File not signed] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Symantec Corp -> Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Ulead Systems, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo(Japan)Ltd. -> Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] (Fortemedia Inc -> )
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant Systems, Inc. -> Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [309680 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) [File not signed]
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-16] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Leader Technologies Inc -> Lenovo, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION) [File not signed]
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-10] (Google Inc -> Google Inc.)
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_0414b] => C:\Users\BC\AppData\Roaming\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=0414b
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_0814av] => C:\Users\BC\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=0814av
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_1114av] => C:\Users\BC\AppData\Roaming\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=1114av
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\BC\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=1214av
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\MountPoints2: {8b6c8d46-6b23-11e1-b4f9-806e6f6e6963} - Q:\LenovoQDrive.exe
HKLM\...\Drivers32: [msacm.ulmp3acm] => C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm [319488 2006-01-23] (Ulead systems) [File not signed]
HKLM\...\Drivers32: [msacm.mpegacm] => C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\mpegacm.acm [69632 2006-04-17] (Ulead Systems, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.dvacm] => C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm [32768 2008-05-16] (Ulead Systems, Inc.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.90\Installer\chrmstp.exe [2019-06-14] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\ThinkPad\Bluetooth Software\\BtwCP.dll [2010-12-18] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-05-31] (NVIDIA Corporation -> NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-05-31] (NVIDIA Corporation -> NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-03-10]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {10F817E1-1B81-4D8D-B039-7A19D41D2791} - System32\Tasks\{28978BC3-53D6-435A-A92D-4484D6EF0EC4} => C:\Program Files (x86)\SwannView Link\MyDVR.exe [4674048 2015-09-30] () [File not signed]
Task: {40BB7FC8-BAF8-45FC-8027-3F110B03E818} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd)
Task: {4113EACF-D0D0-491B-B72C-1B02850AB25F} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [65336 2011-12-21] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
Task: {4A8A4548-18E5-43F3-9E14-8BDA62DC8578} - System32\Tasks\{3446E710-91F1-42D3-B2EF-7F3D9822F106} => C:\Program Files (x86)\SwannView Link\MyDVR.exe [4674048 2015-09-30] () [File not signed]
Task: {52061F86-5839-4D5C-95D8-F58E6B558E3E} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [542056 2011-08-31] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
Task: {62DEA9B7-4C49-4A0E-8F57-FCADFF6E2151} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2981808 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {B31E9EA6-82F6-4949-B1A6-11998EA0A3E6} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [65336 2011-12-21] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
Task: {B50FBCB2-9087-4979-B8FC-DF211A90F672} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {BF3E8C10-9EE0-4373-98F1-D587314C7A0B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {CFCB20F0-43B1-4270-AA00-CB124CE0DDE5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DCF1CA2F-853B-478A-8AA2-91D589110F28} - System32\Tasks\{B8D5221F-0F02-4939-A5F8-9BEBB7AC8E9F} => C:\Windows\system32\pcalua.exe -a "C:\Users\BC\Documents\G7PS\VersaCheck 2002\VCheck.exe"
Task: {E3D83C9B-3D73-4356-87F8-4576D57A5B3E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2314008 2019-06-15] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {E8603BA5-1730-4FBD-ADD3-309FD41F782C} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [6656 2009-02-09] () [File not signed]
Task: {F1482E8E-749F-4C52-B4CB-75E1CD7B0E3A} - System32\Tasks\{6819900C-8790-4D39-885D-993FDD4DCCA0} => C:\Windows\system32\pcalua.exe -a "C:\Users\BC\Documents\VersaCheck 2002\VCheck.exe"
Task: {FC660943-E989-4DF4-8C95-8790DD366632} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{07631ECC-23A6-4F57-AFB0-2AFA483AD605}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DAF7FC41-BAD0-4F31-90A5-6CF3A19F3236}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3430477350-3253428499-66189328-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS577
SearchScopes: HKU\S-1-5-21-3430477350-3253428499-66189328-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS577
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2011-06-29] (Symantec Corp -> Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc -> Google Inc.)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2011-06-29] (Symantec Corp -> Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-3430477350-3253428499-66189328-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.)
FireFox:
========
FF ProfilePath: C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\197en489.default [2019-06-16]
FF Homepage: Mozilla\Firefox\Profiles\197en489.default -> hxxps://www.google.com/advanced_search
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2012-03-10] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll [2014-10-28] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll [2014-10-28] (Adobe Systems Incorporated -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-25] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-25] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default [2019-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-14]
CHR Profile: C:\Users\BC\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-08-21]
CHR Profile: C:\Users\BC\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-21]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [409280 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [6893160 2019-06-14] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo(Japan)Ltd. -> Lenovo.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R2 Sfs.Server.2014; C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.ServerHost.exe [229264 2015-02-04] (CCH Small Firm Services -> CCH Small Firm Services)
R2 Sfs.Server.2016; C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.ServerHost.exe [234200 2016-10-08] (CCH Small Firm Services -> CCH Small Firm Services)
R2 Sfs.Server.2017; C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.ServerHost.exe [234208 2017-10-16] (CCH Small Firm Services -> CCH Small Firm Services)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-06-29] (Symantec Corp -> Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 5U877; C:\Windows\System32\DRIVERS\5U877.sys [166016 2011-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Ricoh co.,Ltd.)
