1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Resolved] e-mail looking to extort some bit coin

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by bgc, May 19, 2020.

  1. bgc

    bgc Established Techie7 Member

    I received the following e-mail looking to extort some bit coin:
    i know XXXXX is one of your password .
    I've recorded your cam while you were watching p orn on X X sites, also I've installed a key logger on ur pc & collected all your c ontacts on s ocial networks, messenger & emails.
    If you want me to erase the recording, pay me 1181$ on bit coin address: 3PQAZ86C3TWvkffhH3wTmEEoNseHKrdn9X
    (sea rch in Goo gle for "how to buy bit coin"), [case SenS itiVe so co py & pas te it].
    If I don't get the bit coins, I will definately send your video to all of your con tacts, don't reply to this email it's ha cked. xnVmyT

    My cam is never used, except last week when my nephew sent a link to a site we could evaluate.

    I'm not sure what a key logger is, I assume it can track keyboard entries if I change my passwords.

    Do you see anything in the logs? Thanks


    Logs below:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2020 01
    Ran by BC (administrator) on LENOVO_520 (LENOVO 4239CTO) (19-05-2020 14:57:04)
    Running from C:\Users\BC\Desktop
    Loaded Profiles: BC
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () R:\140066.enu\Office14\EXCELC.EXE
    () R:\140066.enu\Office14\OffSpon.EXE <2>
    () R:\140066.enu\Office14\WINWORDC.EXE
    (ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswEngSrv.exe
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe <6>
    (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    (CCH Small Firm Services -> CCH Small Firm Services) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.ServerHost.exe
    (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
    (Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <52>
    (Intel Corporation - Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel Corporation - Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel® Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Lenovo Group Limited) [File not signed] C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
    (Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
    (Lenovo(Japan)Ltd. -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
    (Lenovo(Japan)Ltd. -> Lenovo.) C:\Windows\System32\TpShocks.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe <2>
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (MYKI SAL -> MYKI Inc.) C:\Users\BC\AppData\Local\myki\app-1.2.11\MYKI.exe <2>
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (Ricoh co.,Ltd.) [File not signed] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
    (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    (Symantec Corp -> Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    (Ulead Systems, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated -> Synaptics Incorporated)
    HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo(Japan)Ltd. -> Lenovo.)
    HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] (Fortemedia Inc -> )
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant Systems, Inc. -> Conexant systems, Inc.)
    HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
    HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [325704 2020-03-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) [File not signed]
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-16] (Intel Corporation -> Intel Corporation)
    HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
    HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Leader Technologies Inc -> Lenovo, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION) [File not signed]
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION) [File not signed]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-10] (Google Inc -> Google Inc.)
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_0414b] => C:\Users\BC\AppData\Roaming\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=0414b
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_0814av] => C:\Users\BC\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=0814av
