When saving an Excel file I received a AVG notice that IDP Generic was detected. I quarantined it but, did not reboot. Opened again, same result, created exception. Thanks Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2020 Ran by BC (administrator) on LENOVO_520 (LENOVO 4239CTO) (06-03-2020 17:30:07) Running from C:\Users\BC\Desktop Loaded Profiles: BC (Available Profiles: UpdatusUser & BC) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () R:\140066.enu\Office14\EXCELC.EXE () R:\140066.enu\Office14\OffSpon.EXE () R:\140066.enu\Office14\OffSpon.EXE () R:\140066.enu\Office14\WINWORDC.EXE (ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (CCH Small Firm Services -> CCH Small Firm Services) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.ServerHost.exe (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation - Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation - Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel® Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Lenovo Group Limited) [File not signed] C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo(Japan)Ltd. -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Lenovo(Japan)Ltd. -> Lenovo.) C:\Windows\System32\TpShocks.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> ) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Ricoh co.,Ltd.) [File not signed] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (Symantec Corp -> Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Ulead Systems, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Wolters Kluwer United States Inc. -> CCH Small Firm Services) C:\Program Files (x86)\Common Files\Wolters Kluwer\ATX 2018 Server\Sfs.ServerHost.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated -> Synaptics Incorporated) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo(Japan)Ltd. -> Lenovo.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] (Fortemedia Inc -> ) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant Systems, Inc. -> Conexant systems, Inc.) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo(Japan)Ltd. -> Lenovo Group Limited) HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo(Japan)Ltd. -> Lenovo Group Limited) HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [316848 2019-07-27] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) [File not signed] HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-16] (Intel Corporation -> Intel Corporation) HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo(Japan)Ltd. -> Lenovo Group Limited) HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Leader Technologies Inc -> Lenovo, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION) [File not signed] HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION) [File not signed] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-10] (Google Inc -> Google Inc.) HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_0414b] => C:\Users\BC\AppData\Roaming\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=0414b HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_0814av] => C:\Users\BC\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=0814av HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_1114av] => C:\Users\BC\AppData\Roaming\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=1114av HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\BC\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=1214av HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd -> Piriform Ltd) HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.132\Installer\chrmstp.exe [2020-03-06] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\ThinkPad\Bluetooth Software\\BtwCP.dll [2010-12-18] (Broadcom Corporation -> Broadcom Corporation.) HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-05-31] (NVIDIA Corporation -> NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-05-31] (NVIDIA Corporation -> NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-03-10] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.) FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {10F817E1-1B81-4D8D-B039-7A19D41D2791} - System32\Tasks\{28978BC3-53D6-435A-A92D-4484D6EF0EC4} => C:\Program Files (x86)\SwannView Link\MyDVR.exe [4674048 2015-09-30] () [File not signed] Task: {40BB7FC8-BAF8-45FC-8027-3F110B03E818} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd) Task: {4113EACF-D0D0-491B-B72C-1B02850AB25F} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [65336 2011-12-21] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo) Task: {4A8A4548-18E5-43F3-9E14-8BDA62DC8578} - System32\Tasks\{3446E710-91F1-42D3-B2EF-7F3D9822F106} => C:\Program Files (x86)\SwannView Link\MyDVR.exe [4674048 2015-09-30] () [File not signed] Task: {52061F86-5839-4D5C-95D8-F58E6B558E3E} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [542056 2011-08-31] (Lenovo(Japan)Ltd. -> Lenovo Group Limited) Task: {AC42F86C-0071-48BE-BA1B-3180457AC2ED} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [3981232 2019-10-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) Task: {B31E9EA6-82F6-4949-B1A6-11998EA0A3E6} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [65336 2011-12-21] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo) Task: {B50FBCB2-9087-4979-B8FC-DF211A90F672} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.) Task: {BF3E8C10-9EE0-4373-98F1-D587314C7A0B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {CFCB20F0-43B1-4270-AA00-CB124CE0DDE5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd) Task: {DCF1CA2F-853B-478A-8AA2-91D589110F28} - System32\Tasks\{B8D5221F-0F02-4939-A5F8-9BEBB7AC8E9F} => C:\Windows\system32\pcalua.exe -a "C:\Users\BC\Documents\G7PS\VersaCheck 2002\VCheck.exe" Task: {E3D83C9B-3D73-4356-87F8-4576D57A5B3E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1692296 2020-02-29] (AVG Technologies USA, LLC -> AVG Technologies) Task: {E8603BA5-1730-4FBD-ADD3-309FD41F782C} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [6656 2009-02-09] () [File not signed] Task: {F1482E8E-749F-4C52-B4CB-75E1CD7B0E3A} - System32\Tasks\{6819900C-8790-4D39-885D-993FDD4DCCA0} => C:\Windows\system32\pcalua.exe -a "C:\Users\BC\Documents\VersaCheck 2002\VCheck.exe" Task: {FC660943-E989-4DF4-8C95-8790DD366632} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{07631ECC-23A6-4F57-AFB0-2AFA483AD605}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{DAF7FC41-BAD0-4F31-90A5-6CF3A19F3236}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3430477350-3253428499-66189328-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP HKU\S-1-5-21-3430477350-3253428499-66189328-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/ SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3430477350-3253428499-66189328-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS577 SearchScopes: HKU\S-1-5-21-3430477350-3253428499-66189328-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS577 BHO: CCH Browser Search -> {6BACF407-FDBB-41EB-950B-8C93545F8D3A} -> C:\Program Files (x86)\CCH Browser Search\ScriptHost64.dll [2017-08-11] (Wolters Kluwer U.S Corporation -> Wolters Kluwer) [File not signed] BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.) BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2011-06-29] (Symantec Corp -> Symantec Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: CCH Browser Search -> {6BACF407-FDBB-41EB-950B-8C93545F8D3A} -> C:\Program Files (x86)\CCH Browser Search\ScriptHost.dll [2017-08-11] (Wolters Kluwer U.S Corporation -> Wolters Kluwer) [File not signed] BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc -> Google Inc.) BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2011-06-29] (Symantec Corp -> Symantec Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc -> Google Inc.) Toolbar: HKU\S-1-5-21-3430477350-3253428499-66189328-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.) FireFox: ======== FF ProfilePath: C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\197en489.default [2020-03-06] FF DownloadDir: C:\Users\BC\Desktop FF Homepage: Mozilla\Firefox\Profiles\197en489.default -> hxxps://www.google.com/advanced_search FF Extension: (CCH Browser Search) - C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\197en489.default\Extensions\IntelliConnect@WoltersKluwer [2019-09-26] [Legacy] FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2012-03-10] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll [2014-10-28] (Adobe Systems Incorporated -> ) FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll [2014-10-28] (Adobe Systems Incorporated -> ) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) [File not signed] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-25] (NVIDIA Corporation -> NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-25] (NVIDIA Corporation -> NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default [2020-03-06] CHR DownloadDir: C:\Users\BC\Desktop CHR Extension: (Chrome Web Store Payments) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-01] CHR Extension: (Chrome Media Router) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-29] CHR Profile: C:\Users\BC\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-07-14] CHR Profile: C:\Users\BC\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-31] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY) R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [415032 2019-07-27] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [6845400 2019-07-27] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo(Japan)Ltd. -> Lenovo.) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed] R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-11] (Lenovo(Japan)Ltd. -> Lenovo Group Limited) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) S2 Sfs.Server.2014; C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.ServerHost.exe [229264 2015-02-04] (CCH Small Firm Services -> CCH Small Firm Services) R2 Sfs.Server.2016; C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.ServerHost.exe [234200 2016-10-08] (CCH Small Firm Services -> CCH Small Firm Services) S2 Sfs.Server.2017; C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.ServerHost.exe [234208 2017-10-16] (CCH Small Firm Services -> CCH Small Firm Services) R2 Sfs.Server.2018; C:\Program Files (x86)\Common Files\Wolters Kluwer\ATX 2018 Server\Sfs.ServerHost.exe [236504 2018-09-24] (Wolters Kluwer United States Inc. -> CCH Small Firm Services) R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed] R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-06-29] (Symantec Corp -> Symantec Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation) R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 5U877; C:\Windows\System32\DRIVERS\5U877.sys [166016 2011-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Ricoh co.,Ltd.) R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37880 2019-10-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [205600 2019-10-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [275232 2019-10-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [210328 2019-10-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [65376 2019-10-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [43512 2019-10-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [168944 2019-07-31] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [111096 2019-10-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [84560 2019-10-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [848688 2019-10-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [461216 2019-10-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [225864 2019-06-29] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [317304 2019-10-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-09-26] (Malwarebytes Corporation -> Malwarebytes) R0 nlem64nt; C:\Windows\System32\Drivers\nlem64nt.sys [72808 2009-10-13] (Communication Horizons -> ) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited) R2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [101888 2011-05-25] (Microsoft Windows Hardware Compatibility Publisher -> REDC) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo (United States) Inc.) S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X] U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-03-06 17:20 - 2020-03-06 17:25 - 000058599 _____ C:\Users\BC\Desktop\Addition.txt 2020-03-06 17:16 - 2020-03-06 17:32 - 000034021 _____ C:\Users\BC\Desktop\FRST.txt 2020-03-06 17:15 - 2020-03-06 17:15 - 002279936 _____ (Farbar) C:\Users\BC\Desktop\FRST64.exe 2020-03-06 17:10 - 2020-03-06 17:11 - 002008064 _____ (Farbar) C:\Users\BC\Desktop\FRST.exe 2020-03-06 16:47 - 2020-03-06 16:47 - 000008732 _____ C:\Users\BC\Documents\teat.xlsx 2020-03-06 16:47 - 2020-03-06 16:47 - 000000165 ____H C:\Users\BC\Documents\~$teat.xlsx 2020-03-06 16:17 - 2020-03-06 16:17 - 000000000 ____D C:\Users\BC\AppData\Local\{02659E9C-E244-45EB-A93A-2D96AFA42721} 2020-02-29 13:14 - 2020-02-29 13:14 - 000000000 ____D C:\Users\BC\AppData\Local\{FC050A93-C78D-40B6-994A-BEBF37C7540D} 2020-02-25 13:24 - 2020-02-25 13:24 - 000000000 ____D C:\Users\BC\AppData\Local\{742C4C0F-26E4-4CEA-854B-8188C808F7B8} 2020-02-20 13:05 - 2020-02-20 13:05 - 000109230 _____ C:\Users\BC\Documents\2020 Feb H2O bill 001.pdf 2020-02-20 12:30 - 2020-02-20 12:30 - 000000000 ____D C:\Users\BC\AppData\Local\{E393360D-7532-422E-8489-B9E6EA55D1A6} 2020-02-19 23:08 - 2020-02-19 23:08 - 000000000 ____D C:\Users\BC\AppData\Local\{B9C12D34-AACB-4046-9618-5E27C0E53D0D} 2020-02-19 13:26 - 2020-02-19 13:26 - 000101400 _____ C:\Users\BC\Documents\Ronin 10_23_18 stmt 7303fvercharge.pdf 2020-02-19 12:07 - 2020-02-19 12:07 - 001347006 _____ C:\Users\BC\Documents\FINAL_BC_2018_FINAL.pdf 2020-02-19 11:07 - 2020-02-19 11:08 - 000000000 ____D C:\Users\BC\AppData\Local\{49F6C0BE-6599-40CF-9D15-2A3782414931} 2020-02-17 07:13 - 2020-02-17 07:13 - 000000000 ____D C:\Users\BC\AppData\Local\{1FE8BEC0-4169-437C-AB10-4DB8BBA21027} 2020-02-16 13:44 - 2020-02-16 13:45 - 000000000 ____D C:\Users\BC\AppData\Local\{52F425C0-56FF-4135-8555-C6A4378B0CFB} 2020-02-12 15:20 - 2020-02-12 15:20 - 000000000 ____D C:\Users\BC\AppData\Local\{4D87F9A5-F27D-4453-BE84-ED40AA4837A8} 2020-02-11 22:49 - 2020-02-11 22:49 - 000000000 ____D C:\Users\BC\AppData\Local\{F88EE41B-BDD6-45B6-BCE3-14CBA7A49DC6} 2020-02-11 10:47 - 2020-02-11 10:48 - 000000000 ____D C:\Users\BC\AppData\Local\{81F12669-73AF-4519-AC80-3E4181A9C304} 2020-02-08 14:48 - 2020-02-08 14:48 - 000305640 _____ C:\Users\BC\Documents\2020 Feb r upr 001.pdf 2020-02-08 14:45 - 2020-02-08 14:45 - 000045375 _____ C:\Users\BC\Documents\2020 Feb r lwr 001.pdf 2020-02-08 13:16 - 2020-02-08 13:16 - 000000000 ____D C:\Users\BC\AppData\Local\{4864D23A-2825-4391-9070-67301367AD93} ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-03-06 17:31 - 2019-07-27 10:49 - 000000000 ____D C:\FRST 2020-03-06 17:31 - 2009-07-13 18:34 - 000000438 _____ C:\Windows\win.ini 2020-03-06 16:29 - 2012-03-10 19:10 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-03-06 16:23 - 2009-07-13 20:45 - 000031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2020-03-06 16:23 - 2009-07-13 20:45 - 000031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2020-03-06 16:18 - 2018-08-27 11:26 - 003319752 _____ C:\Windows\system32\Data.INTEG.RAW 2020-02-25 14:16 - 2014-01-15 01:16 - 000000000 ____D C:\Users\BC\Documents\Venice1 2020-02-25 13:32 - 2017-03-16 12:19 - 000004174 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update 2020-02-20 13:10 - 2009-07-13 21:32 - 000000000 ____D C:\Windows\system32\FxsTmp 2020-02-19 13:30 - 2014-01-15 01:15 - 000000000 ____D C:\Users\BC\Documents\temp 2020-02-19 12:00 - 2016-07-06 21:27 - 000000000 ____D C:\Users\BC\Documents\Jaguar__ 2020-02-17 09:51 - 2014-01-14 01:16 - 000000000 ____D C:\BACKUP 2020-02-17 07:13 - 2012-03-17 15:01 - 000000000 ____D C:\Users\BC\AppData\Local\VirtualStore 2020-02-08 13:23 - 2012-03-10 19:10 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2020-02-08 13:23 - 2012-03-10 19:10 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======== 2019-07-07 10:43 - 2019-07-07 10:43 - 000003584 _____ () C:\Users\BC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2019-09-22 13:15 - 2019-09-22 13:15 - 000007618 _____ () C:\Users\BC\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2019-10-10 15:42 ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2020 Ran by BC (06-03-2020 17:33:21) Running from C:\Users\BC\Desktop Windows 7 Professional Service Pack 1 (X64) (2012-03-17 22:54:06) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3430477350-3253428499-66189328-500 - Administrator - Disabled) BC (S-1-5-21-3430477350-3253428499-66189328-1001 - Administrator - Enabled) => C:\Users\BC Guest (S-1-5-21-3430477350-3253428499-66189328-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3430477350-3253428499-66189328-1003 - Limited - Enabled) UpdatusUser (S-1-5-21-3430477350-3253428499-66189328-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2013 Lacerte Tax (HKLM-x32\...\2013 Lacerte Tax) (Version: - Intuit Inc.) 2013 Lacerte Tax Planner (HKLM-x32\...\2013 Lacerte Tax Planner) (Version: - Intuit Inc.) 2014 Lacerte Tax (HKLM-x32\...\2014 Lacerte Tax) (Version: - Intuit Inc.) 2014 Lacerte Tax Planner (HKLM-x32\...\2014 Lacerte Tax Planner) (Version: - Intuit Inc.) 2016 Lacerte Tax (HKLM-x32\...\2016 Lacerte Tax) (Version: - Intuit Inc.) 64 Bit HP CIO Components Installer (HKLM\...\{9F560BEB-021F-43AC-825F-AA60442D8DE4}) (Version: 1.0.0 - Hewlett-Packard) Hidden ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) AIO_CDB_ProductContext (HKLM-x32\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden AIO_CDB_Software (HKLM-x32\...\{E09575B2-498D-4C8B-A9D2-623F78574F29}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden AIO_Scan (HKLM-x32\...\{0D2E9DCB-9938-475E-B4DD-8851738852FF}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden ATX 2014 (HKLM-x32\...\{BFB9811D-CA96-45E5-9242-9497D74B1548}) (Version: 14.6.0 - CCH Small Firm Services) ATX 2016 (HKLM-x32\...\{E59557AB-A1E2-4C43-8F52-E5FBD1332D12}) (Version: 16.6.0 - CCH Small Firm Services) ATX 2017 (HKLM-x32\...\{9E587DD8-8D07-4140-97BC-38BCD2BC307B}) (Version: 17.3.0 - CCH Small Firm Services) ATX 2018 (HKLM-x32\...\{6FEFD49E-A4EA-43DE-8BE6-2CFA291A85A7}) (Version: 18.3.0 - CCH Small Firm Services) ATX Server 2014 (HKLM-x32\...\{80A2D786-E075-478B-BE44-4458F74A3DBE}) (Version: 14.5.0 - CCH Small Firm Services) ATX Server 2016 (HKLM-x32\...\{71272489-0F94-470B-B38F-446353340568}) (Version: 16.0.0 - CCH Small Firm Services) ATX Server 2017 (HKLM-x32\...