R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37160 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [207496 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [263056 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [206408 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [61520 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42336 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [167920 2019-06-14] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [112360 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [87992 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1030832 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [477632 2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [225656 2019-06-14] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [385904 2019-06-14] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-06-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-06-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73912 2019-06-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-06-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [107368 2019-06-16] (Malwarebytes Corporation -> Malwarebytes)
R0 nlem64nt; C:\Windows\System32\Drivers\nlem64nt.sys [72808 2009-10-13] (Communication Horizons -> )
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
R2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [101888 2011-05-25] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo (United States) Inc.)
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-06-16 10:30 - 2019-06-16 10:31 - 000032945 _____ C:\Users\BC\Desktop\FRST.txt
2019-06-16 10:29 - 2019-06-16 10:29 - 000000000 ____D C:\Users\BC\Desktop\FRST-OlderVersion
2019-06-16 02:28 - 2019-06-16 02:28 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-06-16 02:28 - 2019-06-16 02:28 - 000107368 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-06-16 02:28 - 2019-06-16 02:28 - 000073912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-06-16 02:28 - 2019-06-16 02:28 - 000000000 ____D C:\Users\UpdatusUser\AppData\Local\CrashDumps
2019-06-16 02:24 - 2019-06-16 02:24 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-06-16 02:14 - 2019-06-16 02:21 - 000000000 ____D C:\AdwCleaner
2019-06-16 01:58 - 2019-06-16 01:58 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-06-16 01:58 - 2019-06-16 01:58 - 000000000 ____D C:\Users\BC\AppData\Local\mbamtray
2019-06-16 01:58 - 2019-06-16 01:58 - 000000000 ____D C:\Users\BC\AppData\Local\mbam
2019-06-16 01:57 - 2019-06-16 01:57 - 000001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-06-16 01:57 - 2019-06-16 01:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-06-16 01:57 - 2019-06-16 01:57 - 000000000 ____D C:\Program Files\Malwarebytes
2019-06-16 01:57 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-06-16 01:11 - 2019-06-16 01:22 - 000000000 ____D C:\ProgramData\RogueKiller
2019-06-16 01:11 - 2019-06-16 01:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-06-16 01:10 - 2019-06-16 01:20 - 000000000 ____D C:\Program Files\RogueKiller
2019-06-16 00:54 - 2019-06-16 00:56 - 012755992 _____ (Symantec Corporation) C:\Users\BC\Desktop\NRnR (1).exe
2019-06-16 00:42 - 2019-06-16 00:42 - 007025360 _____ (Malwarebytes) C:\Users\BC\Desktop\AdwCleaner.exe
2019-06-16 00:20 - 2019-06-16 00:31 - 063182216 _____ (Malwarebytes ) C:\Users\BC\Desktop\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe
2019-06-16 00:05 - 2019-06-16 00:09 - 029932744 _____ (Adlice Software ) C:\Users\BC\Desktop\RogueKiller_setup_ref3.exe
2019-06-15 23:25 - 2019-06-15 23:25 - 000000000 ____D C:\Users\BC\AppData\Local\{8A195502-851F-4FF4-ABA1-E4DF2A3E520C}
2019-06-14 16:20 - 2019-06-14 16:20 - 000000000 ____D C:\Users\BC\AppData\Local\{7F267395-93FA-43D9-ADD4-3AD8650CF3AD}
2019-06-14 13:44 - 2019-06-16 10:30 - 000000000 ____D C:\FRST
2019-06-14 13:39 - 2019-06-16 10:29 - 002418688 _____ (Farbar) C:\Users\BC\Desktop\FRST64.exe
2019-06-14 12:16 - 2019-06-14 12:16 - 000019172 _____ C:\Users\BC\Documents\2019_6 rent lower 001.pdf
2019-06-14 01:15 - 2019-06-14 01:16 - 000000000 ____D C:\Users\BC\AppData\Local\{90E83776-237E-4DD2-9EE8-AD5137E311A3}
2019-06-11 09:57 - 2019-06-11 09:57 - 000000000 _____ C:\Windows\system32\TEMPDFRG193332.EDB
2019-06-11 09:57 - 2019-06-11 09:57 - 000000000 _____ C:\Windows\system32\TEMP193332.EDB
2019-06-11 09:55 - 2019-06-11 09:55 - 000000000 ____D C:\Users\BC\AppData\Local\{3913D24D-6012-44BD-B6E0-5193A2DF144C}
2019-06-10 21:55 - 2019-06-10 21:55 - 000000000 ____D C:\Users\BC\AppData\Local\{7E8A43DA-040D-433C-9F3D-BC177AD119B4}
2019-06-10 09:55 - 2019-06-10 09:55 - 000000000 ____D C:\Users\BC\AppData\Local\{65735E84-30E2-485A-BB42-1741F1B26D43}
2019-06-09 14:39 - 2019-06-09 14:39 - 000000000 _____ C:\Windows\system32\TEMPDFRG170120.EDB
2019-06-09 14:39 - 2019-06-09 14:39 - 000000000 _____ C:\Windows\system32\TEMP170120.EDB
2019-06-09 14:37 - 2019-06-09 14:37 - 000000000 ____D C:\Users\BC\AppData\Local\{544F93A6-A3D6-4848-BEBB-2AAD567E27B0}
2019-06-05 09:47 - 2019-06-05 09:47 - 000106076 _____ C:\Users\BC\Documents\2019_6 H2O bill 001.pdf
2019-06-05 02:10 - 2019-06-05 02:10 - 000063344 _____ C:\Users\BC\Documents\2019_6 upper 001.pdf
2019-06-05 01:59 - 2019-06-05 01:59 - 000000000 ____D C:\Users\BC\AppData\Local\{C5D008D9-E7D8-4309-A9E6-1BE5C24CB242}
2019-06-04 14:25 - 2019-06-04 14:10 - 000363440 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2019-06-04 13:58 - 2019-06-04 13:58 - 000000000 ____D C:\Users\BC\AppData\Local\{DFEEDB2F-CAC9-48F5-8E8A-88FD6B3D1CD7}
2019-05-23 19:34 - 2019-05-23 19:35 - 000000000 ____D C:\Users\BC\AppData\Local\{62C60094-8ACF-4179-A880-F9602C933533}
2019-05-22 15:38 - 2019-05-22 15:38 - 000000000 ____D C:\Users\BC\AppData\Local\{CF7D3CF3-B951-4DAD-B696-F77C4E2A3385}
2019-05-18 14:48 - 2019-05-18 14:48 - 000000000 ____D C:\Users\BC\AppData\Local\{E78AC36A-4C48-44DE-AE32-B2EDE59686DE}
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-06-16 10:27 - 2018-08-27 12:26 - 001722366 _____ C:\Windows\system32\Data.INTEG.RAW
2019-06-16 10:27 - 2009-07-13 19:34 - 000000438 _____ C:\Windows\win.ini
2019-06-16 02:34 - 2009-07-13 21:45 - 000031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-06-16 02:34 - 2009-07-13 21:45 - 000031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-06-16 02:29 - 2009-07-13 22:13 - 000783400 _____ C:\Windows\system32\PerfStringBackup.INI
2019-06-16 02:29 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2019-06-16 02:23 - 2012-03-10 19:57 - 000000000 ____D C:\ProgramData\NVIDIA
2019-06-16 02:23 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-16 02:10 - 2014-01-15 02:15 - 000000000 ____D C:\Users\BC\Documents\temp
2019-06-16 01:58 - 2014-06-12 10:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-06-16 01:06 - 2017-03-16 13:19 - 000004174 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2019-06-16 00:59 - 2012-03-10 20:15 - 000000000 ____D C:\ProgramData\Norton
2019-06-16 00:17 - 2013-09-17 00:42 - 000000000 ____D C:\Users\BC\AppData\Roaming\SoftGrid Client
2019-06-15 03:22 - 2014-01-15 02:06 - 000000000 ____D C:\Users\BC\Documents\Jaguar
2019-06-14 18:30 - 2018-12-24 00:58 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2019-06-14 18:30 - 2018-09-08 14:00 - 000003102 _____ C:\Windows\System32\Tasks\{B8D5221F-0F02-4939-A5F8-9BEBB7AC8E9F}