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_1114av] => C:\Users\BC\AppData\Roaming\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=1114av
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\BC\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=66b16aa4948e47d286312197b7314e5f-c9a40b780600ef96f836d185b7d347f86f8f94de /CMPID=1214av
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd -> Piriform Ltd)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-07] (Google LLC -> Google LLC)
    HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
    HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\ThinkPad\Bluetooth Software\\BtwCP.dll [2010-12-18] (Broadcom Corporation -> Broadcom Corporation.)
    HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-05-31] (NVIDIA Corporation -> NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-05-31] (NVIDIA Corporation -> NVIDIA Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-03-10]
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {10F817E1-1B81-4D8D-B039-7A19D41D2791} - System32\Tasks\{28978BC3-53D6-435A-A92D-4484D6EF0EC4} => C:\Program Files (x86)\SwannView Link\MyDVR.exe [4674048 2015-09-30] () [File not signed]
    Task: {40BB7FC8-BAF8-45FC-8027-3F110B03E818} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd)
    Task: {4113EACF-D0D0-491B-B72C-1B02850AB25F} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [65336 2011-12-21] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
    Task: {4A8A4548-18E5-43F3-9E14-8BDA62DC8578} - System32\Tasks\{3446E710-91F1-42D3-B2EF-7F3D9822F106} => C:\Program Files (x86)\SwannView Link\MyDVR.exe [4674048 2015-09-30] () [File not signed]
    Task: {52061F86-5839-4D5C-95D8-F58E6B558E3E} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [542056 2011-08-31] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
    Task: {B31E9EA6-82F6-4949-B1A6-11998EA0A3E6} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [65336 2011-12-21] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
    Task: {B50FBCB2-9087-4979-B8FC-DF211A90F672} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
    Task: {BF3E8C10-9EE0-4373-98F1-D587314C7A0B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
    Task: {CFCB20F0-43B1-4270-AA00-CB124CE0DDE5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {DCF1CA2F-853B-478A-8AA2-91D589110F28} - System32\Tasks\{B8D5221F-0F02-4939-A5F8-9BEBB7AC8E9F} => C:\Windows\system32\pcalua.exe -a "C:\Users\BC\Documents\G7PS\VersaCheck 2002\VCheck.exe"
    Task: {E3D83C9B-3D73-4356-87F8-4576D57A5B3E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1692296 2020-02-29] (AVG Technologies USA, LLC -> AVG Technologies)
    Task: {E8603BA5-1730-4FBD-ADD3-309FD41F782C} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [6656 2009-02-09] () [File not signed]
    Task: {EFAF60B7-E2E3-4BD1-BC9B-0DE8A5AD27DA} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [3942704 2020-03-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    Task: {F1482E8E-749F-4C52-B4CB-75E1CD7B0E3A} - System32\Tasks\{6819900C-8790-4D39-885D-993FDD4DCCA0} => C:\Windows\system32\pcalua.exe -a "C:\Users\BC\Documents\VersaCheck 2002\VCheck.exe"
    Task: {FC660943-E989-4DF4-8C95-8790DD366632} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
    Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
    Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
    Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{07631ECC-23A6-4F57-AFB0-2AFA483AD605}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{DAF7FC41-BAD0-4F31-90A5-6CF3A19F3236}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3430477350-3253428499-66189328-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS577
    SearchScopes: HKU\S-1-5-21-3430477350-3253428499-66189328-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS577
    BHO: CCH Browser Search -> {6BACF407-FDBB-41EB-950B-8C93545F8D3A} -> C:\Program Files (x86)\CCH Browser Search\ScriptHost64.dll [2017-08-11] (Wolters Kluwer U.S Corporation -> Wolters Kluwer) [File not signed]
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.)
    BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2011-06-29] (Symantec Corp -> Symantec Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: CCH Browser Search -> {6BACF407-FDBB-41EB-950B-8C93545F8D3A} -> C:\Program Files (x86)\CCH Browser Search\ScriptHost.dll [2017-08-11] (Wolters Kluwer U.S Corporation -> Wolters Kluwer) [File not signed]
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc -> Google Inc.)
    BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2011-06-29] (Symantec Corp -> Symantec Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc -> Google Inc.)
    Toolbar: HKU\S-1-5-21-3430477350-3253428499-66189328-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\197en489.default [2020-05-19]
    FF DownloadDir: C:\Users\BC\Desktop
    FF Homepage: Mozilla\Firefox\Profiles\197en489.default -> hxxps://www.google.com/advanced_search
    FF Extension: (CCH Browser Search) - C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\197en489.default\Extensions\IntelliConnect@WoltersKluwer [2019-09-26] [Legacy]
    FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
    FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2012-03-10] [Legacy] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll [2014-10-28] (Adobe Systems Incorporated -> )
    FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-06-12] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll [2014-10-28] (Adobe Systems Incorporated -> )
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) [File not signed]
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-25] (NVIDIA Corporation -> NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-25] (NVIDIA Corporation -> NVIDIA Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default [2020-05-19]
    CHR DownloadDir: C:\Users\BC\Desktop
    CHR Extension: (Chrome Web Store Payments) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-01]
    CHR Extension: (Chrome Media Router) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-23]
    CHR Profile: C:\Users\BC\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-07-14]
    CHR Profile: C:\Users\BC\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-01]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY)
    R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [413544 2020-03-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [6094272 2020-03-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo(Japan)Ltd. -> Lenovo.)
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
    S2 Sfs.Server.2014; C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.ServerHost.exe [229264 2015-02-04] (CCH Small Firm Services -> CCH Small Firm Services)
    R2 Sfs.Server.2016; C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.ServerHost.exe [234200 2016-10-08] (CCH Small Firm Services -> CCH Small Firm Services)
    S2 Sfs.Server.2017; C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.ServerHost.exe [234208 2017-10-16] (CCH Small Firm Services -> CCH Small Firm Services)
    S2 Sfs.Server.2018; C:\Program Files (x86)\Common Files\Wolters Kluwer\ATX 2018 Server\Sfs.ServerHost.exe [236504 2018-09-24] (Wolters Kluwer United States Inc. -> CCH Small Firm Services)
    R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
    R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
    R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-06-29] (Symantec Corp -> Symantec Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
    R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 5U877; C:\Windows\System32\DRIVERS\5U877.sys [166016 2011-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Ricoh co.,Ltd.)
    R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37960 2020-04-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [206672 2020-04-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [234840 2020-04-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [179032 2020-04-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [61272 2020-04-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [43568 2020-04-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [175472 2020-03-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [110064 2020-04-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [85664 2020-04-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [852392 2020-04-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [459992 2020-04-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [235280 2020-03-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [317864 2020-04-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2020-03-08] (Malwarebytes Corporation -> Malwarebytes)