\{968735CC-D34A-47BC-974B-0BEC9C82B92B}) (Version: 17.0.0 - CCH Small Firm Services) ATX Server 2018 (HKLM-x32\...\{E0CB0BA2-F60D-4729-8CEE-95C40948AF02}) (Version: 18.0.0 - CCH Small Firm Services) AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.8.3108 - AVG Technologies) Batch Thumbs 1.7 (HKLM-x32\...\Batch Thumbs 1.7) (Version: 1.7 - HarmWare) Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation) BufferChm (HKLM-x32\...\{BE77A81F-B315-4666-9BF3-AE70C0ADB057}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden Burn.Now 4.5 (HKLM-x32\...\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Hidden Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.51.2 - Canon Inc.) Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.12.2.1 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.) Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.12.2.0 - Canon Inc.) CCH® Browser Search (HKLM-x32\...\IntelliConnect Search) (Version: 2.0.0.35 - Wolters Kluwer) CCHBrowserSearchInstaller (HKLM-x32\...\{508C226E-8312-43A5-8B4E-31E98CCE669D}) (Version: 2.0.35 - Wolters Kluwer) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform) Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.0 - Conexant) Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Corel DVD MovieFactory 7 (HKLM-x32\...\{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Hidden Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.) Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited) Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Direct DiscRecorder (HKLM-x32\...\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden Direct DiscRecorder (HKLM-x32\...\InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - ) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION) Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION) Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.) Fax (HKLM-x32\...\{7A7DC702-DEDE-42A8-8722-B3BA724D546F}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski) Go PlayAlong (HKLM-x32\...\{E8AD89F3-C2D9-80E0-94A7-8461F8967E93}) (Version: 2.93 - UNKNOWN) Hidden Go PlayAlong (HKLM-x32\...\com.goplayalong.41DF8ADAAE31CA841C48A6C358D6E3DCCEC38798.1) (Version: 2.93 - UNKNOWN) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.132 - Google LLC) Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden HP Deskjet 3000 J310 series Basic Device Software (HKLM\...\{C77B1ED4-A026-4E2F-8C91-184AEF5D1D87}) (Version: 22.0.334.0 - Hewlett-Packard Co.) HP Deskjet 3000 J310 series Help (HKLM-x32\...\{654A65DA-7173-4B51-ACEB-F855201EE033}) (Version: 140.0.66.66 - Hewlett Packard) HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP) Image Resizer for Windows (64 bit) (HKLM\...\{617CA6E9-D5FB-4017-8130-82E68C56C34D}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson) Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH) Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.) Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version: - ) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation) Intuit PTG MachID (HKLM-x32\...\{24226917-7238-4477-8583-5BB632A89FC0}) (Version: 1.03.0000 - Intuit Inc) Intuit Runtime Components 6.0.16 (HKLM-x32\...\{6A3CAA8E-6DDB-4AA7-A411-9982FF9180FE}) (Version: 6.0.16 - Intuit Inc.) Intuit Runtime Components 8.0.92 (HKLM-x32\...\{901AFFCC-3992-4388-8D4B-414113ADE0E9}) (Version: 8.0.92 - Intuit, Inc.) Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation) Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lacerte DMS (HKLM-x32\...\{5999E160-C1BC-4C32-B2A0-4CB22E71594D}) (Version: 11.1.0 - Intuit) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - ) Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited) Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.) Lenovo Solution Center (HKLM\...\{828CE72E-718B-4FDC-A469-8DE674CE8C4D}) (Version: 1.0.006.00 - Lenovo Group Limited) Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - ) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo) Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo) Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo) Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Message Center Plus (HKLM-x32\...\{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}) (Version: 3.0.0011.00 - Lenovo Group Limited) Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MuseScore 2 (HKLM-x32\...\{703926DE-F24B-11E4-AA68-472FB664A5DC}) (Version: 2.0.1 - Werner Schweer and Others) NetLib Encryptionizer (HKLM\...\{FD0E376F-D30A-477C-AA84-2F4F5B51D713}) (Version: 1.00.0000 - CCH Small Firm Services) NVIDIA 3D Vision Driver 268.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.71 - NVIDIA Corporation) NVIDIA Graphics Driver 268.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.71 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation) On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.03 - ) Quicken 2005 (HKLM-x32\...\{2DBE41DD-2129-4C65-A3D3-5647236A60F3}) (Version: 14.00.0000 - Intuit) Hidden Quicken 2005 (HKLM-x32\...\InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}) (Version: 14.00.0000 - Intuit) RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo) Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - ) RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH) RogueKiller version 13.2.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.2.0 - Adlice Software) Scan (HKLM-x32\...\{1746EA69-DCB6-4408-B5A5-E75F55439CDF}) (Version: 8.1.0.0 - Hewlett-Packard) Hidden Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited) SwannView Link version 2.1.2.10 (HKLM-x32\...\{992EF7D5-3D70-5A7F-AFDC-8C946676BD5D}_is1) (Version: 2.1.2.10 - ) System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo) TaxACT 2013 California Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2013 California Preparer's - 1040 Edition) (Version: - TaxACT, Inc.) TaxACT 2013 California Preparer's - 1120 Edition (HKLM-x32\...\TaxACT 2013 California Preparer's - 1120 Edition) (Version: - TaxACT, Inc.) TaxACT 2013 Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2013 Preparer's - 1040 Edition) (Version: - TaxACT, Inc.) TaxACT 2013 Preparer's - 1120 Edition (HKLM-x32\...\TaxACT 2013 Preparer's - 1120 Edition) (Version: - TaxACT, Inc.) TaxACT 2014 Preparer's - 1120 Edition (HKLM-x32\...