2019-06-14 18:30 - 2018-09-08 13:59 - 000003092 _____ C:\Windows\System32\Tasks\{6819900C-8790-4D39-885D-993FDD4DCCA0}
2019-06-14 18:30 - 2018-04-13 15:53 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-06-14 18:30 - 2017-05-04 17:53 - 000002958 _____ C:\Windows\System32\Tasks\{3446E710-91F1-42D3-B2EF-7F3D9822F106}
2019-06-14 18:30 - 2017-05-04 17:52 - 000002958 _____ C:\Windows\System32\Tasks\{28978BC3-53D6-435A-A92D-4484D6EF0EC4}
2019-06-14 18:30 - 2014-03-26 13:31 - 000002766 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-06-14 18:30 - 2012-03-17 15:54 - 000002836 _____ C:\Windows\System32\Tasks\DiskUpdate
2019-06-14 18:30 - 2012-03-10 20:19 - 000003376 _____ C:\Windows\System32\Tasks\MCP
2019-06-14 18:30 - 2012-03-10 20:10 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-06-14 18:30 - 2012-03-10 20:10 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-06-14 18:30 - 2012-03-10 20:00 - 000002958 _____ C:\Windows\System32\Tasks\PMTask
2019-06-14 11:29 - 2017-03-16 13:19 - 000385904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2019-06-14 11:29 - 2017-03-16 13:19 - 000225656 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2019-06-14 11:29 - 2017-03-16 13:19 - 000167920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2019-06-14 11:26 - 2014-03-26 13:31 - 000000000 ____D C:\Program Files\CCleaner
2019-06-14 11:26 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files\Windows Sidebar
2019-06-14 01:24 - 2012-03-10 20:10 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-10 12:32 - 2014-01-15 02:14 - 000000000 ____D C:\Users\BC\Documents\PLAYA HOUSE
2019-06-04 14:11 - 2018-10-22 13:21 - 000042336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2019-06-04 14:11 - 2017-03-16 13:19 - 000477632 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2019-06-04 14:11 - 2017-03-16 13:19 - 000112360 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2019-06-04 14:11 - 2017-03-16 13:19 - 000087992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2019-06-04 14:09 - 2019-01-17 10:21 - 000037160 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2019-06-04 14:09 - 2017-11-28 01:04 - 000207496 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2019-06-04 14:09 - 2017-03-16 13:19 - 001030832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2019-06-04 14:08 - 2019-01-17 10:21 - 000263056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2019-06-04 14:08 - 2019-01-17 10:21 - 000206408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2019-06-04 14:08 - 2019-01-17 10:21 - 000061520 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
==================== Files in the root of some directories ================
2014-03-02 20:14 - 2014-03-02 20:14 - 000033134 _____ () C:\Users\BC\AppData\Roaming\UserTile.png
2017-11-02 12:10 - 2017-11-02 12:10 - 000000000 _____ () C:\Users\BC\AppData\Local\{7EC7DD7F-BA7C-4DF5-BB00-96E35EB4DD45}
2018-01-18 15:03 - 2018-01-18 15:03 - 000000000 _____ () C:\Users\BC\AppData\Local\{EF312064-5AA6-48C6-937B-40545899A983}
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2019-06-14 20:16
==================== End of FRST.txt ============================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2019
Ran by BC (16-06-2019 10:32:25)
Running from C:\Users\BC\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-03-17 22:54:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3430477350-3253428499-66189328-500 - Administrator - Disabled)
BC (S-1-5-21-3430477350-3253428499-66189328-1001 - Administrator - Enabled) => C:\Users\BC
Guest (S-1-5-21-3430477350-3253428499-66189328-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3430477350-3253428499-66189328-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-3430477350-3253428499-66189328-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2013 Lacerte Tax (HKLM-x32\...\2013 Lacerte Tax) (Version: - Intuit Inc.)
2013 Lacerte Tax Planner (HKLM-x32\...\2013 Lacerte Tax Planner) (Version: - Intuit Inc.)
2014 Lacerte Tax (HKLM-x32\...\2014 Lacerte Tax) (Version: - Intuit Inc.)
2014 Lacerte Tax Planner (HKLM-x32\...\2014 Lacerte Tax Planner) (Version: - Intuit Inc.)
2016 Lacerte Tax (HKLM-x32\...\2016 Lacerte Tax) (Version: - Intuit Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{9F560BEB-021F-43AC-825F-AA60442D8DE4}) (Version: 1.0.0 - Hewlett-Packard) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (HKLM-x32\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM-x32\...\{E09575B2-498D-4C8B-A9D2-623F78574F29}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{0D2E9DCB-9938-475E-B4DD-8851738852FF}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
ATX 2014 (HKLM-x32\...\{BFB9811D-CA96-45E5-9242-9497D74B1548}) (Version: 14.6.0 - CCH Small Firm Services)
ATX 2016 (HKLM-x32\...\{E59557AB-A1E2-4C43-8F52-E5FBD1332D12}) (Version: 16.6.0 - CCH Small Firm Services)
ATX 2017 (HKLM-x32\...\{9E587DD8-8D07-4140-97BC-38BCD2BC307B}) (Version: 17.3.0 - CCH Small Firm Services)
ATX Server 2014 (HKLM-x32\...\{80A2D786-E075-478B-BE44-4458F74A3DBE}) (Version: 14.5.0 - CCH Small Firm Services)
ATX Server 2016 (HKLM-x32\...\{71272489-0F94-470B-B38F-446353340568}) (Version: 16.0.0 - CCH Small Firm Services)
ATX Server 2017 (HKLM-x32\...\{968735CC-D34A-47BC-974B-0BEC9C82B92B}) (Version: 17.0.0 - CCH Small Firm Services)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.5.3093 - AVG Technologies)
Batch Thumbs 1.7 (HKLM-x32\...\Batch Thumbs 1.7) (Version: 1.7 - HarmWare)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
BufferChm (HKLM-x32\...\{BE77A81F-B315-4666-9BF3-AE70C0ADB057}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Burn.Now 4.5 (HKLM-x32\...\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Hidden
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.51.2 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.12.2.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.12.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.0 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (HKLM-x32\...\{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (HKLM-x32\...\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Direct DiscRecorder (HKLM-x32\...\InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Fax (HKLM-x32\...\{7A7DC702-DEDE-42A8-8722-B3BA724D546F}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
Go PlayAlong (HKLM-x32\...\{E8AD89F3-C2D9-80E0-94A7-8461F8967E93}) (Version: 2.93 - UNKNOWN) Hidden
Go PlayAlong (HKLM-x32\...\com.goplayalong.41DF8ADAAE31CA841C48A6C358D6E3DCCEC38798.1) (Version: 2.93 - UNKNOWN)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.90 - Google LLC)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 3000 J310 series Basic Device Software (HKLM\...\{C77B1ED4-A026-4E2F-8C91-184AEF5D1D87}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3000 J310 series Help (HKLM-x32\...\{654A65DA-7173-4B51-ACEB-F855201EE033}) (Version: 140.0.66.66 - Hewlett Packard)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
Image Resizer for Windows (64 bit) (HKLM\...\{617CA6E9-D5FB-4017-8130-82E68C56C34D}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intuit PTG MachID (HKLM-x32\...\{24226917-7238-4477-8583-5BB632A89FC0}) (Version: 1.03.0000 - Intuit Inc)