    R0 nlem64nt; C:\Windows\System32\Drivers\nlem64nt.sys [72808 2009-10-13] (Communication Horizons -> )
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
    R2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [101888 2011-05-25] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
    R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo (United States) Inc.)
    S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
    U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ===================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-05-19 14:57 - 2020-05-19 15:00 - 000032979 _____ C:\Users\BC\Desktop\FRST.txt
    2020-05-19 14:56 - 2020-05-19 14:56 - 000000000 ____D C:\Users\BC\Desktop\FRST-OlderVersion
    2020-05-19 13:05 - 2020-04-17 12:59 - 000337592 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
    2020-05-19 07:57 - 2020-05-19 07:57 - 000000000 ____D C:\Users\BC\AppData\Local\{9D175DAA-6322-42BB-B11C-B3B51B615331}
    2020-05-18 19:18 - 2020-05-18 19:18 - 000000000 ____D C:\Users\BC\AppData\Local\{CD84E5CB-4BEA-482A-A3BE-68A928B70C8A}
    2020-05-18 13:39 - 2020-05-18 13:39 - 000000000 ____D C:\Users\BC\AppData\Local\{90C43C59-9777-437C-8EDC-F9FB986BE651}
    2020-05-17 22:19 - 2020-05-17 22:19 - 000000000 ____D C:\Users\BC\AppData\Local\{75CBBBBC-6959-4324-AEE9-78B285858359}
    2020-05-17 07:25 - 2020-05-17 07:25 - 000105091 _____ C:\Users\BC\Documents\2020 _05 H2O 001.pdf
    2020-05-17 07:21 - 2020-05-17 07:21 - 000310755 _____ C:\Users\BC\Documents\2020 _05 uppr rent 001.pdf
    2020-05-16 23:57 - 2020-05-16 23:57 - 000000000 ____D C:\Users\BC\AppData\Local\{5E8F775F-B028-43B9-99B9-BBDD3316BC14}
    2020-05-16 11:56 - 2020-05-16 11:57 - 000000000 ____D C:\Users\BC\AppData\Local\{3E097A51-D9F3-4A65-9B51-91B95811FD87}
    2020-05-15 23:11 - 2020-05-15 23:11 - 000000000 ____D C:\Users\BC\AppData\Local\{0577398A-0354-41D8-B64D-91B5B818B783}
    2020-05-15 11:11 - 2020-05-15 11:11 - 000000000 ____D C:\Users\BC\AppData\Local\{CECA5320-D523-4547-A65D-21DCF71C75DA}
    2020-05-14 23:10 - 2020-05-14 23:10 - 000000000 ____D C:\Users\BC\AppData\Local\{DB2DE9FB-F34B-4F75-90FF-3B019F5A85D2}
    2020-05-14 11:10 - 2020-05-14 11:10 - 000000000 ____D C:\Users\BC\AppData\Local\{6188EBEA-8AA9-45A8-9C70-BBF99E9718E4}
    2020-05-13 12:45 - 2020-05-13 12:45 - 000000000 ____D C:\Users\BC\AppData\Local\{C5F2AA37-954B-45A4-B32E-C3637FA8A980}
    2020-05-13 00:44 - 2020-05-13 00:44 - 000000000 ____D C:\Users\BC\AppData\Local\{6D6378FB-762E-43D3-8C40-75968C3A4030}
    2020-05-11 19:49 - 2020-05-11 19:49 - 000000000 ____D C:\Users\BC\AppData\Local\{3A64BB07-CD59-44DF-AB98-8CE1F5B42F74}
    2020-05-11 07:48 - 2020-05-11 07:48 - 000000000 ____D C:\Users\BC\AppData\Local\{2DBFFB6C-A13D-4155-98A5-CC3A8E830266}
    2020-05-10 13:53 - 2020-05-10 13:53 - 000000000 ____D C:\Users\BC\AppData\Local\{83EB5B86-8BD5-4EE5-9FB3-A60E67D4B818}
    2020-05-10 01:53 - 2020-05-10 01:53 - 000000000 ____D C:\Users\BC\AppData\Local\{B990634D-8688-41C7-BBB7-7CAE7B3D9873}
    2020-05-09 09:46 - 2020-05-09 09:46 - 000000000 ____D C:\Users\BC\AppData\Local\{F48BE80A-6AE1-4BFA-A06A-6E3EA729A35B}
    2020-05-08 10:20 - 2020-05-08 10:20 - 000000000 ____D C:\Users\BC\AppData\Local\{EF514BDA-5A3E-424A-996D-3C105D28E3A7}
    2020-05-07 22:19 - 2020-05-07 22:20 - 000000000 ____D C:\Users\BC\AppData\Local\{6496EC87-3E4A-4515-A96E-B3D262586450}
    2020-05-07 14:31 - 2020-05-07 14:31 - 000035559 _____ C:\Users\BC\Documents\2020 _05 lower rent defer 001.pdf
    2020-05-07 10:17 - 2020-05-07 10:18 - 000000000 ____D C:\Users\BC\AppData\Local\{5D04B7B5-CE03-44A4-8A71-97F80B65CA52}
    2020-05-06 12:58 - 2020-05-06 12:58 - 000000000 ____D C:\Users\BC\AppData\Local\{67A68F2C-9229-430F-A061-CD0171F6B00A}
    2020-05-06 00:57 - 2020-05-06 00:57 - 000000000 ____D C:\Users\BC\AppData\Local\{A0E6BB9E-3B0B-4A01-8FDD-E1C92509F001}
    2020-05-05 12:56 - 2020-05-05 12:56 - 000000000 ____D C:\Users\BC\AppData\Local\{1AE9784C-BE55-485E-A404-97C04BA50B20}