\TaxACT 2014 Preparer's - 1120 Edition) (Version: 1.02 - TaxACT, Inc.) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation) ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - ) ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.61.00.11 - ) ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - ) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.8.0 - ) ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo) ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo) ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo) ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo) Toolbox (HKLM-x32\...\{C716522C-3731-4667-8579-40B098294500}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc) TurboTax Business 2012 (HKLM-x32\...\TurboTax Business 2012) (Version: 2012.0 - Intuit, Inc) UnloadSupport (HKLM-x32\...\{E06F04B9-45E6-4AC0-8083-85F7515F40F7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.2.140 - VeriSign) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WebReg (HKLM-x32\...\{179C56A4-F57F-4561-8BBF-F911D26EB435}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel) Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel) Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel) Windows Driver Package - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel) Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel) Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo) Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-07-27] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2013-02-23] (Brice Lambson) [File not signed] ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-03-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2011-05-25] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-07-27] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [msacm.ulmp3acm] => C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm [319488 2006-01-23] (Ulead systems) [File not signed] HKLM\...\Drivers32: [msacm.mpegacm] => C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\mpegacm.acm [69632 2006-04-17] (Ulead Systems, Inc.) [File not signed] HKLM\...\Drivers32: [msacm.dvacm] => C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm [32768 2008-05-16] (Ulead Systems, Inc.) [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ==================== Loaded Modules (Whitelisted) ============= 2009-02-27 11:52 - 2009-02-27 11:52 - 000258048 _____ () [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll 2012-03-10 18:59 - 2011-08-31 10:03 - 000045568 ____N () [File not signed] C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL 2011-07-27 20:07 - 2011-07-27 20:07 - 001501696 _____ () [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2012-03-10 19:01 - 2010-04-06 09:05 - 002085888 _____ () [File not signed] C:\Program Files\Lenovo\AutoLock\cv210.dll 2012-03-10 19:01 - 2010-04-06 09:04 - 002201088 _____ () [File not signed] C:\Program Files\Lenovo\AutoLock\cxcore210.dll 2011-06-07 17:16 - 2011-06-07 17:16 - 000784384 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll 2013-05-08 11:49 - 2013-05-08 11:49 - 005714944 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll 2009-02-27 15:35 - 2009-02-27 15:35 - 000102400 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIB.dll 2009-02-27 11:59 - 2009-02-27 11:59 - 000153088 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIBUtils.dll 2013-05-08 12:54 - 2013-05-08 12:54 - 002441216 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\CoolType.dll 2013-05-08 11:48 - 2013-05-08 11:48 - 004863075 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api 2013-05-08 11:47 - 2013-05-08 11:47 - 001526883 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.api 2013-05-08 11:59 - 2013-05-08 11:59 - 000231523 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api 2013-05-08 02:32 - 2013-05-08 02:32 - 001392640 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ADMPlugin.apl 2014-10-07 09:57 - 2009-08-20 13:36 - 000437760 _____ (AMYUNI Technologies hxxp://www.amyuni.com) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\acpdfui400.dll 2015-06-12 00:22 - 2011-09-20 11:07 - 000508928 _____ (AMYUNI Technologies hxxp://www.amyuni.com) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\acpdfui450.dll 2012-03-10 18:50 - 2011-01-16 17:19 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll 2007-03-13 02:23 - 2007-03-13 02:23 - 000442368 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll 2007-03-13 02:23 - 2007-03-13 02:23 - 000135168 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll 2007-03-13 02:23 - 2007-03-13 02:23 - 000225280 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll 2007-03-13 02:23 - 2007-03-13 02:23 - 000184320 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll 2007-03-13 02:23 - 2007-03-13 02:23 - 000131072 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll 2012-03-10 18:50 - 2011-01-16 17:31 - 000015360 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\AMT_COM_InterfaceLib.dll 2012-03-10 18:50 - 2011-01-16 17:20 - 000471040 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\AMT_SW_GUI.dll 2012-03-10 18:50 - 2011-01-16 17:14 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll 2011-07-27 20:44 - 2011-07-27 20:44 - 001077248 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll 2011-07-27 20:46 - 2011-07-27 20:46 - 001045504 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll 2011-07-27 20:46 - 2011-07-27 20:46 - 003719168 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll 2011-07-27 20:44 - 2011-07-27 20:44 - 000846336 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\DbEngine.dll 2011-07-27 20:46 - 2011-07-27 20:46 - 000841728 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IntStngs.dll 2011-07-27 20:46 - 2011-07-27 20:46 - 000336896 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL 2011-07-27 20:51 - 2011-07-27 20:51 - 001278976 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\MurocApi.dll 2011-07-27 20:50 - 2011-07-27 20:50 - 002072576 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll 2011-07-27 20:44 - 2011-07-27 20:44 - 000177152 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll 2011-07-27 20:59 - 2011-07-27 20:59 - 002338816 _____ (Intel(R) Corporation) [File not signed] C:\Windows\System32\IWMSSvc.dll 2008-04-11 11:54 - 2008-04-11 11:54 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\MSVCR71.dll 2017-10-03 14:43 - 2017-10-03 14:43 - 000112128 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 2017-10-03 14:44 - 2017-10-03 14:44 - 000126976 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 2012-03-10 19:09 - 2012-03-10 19:09 - 001656320 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80.DLL 2012-03-10 19:09 - 2012-03-10 19:09 - 001652736 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL 2012-03-10 19:09 - 2012-03-10 19:09 - 000047104 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_fc42961a63b5a82b\MFC80ENU.DLL 2005-01-13 10:47 - 2005-01-13 10:47 - 000049152 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll 2010-10-12 09:54 - 2010-10-12 09:54 - 000055808 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ScnMgr10.dll 2010-11-19 11:06 - 2010-11-19 11:06 - 000112640 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll 2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll 2010-10-12 09:58 - 2010-10-12 09:58 - 000136704 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ScanEngine30.dll 2016-02-23 18:21 - 2010-09-13 15:00 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll 2016-02-23 18:21 - 2008-06-18 11:49 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enpres.dll 2016-02-23 18:20 - 2011-03-08 07:00 - 000039936 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXGI09A.DLL 2016-02-23 18:20 - 2011-03-08 07:00 - 000181248 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXMI09A.dll 2016-02-23 18:20 - 2011-03-08 07:00 - 000228864 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXUI09A.DLL ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\hsaservicecenter.com -> hxxps://www.hsaservicecenter.com IE trusted site: HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\piriform.com -> hxxp://www.piriform.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2018-12-03 06:20 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\ThinkPad\Bluetooth Software\;C:\Program Files\ThinkPad\Bluetooth Software\syswow64;C:\Program Files\Broadcom\WHL\;C:\Program Files\Broadcom\WHL\syswow64;C:\Program Files\Broadcom\WHL\SysWow64\;C:\Program Files\Broadcom\WHL\SysWow64\syswow64;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Lenovo;C:\Program Files (x86)\Windows Live\Shared;C:\SWTOOLS\ReadyApps;C:\Program Files (x86)\Intel\Services\IPT\;C:\Program Files (x86)\Symantec\VIP Access Client\;C:\Program Files (x86)\Common Files\Lenovo HKU\S-1-5-21-3430477350-3253428499-66189328-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\BC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe No File FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe No File FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe No File FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe No File FirewallRules: [{AF721C4F-14F9-42B9-B256-E49F710F498A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{7E90317B-5058-4DC3-A966-D2F028BE8799}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A604C6DC-EFA7-47A6-966F-8BD9D604415F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{AD2B08BF-E37D-4963-AB9A-87E8AC60DFE0}] => (Allow) LPort=2869 FirewallRules: [{395E969A-02F7-4609-8318-5FBD5E497D8E}] => (Allow) LPort=1900 FirewallRules: [{34063AD1-A6F5-4C5E-962A-F91B97B179BC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C1FF7254-7440-4324-A330-21C73866FF9B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1A7DCDD8-1484-4214-A2C2-A1B6E2605961}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe No File FirewallRules: [{ACE8B46C-222E-45E9-8544-0EC5AE0FE1C2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe No File FirewallRules: [{C3D252C6-3FCF-4D42-8B9A-7F34E64F2203}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe No File FirewallRules: [{EAF5BD83-469D-433B-AA46-000B237A826A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe No File FirewallRules: [{B3710FB3-1CCE-44CD-A093-33D11C423B4D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File FirewallRules: [{2DA9FB56-DB82-4658-B40D-EA9E3CBEA71D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File FirewallRules: [{71FB0B5D-04F5-45B3-A06F-6CAE4079D6AD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe No File FirewallRules: [{B26BBC24-5C35-47FD-8A7A-08DDA1774137}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe No File FirewallRules: [{E522FF1C-C258-444D-B860-82E6A563DFDC}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{62478CD9-394B-4A5B-AC25-A3B80E9115E4}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{557835A1-B93A-4F58-A0F4-9B85C9259139}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{A752A2E1-7370-41B0-8B7F-E1B8566768B4}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{4BE07C0C-6B31-41E8-B567-B44774DD1432}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{22AFF734-48CB-47A4-84F9-2A4B4AB6D04C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{5FC93890-A2FB-468F-8993-AFEEF46B6CE5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{4E641D80-43A9-4AF6-A2FA-83F2EAD10BFC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{E3E8B2E9-090C-4156-97AC-35A89EB00E60}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{5D442641-96C6-41F4-8E4C-D0629E59C152}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{3FCFA61F-FFD9-4D20-840C-648D5A261E70}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{6D1AE10F-1620-48F4-82F0-1A535603D87B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{A161DDAF-13C2-45B4-A7E1-981232DB56E3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{C71BB1F6-F001-4340-A26B-151F95988178}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{28A0D073-EE7B-4973-B12C-C8CA484E0F98}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> ) FirewallRules: [{31936644-F06F-460A-A6FB-6BFD52503936}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> ) FirewallRules: [{3D77FE30-B00B-4A7B-9078-8B3FC8CC09BF}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2014\ATX.exe (CCH Small Firm Services -> CCH Small Firm Services) FirewallRules: [{6793F16C-D4F3-42E3-A10D-2BF96064C514}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2014\Sfs.Max.RolloverService.exe (CCH Small Firm Services -> CCH Small Firm Services) FirewallRules: [{59AAEFB4-8963-4F09-B71C-FCDD36C5A7EB}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2014\Sfs.PrintProcess.exe No File FirewallRules: [{797170D6-C1C9-44C0-B01E-6EFF40DFEA3A}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.Serverhost.exe (CCH Small Firm Services -> CCH Small Firm Services) FirewallRules: [{2E9EDB41-9521-4EBE-B689-2CF7DF458543}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.ServerHost.AdminConsole.exe No File FirewallRules: [{48B34730-174F-4F9B-9615-C0E325250D10}] => (Allow) LPort=60616 FirewallRules: [{AE2F6E1F-DA6C-42B0-AA58-3A402BDE4581}] => (Allow) LPort=60617 FirewallRules: [{00E4C4B3-E2D9-4592-B586-C3FA063C4CCD}] => (Allow) LPort=60618 FirewallRules: [{5C18B589-A6EF-42C1-9A86-CCA691857163}] => (Allow) LPort=31300 FirewallRules: [{8F18E7F9-30EA-4537-A9D9-E113AE187F80}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File FirewallRules: [{13840B08-AD46-458C-A2B7-F5E80C41D8E3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File FirewallRules: [TCP Query User{683E012B-FC81-4846-87D0-481207766E4E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) FirewallRules: [UDP Query User{C8DA6645-ED2E-44B0-8DE1-FC3BC2B5A785}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) FirewallRules: [TCP Query User{659D6D8E-E231-495A-A139-D4EC270A2E24}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) FirewallRules: [UDP Query User{C6712213-F0E2-4D67-A35B-0D6B0B42F317}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) FirewallRules: [{6EEAD4E8-F32E-4FBA-B838-0EB7B7E0627E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File FirewallRules: [{C194E06B-A313-42A0-A070-656682D4C2B6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe No File FirewallRules: [{330934E9-BEC1-4FC5-9064-53739B2BE2D7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File FirewallRules: [{736DB4C9-9137-4228-A82A-6464C0B7BB14}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe No File FirewallRules: [{A67079EA-A500-4C5E-9A57-2D70C0458389}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File FirewallRules: [{89642E62-C989-4ADA-B560-3AF0B3C467FD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File FirewallRules: [{3427D388-BF58-482B-8966-AC2ADD89BE94}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File FirewallRules: [{BCE9A74B-0B82-4C83-BA20-1BBD7C5B241E}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File FirewallRules: [TCP Query User{7630D7BF-EC60-477E-B05E-3E0C7F314066}C:\program files (x86)\swannview link\mydvr.exe] => (Allow) C:\program files (x86)\swannview link\mydvr.exe () [File not signed] FirewallRules: [UDP Query User{A181AFCD-60AE-4AEF-8C11-C6A0E0A8A434}C:\program files (x86)\swannview link\mydvr.exe] => (Allow) C:\program files (x86)\swannview link\mydvr.exe () [File not signed] FirewallRules: [TCP Query User{90C4D7D6-081F-441E-A5DE-4ADFDD9A214D}C:\program files (x86)\swannview link\mydvr.exe] => (Block) C:\program files (x86)\swannview link\mydvr.exe () [File not signed] FirewallRules: [UDP Query User{3C96E279-FB38-49D3-AFE2-EB18CA9E89BB}C:\program files (x86)\swannview link\mydvr.exe] => (Block) C:\program files (x86)\swannview link\mydvr.exe () [File not signed] FirewallRules: [{3C16C0CA-F1F0-4C7B-B132-69461B59BB53}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2016\ATX.exe (CCH Small Firm Services -> CCH Small Firm Services) FirewallRules: [{43087017-A1FD-4FED-B132-DDE3EA0DF6FA}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2016\Sfs.Max.RolloverService.exe (CCH Small Firm Services -> CCH Small Firm Services) FirewallRules: [{58405E2F-C852-43DB-96AE-A177038F1C7D}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2016\Sfs.PrintProcess.exe No File FirewallRules: [{35B8892D-BEA8-4CB3-BB34-1D08EE84DCB4}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.Serverhost.exe (CCH Small Firm Services -> CCH Small Firm Services) FirewallRules: [{9CCBB48E-D409-46C8-A28F-27ECBB981E18}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.ServerHost.AdminConsole.exe No File FirewallRules: [{E28D9FC6-FA29-40CE-BE14-45EED59AC7BC}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Slps.Distributor.Host.exe No File FirewallRules: [{F9884FCB-0AE9-4921-97CB-FBB85BC41007}] => (Allow) LPort=60636 FirewallRules: [{C98C85AC-BA49-44B8-BD2E-D15E63CD5362}] => (Allow) LPort=60637 FirewallRules: [{B3322F12-7863-4957-8CBB-113EB176BAE3}] => (Allow) LPort=60638 FirewallRules: [{88FAD717-8463-4FAA-A776-43ED41039565}] => (Allow) LPort=31300 FirewallRules: [{C901635A-E4CD-4743-9B08-58D257D6560F}] => (Allow) LPort=51525 FirewallRules: [{3C06F917-A67D-49F4-A0E8-0AFE5DEAFC0D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{D8177785-4073-4C13-AD0D-C7B9A4525578}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{26996E63-CF87-4019-B5D2-D68668BE93E1}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2017\ATX.exe (CCH Small Firm Services -> CCH Small Firm Services) FirewallRules: [{C94768CB-FBBE-4956-97D7-C6D5679339E5}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2017\Sfs.Max.RolloverService.exe (CCH Small Firm Services -> CCH Small Firm Services) FirewallRules: [{0ADD4AA8-6EF5-43FB-A208-F66FF3FE2DEE}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2017\Sfs.PrintProcess.exe No File FirewallRules: [{22BB711E-90EF-46E3-B837-37061EDD0506}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.Serverhost.exe (CCH Small Firm Services -> CCH Small Firm Services) FirewallRules: [{2EDFDDC0-0FC3-4E2B-9F69-8F59859CE700}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.ServerHost.AdminConsole.exe No File FirewallRules: [{DD3BFB8C-85D8-44C6-A7BB-B8625E5B353E}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Slps.Distributor.Host.exe No File FirewallRules: [{D6BD70C5-54D9-435C-B7CF-E880BA6A1AFE}] => (Allow) LPort=60646 FirewallRules: [{356822D7-CEEE-42F7-9006-A0EAD0EBA83B}] => (Allow) LPort=60647 FirewallRules: [{B655E8DD-B805-4044-88CA-02ABCBEC66CE}] => (Allow) LPort=60648 FirewallRules: [{3D3D1FD6-0F0C-4CFC-8CDF-65B21D838C91}] => (Allow) LPort=31310 FirewallRules: [{C07BEF02-12FF-4AB4-90DB-31BAC9847A21}] => (Allow) LPort=51535 FirewallRules: [{4579FF5F-679A-4512-9CE5-AF79C9767CAD}] => (Allow) C:\Program