Intuit Runtime Components 6.0.16 (HKLM-x32\...\{6A3CAA8E-6DDB-4AA7-A411-9982FF9180FE}) (Version: 6.0.16 - Intuit Inc.)
Intuit Runtime Components 8.0.92 (HKLM-x32\...\{901AFFCC-3992-4388-8D4B-414113ADE0E9}) (Version: 8.0.92 - Intuit, Inc.)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lacerte DMS (HKLM-x32\...\{5999E160-C1BC-4C32-B2A0-4CB22E71594D}) (Version: 11.1.0 - Intuit)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Solution Center (HKLM\...\{828CE72E-718B-4FDC-A469-8DE674CE8C4D}) (Version: 1.0.006.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}) (Version: 3.0.0011.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{703926DE-F24B-11E4-AA68-472FB664A5DC}) (Version: 2.0.1 - Werner Schweer and Others)
NetLib Encryptionizer (HKLM\...\{FD0E376F-D30A-477C-AA84-2F4F5B51D713}) (Version: 1.00.0000 - CCH Small Firm Services)
NVIDIA 3D Vision Driver 268.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.71 - NVIDIA Corporation)
NVIDIA Graphics Driver 268.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.03 - )
Quicken 2005 (HKLM-x32\...\{2DBE41DD-2129-4C65-A3D3-5647236A60F3}) (Version: 14.00.0000 - Intuit) Hidden
Quicken 2005 (HKLM-x32\...\InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}) (Version: 14.00.0000 - Intuit)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
RogueKiller version 13.2.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.2.0 - Adlice Software)
Scan (HKLM-x32\...\{1746EA69-DCB6-4408-B5A5-E75F55439CDF}) (Version: 8.1.0.0 - Hewlett-Packard) Hidden
SwannView Link version 2.1.2.10 (HKLM-x32\...\{992EF7D5-3D70-5A7F-AFDC-8C946676BD5D}_is1) (Version: 2.1.2.10 - )
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
TaxACT 2013 California Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2013 California Preparer's - 1040 Edition) (Version: - TaxACT, Inc.)
TaxACT 2013 California Preparer's - 1120 Edition (HKLM-x32\...\TaxACT 2013 California Preparer's - 1120 Edition) (Version: - TaxACT, Inc.)
TaxACT 2013 Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2013 Preparer's - 1040 Edition) (Version: - TaxACT, Inc.)
TaxACT 2013 Preparer's - 1120 Edition (HKLM-x32\...\TaxACT 2013 Preparer's - 1120 Edition) (Version: - TaxACT, Inc.)
TaxACT 2014 Preparer's - 1120 Edition (HKLM-x32\...\TaxACT 2014 Preparer's - 1120 Edition) (Version: 1.02 - TaxACT, Inc.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.61.00.11 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.8.0 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
Toolbox (HKLM-x32\...\{C716522C-3731-4667-8579-40B098294500}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax Business 2012 (HKLM-x32\...\TurboTax Business 2012) (Version: 2012.0 - Intuit, Inc)
UnloadSupport (HKLM-x32\...\{E06F04B9-45E6-4AC0-8083-85F7515F40F7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.2.140 - VeriSign)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebReg (HKLM-x32\...\{179C56A4-F57F-4561-8BBF-F911D26EB435}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2013-02-23] (Brice Lambson) [File not signed]
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-03-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2011-05-25] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-06-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) ==============
2012-03-10 19:59 - 2011-08-31 11:03 - 000045568 ____N () [File not signed] C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2011-07-27 21:07 - 2011-07-27 21:07 - 001501696 _____ () [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-03-10 20:01 - 2010-04-06 10:05 - 002085888 _____ () [File not signed] C:\Program Files\Lenovo\AutoLock\cv210.dll
2012-03-10 20:01 - 2010-04-06 10:04 - 002201088 _____ () [File not signed] C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2012-03-10 19:50 - 2011-01-16 18:19 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2013-02-23 11:47 - 2013-02-23 11:47 - 000166400 _____ (Brice Lambson) [File not signed] C:\Program Files\Image Resizer for Windows\ShellExtensions.dll
2007-03-13 03:23 - 2007-03-13 03:23 - 000442368 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll
2007-03-13 03:23 - 2007-03-13 03:23 - 000135168 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll
2007-03-13 03:23 - 2007-03-13 03:23 - 000225280 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll
2007-03-13 03:23 - 2007-03-13 03:23 - 000184320 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll
2007-03-13 03:23 - 2007-03-13 03:23 - 000131072 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll
2012-03-10 19:50 - 2011-01-16 18:31 - 000015360 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\AMT_COM_InterfaceLib.dll
2012-03-10 19:50 - 2011-01-16 18:20 - 000471040 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\AMT_SW_GUI.dll
2012-03-10 19:50 - 2011-01-16 18:14 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2011-07-27 21:44 - 2011-07-27 21:44 - 001077248 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
2011-07-27 21:46 - 2011-07-27 21:46 - 001045504 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll
2011-07-27 21:46 - 2011-07-27 21:46 - 003719168 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll
2011-07-27 21:46 - 2011-07-27 21:46 - 000841728 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IntStngs.dll
2011-07-27 21:46 - 2011-07-27 21:46 - 000336896 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2011-07-27 21:51 - 2011-07-27 21:51 - 001278976 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\MurocApi.dll
2011-07-27 21:44 - 2011-07-27 21:44 - 000177152 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
2011-07-27 21:59 - 2011-07-27 21:59 - 002338816 _____ (Intel(R) Corporation) [File not signed] C:\Windows\System32\IWMSSvc.dll
2011-07-26 00:18 - 2011-07-26 00:18 - 000028672 _____ (Lenovo Group Limited) [File not signed] C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2008-04-11 12:54 - 2008-04-11 12:54 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\MSVCR71.dll
2015-11-05 18:20 - 2015-11-05 18:20 - 000111616 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2015-11-05 18:29 - 2015-11-05 18:29 - 000125952 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2012-03-10 20:09 - 2012-03-10 20:09 - 001656320 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80.DLL
2012-03-10 20:09 - 2012-03-10 20:09 - 001652736 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
2012-03-10 20:09 - 2012-03-10 20:09 - 000047104 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_fc42961a63b5a82b\MFC80ENU.DLL
2012-03-10 19:46 - 2008-10-30 16:24 - 000055808 _____ (Ricoh co.,Ltd.) [File not signed] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
2005-01-13 11:47 - 2005-01-13 11:47 - 000049152 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
2010-10-12 10:54 - 2010-10-12 10:54 - 000055808 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ScnMgr10.dll
2010-11-19 12:06 - 2010-11-19 12:06 - 000112640 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2010-10-12 10:58 - 2010-10-12 10:58 - 000136704 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ScanEngine30.dll
2016-02-23 19:21 - 2010-09-13 16:00 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
2016-02-23 19:21 - 2008-06-18 12:49 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enpres.dll