    2020-05-04 23:43 - 2020-05-04 23:43 - 000000000 ____D C:\Users\BC\AppData\Local\{D5108187-EFBA-422B-9EA1-5035CF22781F}
    2020-05-04 11:42 - 2020-05-04 11:42 - 000000000 ____D C:\Users\BC\AppData\Local\{54ECD090-9DFF-47BA-8A4F-91323227FA64}
    2020-05-03 23:41 - 2020-05-03 23:41 - 000000000 ____D C:\Users\BC\AppData\Local\{69FCC95A-422F-45CD-807A-AF0AC39AE026}
    2020-05-03 11:41 - 2020-05-03 11:41 - 000000000 ____D C:\Users\BC\AppData\Local\{277A4BC0-EA20-4E8B-98C9-6188723F99A7}
    2020-05-02 23:41 - 2020-05-02 23:41 - 000000000 ____D C:\Users\BC\AppData\Local\{40BF4B7D-97EB-4D20-BC30-08BE3C1665AE}
    2020-05-02 11:22 - 2020-05-02 11:22 - 000000000 ____D C:\Users\BC\AppData\Local\{28A2AA51-D13D-497C-9315-08EE62F7B7D1}
    2020-05-01 23:18 - 2020-05-01 23:19 - 000000000 ____D C:\Users\BC\AppData\Local\{CF2A1386-56F8-48D3-A91A-177CDAB0EBB4}
    2020-05-01 09:30 - 2020-05-01 09:31 - 000000000 ____D C:\Users\BC\AppData\Local\{21C503FE-4D59-4DD1-B407-6A303D81BCA9}
    2020-04-30 20:47 - 2020-04-30 20:47 - 000000000 ____D C:\Users\BC\AppData\Local\{2EE564E2-C0FE-4720-9EA3-155F66D2A1F3}
    2020-04-30 08:45 - 2020-04-30 08:46 - 000000000 ____D C:\Users\BC\AppData\Local\{EDF1EB10-6A96-4C68-9BCF-7CD222EA5E5F}
    2020-04-29 10:16 - 2020-04-29 10:16 - 000000000 ____D C:\Users\BC\AppData\Local\{F2C014A4-8236-43F5-9BB0-FE644D832BCA}
    2020-04-28 22:15 - 2020-04-28 22:15 - 000000000 ____D C:\Users\BC\AppData\Local\{5D0B5978-A211-44F8-A1E8-3507DF60A26C}
    2020-04-28 10:15 - 2020-04-28 10:15 - 000000000 ____D C:\Users\BC\AppData\Local\{F14EC226-21BB-46D0-B775-93B573AFB79B}
    2020-04-27 22:14 - 2020-04-27 22:14 - 000000000 ____D C:\Users\BC\AppData\Local\{2CDF4528-3DC6-4C88-8B86-C819CC301F8B}
    2020-04-27 10:13 - 2020-04-27 10:13 - 000000000 ____D C:\Users\BC\AppData\Local\{C9523BDA-B8A9-4F1F-993E-71D3BB7DBDB9}
    2020-04-26 22:13 - 2020-04-26 22:13 - 000000000 ____D C:\Users\BC\AppData\Local\{3FBBA2E1-8098-492B-B854-36558C9DCB9F}
    2020-04-26 10:12 - 2020-04-26 10:12 - 000000000 ____D C:\Users\BC\AppData\Local\{E37FA74B-BE09-4E54-8CF2-FA1860D7A4F8}
    2020-04-25 22:11 - 2020-04-25 22:11 - 000000000 ____D C:\Users\BC\AppData\Local\{8E913DD0-BB99-4952-85C8-D2E7895551BD}
    2020-04-25 10:15 - 2020-04-25 10:15 - 000000000 ____D C:\Users\BC\AppData\Local\{32EB5AD5-8F4F-4B91-93A7-4F3540D0160B}
    2020-04-24 22:14 - 2020-04-24 22:14 - 000000000 ____D C:\Users\BC\AppData\Local\{4CF33BD0-FFAB-427F-A51F-1545A59AFE23}
    2020-04-24 10:13 - 2020-04-24 10:13 - 000000000 ____D C:\Users\BC\AppData\Local\{826B46D6-1333-4C97-90AF-04010002D090}
    2020-04-23 22:13 - 2020-04-23 22:13 - 000000000 ____D C:\Users\BC\AppData\Local\{74E85DFD-92F5-45F0-A633-472EEB7C446B}
    2020-04-23 10:12 - 2020-04-23 10:13 - 000000000 ____D C:\Users\BC\AppData\Local\{1F798FD1-F488-44D1-9370-C7D6D162A7DE}
    2020-04-22 22:12 - 2020-04-22 22:12 - 000000000 ____D C:\Users\BC\AppData\Local\{DE3A6635-8002-486E-96F1-6FBD0309BF47}
    2020-04-22 10:12 - 2020-04-22 10:12 - 000000000 ____D C:\Users\BC\AppData\Local\{C1C1538F-F23E-4907-9E23-9D210FE4ABDA}
    2020-04-21 22:11 - 2020-04-21 22:12 - 000000000 ____D C:\Users\BC\AppData\Local\{873DA704-4149-4DE9-BC27-DAA7B09012DC}
    2020-04-21 09:52 - 2020-04-21 09:52 - 000000000 ____D C:\Users\BC\AppData\Local\{A4AD5045-6514-45A2-9503-D84A399ED398}
    2020-04-20 18:47 - 2020-04-20 18:49 - 000000000 ____D C:\Users\BC\Documents\CORONA VIRUS PAYMENTS AND APPS
    2020-04-20 15:59 - 2020-04-20 15:59 - 000000000 ____D C:\Users\BC\AppData\Local\{EE80B6BD-8DF4-4C0A-B42E-4AC021CA90CB}
    2020-04-20 13:04 - 2020-04-20 13:04 - 000000000 _____ C:\Windows\system32\last.dump
    2020-04-19 17:50 - 2020-04-19 17:51 - 000000000 ____D C:\Users\BC\AppData\Local\myki
    2020-04-19 17:28 - 2020-04-19 17:51 - 000000000 ____D C:\Users\BC\AppData\Local\SquirrelTemp
    2020-04-19 17:28 - 2020-04-19 17:28 - 000000000 ____D C:\Users\BC\AppData\Roaming\MYKI
    2020-04-19 16:56 - 2020-04-19 16:56 - 000000000 ____D C:\Users\BC\AppData\Local\{62B28740-A2BB-4DD5-B23D-E3E0C643651B}
    2020-04-19 15:13 - 2020-04-19 15:15 - 006291456 _____ C:\Users\BC\Desktop\Carrot Ginger Soup - Small.mov
    2020-04-19 12:52 - 2020-04-19 13:08 - 095181256 _____ (MYKI Inc.) C:\Users\BC\Desktop\MYKISetup.exe