Files (x86)\Wolters Kluwer\ATX2018\ATX.exe (Wolters Kluwer United States Inc. -> CCH Small Firm Services) FirewallRules: [{2ADFD72E-EC9E-4EB0-9DF3-546ECA028F14}] => (Allow) C:\Program Files (x86)\Wolters Kluwer\ATX2018\Sfs.Max.RolloverService.exe (Wolters Kluwer United States Inc. -> CCH Small Firm Services) FirewallRules: [{540BAC4C-EF63-4A5B-901F-0E7294F6440A}] => (Allow) C:\Program Files (x86)\Wolters Kluwer\ATX2018\Sfs.PrintProcess.exe No File FirewallRules: [{7767DEFB-3E9E-407B-BB21-06E4957E522D}] => (Allow) C:\Program Files (x86)\Common Files\Wolters Kluwer\ATX 2018 Server\Sfs.Serverhost.exe (Wolters Kluwer United States Inc. -> CCH Small Firm Services) FirewallRules: [{ACF9E037-6117-4517-A5AE-BF9915C1ADC9}] => (Allow) C:\Program Files (x86)\Common Files\Wolters Kluwer\ATX 2018 Server\Sfs.ServerHost.AdminConsole.exe No File FirewallRules: [{C163652F-9C08-4594-8806-463582AB1A5D}] => (Allow) C:\Program Files (x86)\Common Files\Wolters Kluwer\ATX 2018 Server\Slps.Distributor.Host.exe No File FirewallRules: [{7A9F214F-96AA-44B3-85D7-2453E7ECFD52}] => (Allow) LPort=60656 FirewallRules: [{50B6D8C5-E35A-40AB-A84D-78A89B4AA978}] => (Allow) LPort=60657 FirewallRules: [{A3FBB367-340C-45C4-AA5E-E1BD0BDF47D2}] => (Allow) LPort=60658 FirewallRules: [{4EFCCF45-441E-4102-A0D6-E84AE7315BA2}] => (Allow) LPort=31320 FirewallRules: [{E670F4F0-6160-4327-9E81-C48D8FDF8E1A}] => (Allow) LPort=51545 FirewallRules: [{B59D2308-8774-4478-B104-63042FE89158}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 27-07-2019 21:31:19 Scheduled Checkpoint 04-08-2019 12:22:23 Scheduled Checkpoint 12-08-2019 03:38:58 Scheduled Checkpoint 19-08-2019 23:00:03 Scheduled Checkpoint 27-08-2019 15:17:41 Scheduled Checkpoint 04-09-2019 13:45:51 Scheduled Checkpoint 13-09-2019 00:16:06 Scheduled Checkpoint 20-09-2019 11:35:34 Scheduled Checkpoint 26-09-2019 19:18:33 Windows Update 26-09-2019 21:11:54 Installed CCHBrowserSearchInstaller 07-10-2019 17:27:53 Scheduled Checkpoint 19-10-2019 13:57:29 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (03/06/2020 04:18:44 PM) (Source: ESENT) (EventID: 454) (User: ) Description: Raven (3356) 250-1zAIEk-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery/restore failed with unexpected error -1216. Error: (03/06/2020 04:18:44 PM) (Source: ESENT) (EventID: 494) (User: ) Description: Raven (3356) 250-1zAIEk-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery failed with error -1216 because it encountered references to a database, 'C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message. Error: (03/06/2020 04:18:31 PM) (Source: ESENT) (EventID: 454) (User: ) Description: esentutl (44204) Database recovery/restore failed with unexpected error -1216. Error: (03/06/2020 04:18:31 PM) (Source: ESENT) (EventID: 494) (User: ) Description: esentutl (44204) Database recovery failed with error -1216 because it encountered references to a database, 'C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message. Error: (03/06/2020 04:18:26 PM) (Source: ESENT) (EventID: 454) (User: ) Description: Raven (3356) 249-1r1cHM-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery/restore failed with unexpected error -1216. Error: (03/06/2020 04:18:26 PM) (Source: ESENT) (EventID: 494) (User: ) Description: Raven (3356) 249-1r1cHM-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery failed with error -1216 because it encountered references to a database, 'C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message. Error: (03/06/2020 04:17:21 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. Error: (02/29/2020 01:15:02 PM) (Source: ESENT) (EventID: 454) (User: ) Description: Raven (3356) 248-255wWn-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery/restore failed with unexpected error -1216. System errors: ============= Error: (02/20/2020 12:30:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TPHKSVC service. Error: (02/16/2020 01:47:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Time service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (02/16/2020 01:47:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the W32Time service. Error: (02/12/2020 03:20:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VIPAppService service. Error: (02/12/2020 03:19:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TPHKSVC service. Error: (02/08/2020 01:16:18 PM) (Source: NetBT) (EventID: 4307) (User: ) Description: Initialization failed because the transport refused to open initial addresses. Error: (01/31/2020 02:22:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ATX 2017 Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/31/2020 02:05:46 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. CodeIntegrity: =================================== Date: 2016-08-21 17:59:51.008 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-21 17:59:50.968 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-21 17:59:50.928 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-21 17:59:50.878 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-21 17:59:50.808 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-21 02:54:00.146 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-21 02:54:00.083 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-21 02:53:59.699 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== BIOS: LENOVO 8AET56WW (1.36 ) 12/06/2011 Motherboard: LENOVO 4239CTO Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz Percentage of memory in use: 97% Total physical RAM: 6027.23 MB Available physical RAM: 152.11 MB Total Virtual: 12466.58 MB Available Virtual: 2047.03 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:295.14 GB) NTFS ==>[system with boot components (obtained from drive)] Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:4.7 GB) NTFS \\?\Volume{8b6c8d44-6b23-11e1-b4f9-806e6f6e6963}\ (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:1.13 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 9BCB5F28) Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=448.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================
I don't see anything malicious there. Must be some false positive. I'd report it here: https://www.avg.com/en-us/false-positive-file-form