2016-02-23 19:20 - 2011-03-08 08:00 - 000039936 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXGI09A.DLL
2016-02-23 19:20 - 2011-03-08 08:00 - 000181248 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXMI09A.dll
2016-02-23 19:20 - 2011-03-08 08:00 - 000228864 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXUI09A.DLL
2008-01-10 13:13 - 2008-01-10 13:13 - 000061440 _____ (Ulead Systems, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\hsaservicecenter.com -> hxxps://www.hsaservicecenter.com
IE trusted site: HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\piriform.com -> hxxp://www.piriform.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2018-12-03 07:20 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\ThinkPad\Bluetooth Software\;C:\Program Files\ThinkPad\Bluetooth Software\syswow64;C:\Program Files\Broadcom\WHL\;C:\Program Files\Broadcom\WHL\syswow64;C:\Program Files\Broadcom\WHL\SysWow64\;C:\Program Files\Broadcom\WHL\SysWow64\syswow64;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Lenovo;C:\Program Files (x86)\Windows Live\Shared;C:\SWTOOLS\ReadyApps;C:\Program Files (x86)\Intel\Services\IPT\;C:\Program Files (x86)\Symantec\VIP Access Client\;C:\Program Files (x86)\Common Files\Lenovo
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\BC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AF721C4F-14F9-42B9-B256-E49F710F498A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7E90317B-5058-4DC3-A966-D2F028BE8799}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A604C6DC-EFA7-47A6-966F-8BD9D604415F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AD2B08BF-E37D-4963-AB9A-87E8AC60DFE0}] => (Allow) LPort=2869
FirewallRules: [{395E969A-02F7-4609-8318-5FBD5E497D8E}] => (Allow) LPort=1900
FirewallRules: [{34063AD1-A6F5-4C5E-962A-F91B97B179BC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C1FF7254-7440-4324-A330-21C73866FF9B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1A7DCDD8-1484-4214-A2C2-A1B6E2605961}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe No File
FirewallRules: [{ACE8B46C-222E-45E9-8544-0EC5AE0FE1C2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe No File
FirewallRules: [{C3D252C6-3FCF-4D42-8B9A-7F34E64F2203}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe No File
FirewallRules: [{EAF5BD83-469D-433B-AA46-000B237A826A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe No File
FirewallRules: [{B3710FB3-1CCE-44CD-A093-33D11C423B4D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{2DA9FB56-DB82-4658-B40D-EA9E3CBEA71D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{71FB0B5D-04F5-45B3-A06F-6CAE4079D6AD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe No File
FirewallRules: [{B26BBC24-5C35-47FD-8A7A-08DDA1774137}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe No File
FirewallRules: [{E522FF1C-C258-444D-B860-82E6A563DFDC}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{62478CD9-394B-4A5B-AC25-A3B80E9115E4}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{557835A1-B93A-4F58-A0F4-9B85C9259139}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{A752A2E1-7370-41B0-8B7F-E1B8566768B4}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{4BE07C0C-6B31-41E8-B567-B44774DD1432}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{22AFF734-48CB-47A4-84F9-2A4B4AB6D04C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{5FC93890-A2FB-468F-8993-AFEEF46B6CE5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{4E641D80-43A9-4AF6-A2FA-83F2EAD10BFC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{E3E8B2E9-090C-4156-97AC-35A89EB00E60}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{5D442641-96C6-41F4-8E4C-D0629E59C152}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{3FCFA61F-FFD9-4D20-840C-648D5A261E70}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6D1AE10F-1620-48F4-82F0-1A535603D87B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{A161DDAF-13C2-45B4-A7E1-981232DB56E3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{C71BB1F6-F001-4340-A26B-151F95988178}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{28A0D073-EE7B-4973-B12C-C8CA484E0F98}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> )
FirewallRules: [{31936644-F06F-460A-A6FB-6BFD52503936}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> )
FirewallRules: [{3D77FE30-B00B-4A7B-9078-8B3FC8CC09BF}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2014\ATX.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{6793F16C-D4F3-42E3-A10D-2BF96064C514}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2014\Sfs.Max.RolloverService.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{59AAEFB4-8963-4F09-B71C-FCDD36C5A7EB}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2014\Sfs.PrintProcess.exe No File
FirewallRules: [{797170D6-C1C9-44C0-B01E-6EFF40DFEA3A}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.Serverhost.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{2E9EDB41-9521-4EBE-B689-2CF7DF458543}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.ServerHost.AdminConsole.exe No File
FirewallRules: [{48B34730-174F-4F9B-9615-C0E325250D10}] => (Allow) LPort=60616
FirewallRules: [{AE2F6E1F-DA6C-42B0-AA58-3A402BDE4581}] => (Allow) LPort=60617
FirewallRules: [{00E4C4B3-E2D9-4592-B586-C3FA063C4CCD}] => (Allow) LPort=60618
FirewallRules: [{5C18B589-A6EF-42C1-9A86-CCA691857163}] => (Allow) LPort=31300
FirewallRules: [{8F18E7F9-30EA-4537-A9D9-E113AE187F80}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [{13840B08-AD46-458C-A2B7-F5E80C41D8E3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [TCP Query User{683E012B-FC81-4846-87D0-481207766E4E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{C8DA6645-ED2E-44B0-8DE1-FC3BC2B5A785}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{659D6D8E-E231-495A-A139-D4EC270A2E24}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{C6712213-F0E2-4D67-A35B-0D6B0B42F317}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{6EEAD4E8-F32E-4FBA-B838-0EB7B7E0627E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File
FirewallRules: [{C194E06B-A313-42A0-A070-656682D4C2B6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File
FirewallRules: [{330934E9-BEC1-4FC5-9064-53739B2BE2D7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File
FirewallRules: [{736DB4C9-9137-4228-A82A-6464C0B7BB14}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File
FirewallRules: [{A67079EA-A500-4C5E-9A57-2D70C0458389}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
FirewallRules: [{89642E62-C989-4ADA-B560-3AF0B3C467FD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
FirewallRules: [{3427D388-BF58-482B-8966-AC2ADD89BE94}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{BCE9A74B-0B82-4C83-BA20-1BBD7C5B241E}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [TCP Query User{7630D7BF-EC60-477E-B05E-3E0C7F314066}C:\program files (x86)\swannview link\mydvr.exe] => (Allow) C:\program files (x86)\swannview link\mydvr.exe () [File not signed]
FirewallRules: [UDP Query User{A181AFCD-60AE-4AEF-8C11-C6A0E0A8A434}C:\program files (x86)\swannview link\mydvr.exe] => (Allow) C:\program files (x86)\swannview link\mydvr.exe () [File not signed]