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-05-19 14:58 - 2019-07-27 11:49 - 000000000 ____D C:\FRST
    2020-05-19 14:58 - 2009-07-13 19:34 - 000000438 _____ C:\Windows\win.ini
    2020-05-19 14:56 - 2020-03-06 18:15 - 002286080 _____ (Farbar) C:\Users\BC\Desktop\FRST64.exe
    2020-05-19 07:58 - 2018-08-27 12:26 - 003819184 _____ C:\Windows\system32\Data.INTEG.RAW
    2020-05-18 16:23 - 2020-03-28 14:04 - 000053616 _____ () C:\Windows\system32\Drivers\staport.sys.158542946543601
    2020-05-17 22:31 - 2017-03-16 13:19 - 000004174 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
    2020-05-11 14:10 - 2014-01-10 23:59 - 000000000 ____D C:\Users\BC\AppData\Roaming\SmartFTP
    2020-05-11 11:06 - 2014-01-15 02:15 - 000000000 ____D C:\Users\BC\Documents\temp
    2020-05-09 10:21 - 2018-12-24 00:58 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
    2020-05-09 10:21 - 2018-09-08 14:00 - 000003102 _____ C:\Windows\system32\Tasks\{B8D5221F-0F02-4939-A5F8-9BEBB7AC8E9F}
    2020-05-09 10:21 - 2018-09-08 13:59 - 000003092 _____ C:\Windows\system32\Tasks\{6819900C-8790-4D39-885D-993FDD4DCCA0}
    2020-05-09 10:21 - 2018-04-13 15:53 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
    2020-05-09 10:21 - 2017-05-04 17:53 - 000002958 _____ C:\Windows\system32\Tasks\{3446E710-91F1-42D3-B2EF-7F3D9822F106}
    2020-05-09 10:21 - 2017-05-04 17:52 - 000002958 _____ C:\Windows\system32\Tasks\{28978BC3-53D6-435A-A92D-4484D6EF0EC4}
    2020-05-09 10:21 - 2014-03-26 13:31 - 000002766 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
    2020-05-09 10:21 - 2012-03-17 15:54 - 000002836 _____ C:\Windows\system32\Tasks\DiskUpdate
    2020-05-09 10:21 - 2012-03-10 20:19 - 000003376 _____ C:\Windows\system32\Tasks\MCP
    2020-05-09 10:21 - 2012-03-10 20:10 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
    2020-05-09 10:21 - 2012-03-10 20:10 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
    2020-05-09 10:21 - 2012-03-10 20:00 - 000002958 _____ C:\Windows\system32\Tasks\PMTask
    2020-05-07 21:22 - 2012-03-10 20:10 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2020-05-05 15:41 - 2009-07-13 21:45 - 000031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2020-05-05 15:41 - 2009-07-13 21:45 - 000031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2020-04-28 10:52 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\NDF
    2020-04-24 01:22 - 2014-01-15 02:15 - 000000000 ____D C:\Users\BC\Documents\Transmission Line
    2020-04-23 08:53 - 2014-01-15 02:14 - 000000000 ____D C:\Users\BC\Documents\PLAYA HOUSE
    2020-04-23 08:09 - 2009-07-13 22:32 - 000000000 ____D C:\Windows\system32\FxsTmp
    2020-04-19 16:58 - 2017-03-14 20:49 - 000000000 ____D C:\Users\BC\AppData\Roaming\vlc