FirewallRules: [TCP Query User{90C4D7D6-081F-441E-A5DE-4ADFDD9A214D}C:\program files (x86)\swannview link\mydvr.exe] => (Block) C:\program files (x86)\swannview link\mydvr.exe () [File not signed]
FirewallRules: [UDP Query User{3C96E279-FB38-49D3-AFE2-EB18CA9E89BB}C:\program files (x86)\swannview link\mydvr.exe] => (Block) C:\program files (x86)\swannview link\mydvr.exe () [File not signed]
FirewallRules: [{3C16C0CA-F1F0-4C7B-B132-69461B59BB53}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2016\ATX.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{43087017-A1FD-4FED-B132-DDE3EA0DF6FA}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2016\Sfs.Max.RolloverService.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{58405E2F-C852-43DB-96AE-A177038F1C7D}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2016\Sfs.PrintProcess.exe No File
FirewallRules: [{35B8892D-BEA8-4CB3-BB34-1D08EE84DCB4}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.Serverhost.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{9CCBB48E-D409-46C8-A28F-27ECBB981E18}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.ServerHost.AdminConsole.exe No File
FirewallRules: [{E28D9FC6-FA29-40CE-BE14-45EED59AC7BC}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Slps.Distributor.Host.exe No File
FirewallRules: [{F9884FCB-0AE9-4921-97CB-FBB85BC41007}] => (Allow) LPort=60636
FirewallRules: [{C98C85AC-BA49-44B8-BD2E-D15E63CD5362}] => (Allow) LPort=60637
FirewallRules: [{B3322F12-7863-4957-8CBB-113EB176BAE3}] => (Allow) LPort=60638
FirewallRules: [{88FAD717-8463-4FAA-A776-43ED41039565}] => (Allow) LPort=31300
FirewallRules: [{C901635A-E4CD-4743-9B08-58D257D6560F}] => (Allow) LPort=51525
FirewallRules: [{3C06F917-A67D-49F4-A0E8-0AFE5DEAFC0D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{D8177785-4073-4C13-AD0D-C7B9A4525578}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{26996E63-CF87-4019-B5D2-D68668BE93E1}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2017\ATX.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{C94768CB-FBBE-4956-97D7-C6D5679339E5}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2017\Sfs.Max.RolloverService.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{0ADD4AA8-6EF5-43FB-A208-F66FF3FE2DEE}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2017\Sfs.PrintProcess.exe No File
FirewallRules: [{22BB711E-90EF-46E3-B837-37061EDD0506}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.Serverhost.exe (CCH Small Firm Services -> CCH Small Firm Services)
FirewallRules: [{2EDFDDC0-0FC3-4E2B-9F69-8F59859CE700}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.ServerHost.AdminConsole.exe No File
FirewallRules: [{DD3BFB8C-85D8-44C6-A7BB-B8625E5B353E}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Slps.Distributor.Host.exe No File
FirewallRules: [{D6BD70C5-54D9-435C-B7CF-E880BA6A1AFE}] => (Allow) LPort=60646
FirewallRules: [{356822D7-CEEE-42F7-9006-A0EAD0EBA83B}] => (Allow) LPort=60647
FirewallRules: [{B655E8DD-B805-4044-88CA-02ABCBEC66CE}] => (Allow) LPort=60648
FirewallRules: [{3D3D1FD6-0F0C-4CFC-8CDF-65B21D838C91}] => (Allow) LPort=31310
FirewallRules: [{C07BEF02-12FF-4AB4-90DB-31BAC9847A21}] => (Allow) LPort=51535
FirewallRules: [{DF18E8AA-D321-4156-95A4-06A47EDF57BB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
06-05-2019 01:09:48 Scheduled Checkpoint
18-05-2019 17:12:49 Scheduled Checkpoint
04-06-2019 22:01:58 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/16/2019 10:27:36 AM) (Source: ESENT) (EventID: 454) (User: )
Description: Raven (2972) 4-1y44iH-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery/restore failed with unexpected error -1216.
Error: (06/16/2019 10:27:36 AM) (Source: ESENT) (EventID: 494) (User: )
Description: Raven (2972) 4-1y44iH-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery failed with error -1216 because it encountered references to a database, 'C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
Error: (06/16/2019 10:27:28 AM) (Source: ESENT) (EventID: 454) (User: )
Description: esentutl (10844) Database recovery/restore failed with unexpected error -1216.
Error: (06/16/2019 10:27:28 AM) (Source: ESENT) (EventID: 494) (User: )
Description: esentutl (10844) Database recovery failed with error -1216 because it encountered references to a database, 'C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
Error: (06/16/2019 10:27:19 AM) (Source: ESENT) (EventID: 454) (User: )
Description: Raven (2972) 3-JRSFD-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery/restore failed with unexpected error -1216.
Error: (06/16/2019 10:27:19 AM) (Source: ESENT) (EventID: 494) (User: )
Description: Raven (2972) 3-JRSFD-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery failed with error -1216 because it encountered references to a database, 'C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
Error: (06/16/2019 10:26:19 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
ErrorCode: 14007(0x36b7).
Error: (06/16/2019 02:31:44 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (3388) An attempt to open the file "C:\Users\BC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
System errors:
=============
Error: (06/16/2019 02:28:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
Error: (06/16/2019 02:22:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bluetooth Service service failed to start due to the following error:
The system cannot find the path specified.
Error: (06/16/2019 02:22:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\IWMSSvc.dll
Error: (06/16/2019 02:22:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\IWMSSvc.dll
Error: (06/16/2019 02:22:10 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\IWMSSvc.dll
Error: (06/16/2019 02:21:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
Error: (06/16/2019 02:21:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).
Error: (06/16/2019 02:21:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Lenovo Hotkey Client Loader service terminated unexpectedly. It has done this 1 time(s).
CodeIntegrity:
===================================
Date: 2016-08-21 17:59:51.008
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-08-21 17:59:50.968
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-08-21 17:59:50.928
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-08-21 17:59:50.878
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-08-21 17:59:50.808
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-21 02:54:00.146
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-21 02:54:00.083
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-21 02:53:59.699
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: LENOVO 8AET56WW (1.36 ) 12/06/2011
Motherboard: LENOVO 4239CTO
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 78%
Total physical RAM: 6027.23 MB
Available physical RAM: 1310.39 MB
Total Virtual: 12052.66 MB
Available Virtual: 6787.46 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:336.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:4.7 GB) NTFS
\\?\Volume{8b6c8d44-6b23-11e1-b4f9-806e6f6e6963}\ (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:1.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9BCB5F28)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================

 

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2019
Ran by BC (17-06-2019 10:17:58) Run:1
Running from C:\Users\BC\Desktop
Loaded Profiles: BC & (Available Profiles: UpdatusUser & BC)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\MountPoints2: {8b6c8d46-6b23-11e1-b4f9-806e6f6e6963} - Q:\LenovoQDrive.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
2014-03-02 20:14 - 2014-03-02 20:14 - 000033134 _____ () C:\Users\BC\AppData\Roaming\UserTile.png
2017-11-02 12:10 - 2017-11-02 12:10 - 000000000 _____ () C:\Users\BC\AppData\Local\{7EC7DD7F-BA7C-4DF5-BB00-96E35EB4DD45}
2018-01-18 15:03 - 2018-01-18 15:03 - 000000000 _____ () C:\Users\BC\AppData\Local\{EF312064-5AA6-48C6-937B-40545899A983}
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [{1A7DCDD8-1484-4214-A2C2-A1B6E2605961}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe No File
FirewallRules: [{ACE8B46C-222E-45E9-8544-0EC5AE0FE1C2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe No File
FirewallRules: [{C3D252C6-3FCF-4D42-8B9A-7F34E64F2203}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe No File
FirewallRules: [{EAF5BD83-469D-433B-AA46-000B237A826A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe No File
FirewallRules: [{B3710FB3-1CCE-44CD-A093-33D11C423B4D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{2DA9FB56-DB82-4658-B40D-EA9E3CBEA71D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{71FB0B5D-04F5-45B3-A06F-6CAE4079D6AD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe No File
FirewallRules: [{B26BBC24-5C35-47FD-8A7A-08DDA1774137}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe No File
FirewallRules: [{59AAEFB4-8963-4F09-B71C-FCDD36C5A7EB}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2014\Sfs.PrintProcess.exe No File
FirewallRules: [{2E9EDB41-9521-4EBE-B689-2CF7DF458543}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.ServerHost.AdminConsole.exe No File
FirewallRules: [{8F18E7F9-30EA-4537-A9D9-E113AE187F80}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [{13840B08-AD46-458C-A2B7-F5E80C41D8E3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [{6EEAD4E8-F32E-4FBA-B838-0EB7B7E0627E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File
FirewallRules: [{C194E06B-A313-42A0-A070-656682D4C2B6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File
FirewallRules: [{330934E9-BEC1-4FC5-9064-53739B2BE2D7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File
FirewallRules: [{736DB4C9-9137-4228-A82A-6464C0B7BB14}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File
FirewallRules: [{A67079EA-A500-4C5E-9A57-2D70C0458389}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
FirewallRules: [{89642E62-C989-4ADA-B560-3AF0B3C467FD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
FirewallRules: [{3427D388-BF58-482B-8966-AC2ADD89BE94}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{BCE9A74B-0B82-4C83-BA20-1BBD7C5B241E}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{58405E2F-C852-43DB-96AE-A177038F1C7D}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2016\Sfs.PrintProcess.exe No File
FirewallRules: [{9CCBB48E-D409-46C8-A28F-27ECBB981E18}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.ServerHost.AdminConsole.exe No File
FirewallRules: [{E28D9FC6-FA29-40CE-BE14-45EED59AC7BC}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Slps.Distributor.Host.exe No File
FirewallRules: [{0ADD4AA8-6EF5-43FB-A208-F66FF3FE2DEE}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2017\Sfs.PrintProcess.exe No File
FirewallRules: [{2EDFDDC0-0FC3-4E2B-9F69-8F59859CE700}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.ServerHost.AdminConsole.exe No File
FirewallRules: [{DD3BFB8C-85D8-44C6-A7BB-B8625E5B353E}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Slps.Distributor.Host.exe No File
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKU\S-1-5-21-3430477350-3253428499-66189328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b6c8d46-6b23-11e1-b4f9-806e6f6e6963} => removed successfully
HKLM\Software\Classes\CLSID\{8b6c8d46-6b23-11e1-b4f9-806e6f6e6963} => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\System\CurrentControlSet\Services\TrueSight => removed successfully
TrueSight => service removed successfully
C:\Users\BC\AppData\Roaming\UserTile.png => moved successfully
C:\Users\BC\AppData\Local\{7EC7DD7F-BA7C-4DF5-BB00-96E35EB4DD45} => moved successfully
C:\Users\BC\AppData\Local\{EF312064-5AA6-48C6-937B-40545899A983} => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A7DCDD8-1484-4214-A2C2-A1B6E2605961}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ACE8B46C-222E-45E9-8544-0EC5AE0FE1C2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3D252C6-3FCF-4D42-8B9A-7F34E64F2203}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EAF5BD83-469D-433B-AA46-000B237A826A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3710FB3-1CCE-44CD-A093-33D11C423B4D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2DA9FB56-DB82-4658-B40D-EA9E3CBEA71D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71FB0B5D-04F5-45B3-A06F-6CAE4079D6AD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B26BBC24-5C35-47FD-8A7A-08DDA1774137}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{59AAEFB4-8963-4F09-B71C-FCDD36C5A7EB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E9EDB41-9521-4EBE-B689-2CF7DF458543}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8F18E7F9-30EA-4537-A9D9-E113AE187F80}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13840B08-AD46-458C-A2B7-F5E80C41D8E3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6EEAD4E8-F32E-4FBA-B838-0EB7B7E0627E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C194E06B-A313-42A0-A070-656682D4C2B6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{330934E9-BEC1-4FC5-9064-53739B2BE2D7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{736DB4C9-9137-4228-A82A-6464C0B7BB14}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A67079EA-A500-4C5E-9A57-2D70C0458389}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{89642E62-C989-4ADA-B560-3AF0B3C467FD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3427D388-BF58-482B-8966-AC2ADD89BE94}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BCE9A74B-0B82-4C83-BA20-1BBD7C5B241E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58405E2F-C852-43DB-96AE-A177038F1C7D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9CCBB48E-D409-46C8-A28F-27ECBB981E18}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E28D9FC6-FA29-40CE-BE14-45EED59AC7BC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0ADD4AA8-6EF5-43FB-A208-F66FF3FE2DEE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2EDFDDC0-0FC3-4E2B-9F69-8F59859CE700}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DD3BFB8C-85D8-44C6-A7BB-B8625E5B353E}" => removed successfully
==== End of Fixlog 10:18:04 ====

 

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Antivirus
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java version 32-bit out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 15.0.0.189 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 36.0.1 Firefox out of Date!
Google Chrome (75.0.3770.90)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
AVG Antivirus AVGSvc.exe
AVG Antivirus aswidsagent.exe
AVG Antivirus AVGUI.exe
Common Files CCH Small Firm Services ATX 2014 Server Sfs.ServerHost.exe
Common Files CCH Small Firm Services ATX 2016 Server Sfs.ServerHost.exe
Common Files CCH Small Firm Services ATX 2017 Server Sfs.ServerHost.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````



Farbar Service Scanner Version: 27-01-2016
Ran by BC (administrator) on 17-06-2019 at 19:53:39
Running from "C:\Users\BC\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****


- did you want this info? TFC:

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: BC
->Temp folder emptied: 425041062 bytes
->Temporary Internet Files folder emptied: 5652103 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 373363496 bytes
->Google Chrome cache emptied: 163376332 bytes
->Flash cache emptied: 67426 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35093688 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1460487 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 14904606 bytes
Process complete!

Total Files Cleaned = 972.00 mb


Sophos in next post

 

Sophos reported "no threats found." Could not find a log.

 

Your computer is clean [img=[URL]https://www.bleepstatic.com/fhost/uploads/6/snag-0004.jpg][/URL]

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.

 

Thanks for your help.

Where at the Firefox page is it possible to check the browser plugins? When I click on your link I get a page that says:

"Better features, fewer plugin updates
Firefox has been expanding to support features that used to require extra plugins. Now, they’re kept up-to-date automatically and managed through blocklisting for added security. So you can stay current with just one Firefox update."

And then, a link to "Download the latest version"

I cant find anything to check if Firefox plugins are up to date.

Google is up to date.

Should Delfix eliminate Sophos from the desktop?

Thank you.

 

If Firefox is up to date so are the plugins. You don't have to worry about them.

If Delfix didn't remove Sophos do it manually.

Good luck and stay safe

 

Re The laptop just cleaned:

Do you have any comments or ever heard of jpg files relocating to a different folder? I'm not sure if it was my error or something else that caused 40,000+ jpgs to vacate their respective folders. Nothing was deleted, just moved to 1 folder.

The battery icon, on the lower toolbar, that indicates how many hours/minutes remain on the battery , is blank. Blank when unplugged and plugged into charger. How do I fix that?

Thanks

 

Moving a folder into another folder by accident happened to me, so I believe it's on you

As for battery issue I suggest new topic in appropriate forum.