    ==================== Files in the root of some directories ========

    2019-07-07 11:43 - 2019-07-07 11:43 - 000003584 _____ () C:\Users\BC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2019-09-22 14:15 - 2019-09-22 14:15 - 000007618 _____ () C:\Users\BC\AppData\Local\Resmon.ResmonCfg

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)


    LastRegBack: 2020-04-11 16:23
    ==================== End of FRST.txt ========================


    Addition is in 2nd message
     
    bgc, May 19, 2020
    #1
  2. bgc

    bgc Established Techie7 Member

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2020 01
    Ran by BC (19-05-2020 15:01:18)
    Running from C:\Users\BC\Desktop
    Windows 7 Professional Service Pack 1 (X64) (2012-03-17 22:54:06)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3430477350-3253428499-66189328-500 - Administrator - Disabled)
    BC (S-1-5-21-3430477350-3253428499-66189328-1001 - Administrator - Enabled) => C:\Users\BC
    Guest (S-1-5-21-3430477350-3253428499-66189328-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3430477350-3253428499-66189328-1003 - Limited - Enabled)
    UpdatusUser (S-1-5-21-3430477350-3253428499-66189328-1000 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG Antivirus (Enabled - Out of date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
    AS: AVG Antivirus (Enabled - Out of date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    2013 Lacerte Tax (HKLM-x32\...\2013 Lacerte Tax) (Version: - Intuit Inc.)
    2013 Lacerte Tax Planner (HKLM-x32\...\2013 Lacerte Tax Planner) (Version: - Intuit Inc.)
    2014 Lacerte Tax (HKLM-x32\...\2014 Lacerte Tax) (Version: - Intuit Inc.)
    2014 Lacerte Tax Planner (HKLM-x32\...\2014 Lacerte Tax Planner) (Version: - Intuit Inc.)
    2016 Lacerte Tax (HKLM-x32\...\2016 Lacerte Tax) (Version: - Intuit Inc.)
    64 Bit HP CIO Components Installer (HKLM\...\{9F560BEB-021F-43AC-825F-AA60442D8DE4}) (Version: 1.0.0 - Hewlett-Packard) Hidden
    ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
    ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
    Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
    AIO_CDB_ProductContext (HKLM-x32\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    AIO_CDB_Software (HKLM-x32\...\{E09575B2-498D-4C8B-A9D2-623F78574F29}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    AIO_Scan (HKLM-x32\...\{0D2E9DCB-9938-475E-B4DD-8851738852FF}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    ATX 2014 (HKLM-x32\...\{BFB9811D-CA96-45E5-9242-9497D74B1548}) (Version: 14.6.0 - CCH Small Firm Services)
    ATX 2016 (HKLM-x32\...\{E59557AB-A1E2-4C43-8F52-E5FBD1332D12}) (Version: 16.6.0 - CCH Small Firm Services)
    ATX 2017 (HKLM-x32\...\{9E587DD8-8D07-4140-97BC-38BCD2BC307B}) (Version: 17.3.0 - CCH Small Firm Services)
    ATX 2018 (HKLM-x32\...\{6FEFD49E-A4EA-43DE-8BE6-2CFA291A85A7}) (Version: 18.3.0 - CCH Small Firm Services)
    ATX Server 2014 (HKLM-x32\...\{80A2D786-E075-478B-BE44-4458F74A3DBE}) (Version: 14.5.0 - CCH Small Firm Services)
    ATX Server 2016 (HKLM-x32\...\{71272489-0F94-470B-B38F-446353340568}) (Version: 16.0.0 - CCH Small Firm Services)
    ATX Server 2017 (HKLM-x32\...\{968735CC-D34A-47BC-974B-0BEC9C82B92B}) (Version: 17.0.0 - CCH Small Firm Services)
    ATX Server 2018 (HKLM-x32\...\{E0CB0BA2-F60D-4729-8CEE-95C40948AF02}) (Version: 18.0.0 - CCH Small Firm Services)
    AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 20.2.3116 - AVG Technologies)
    Batch Thumbs 1.7 (HKLM-x32\...\Batch Thumbs 1.7) (Version: 1.7 - HarmWare)
    Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
    BufferChm (HKLM-x32\...\{BE77A81F-B315-4666-9BF3-AE70C0ADB057}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Burn.Now 4.5 (HKLM-x32\...\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Hidden
    Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.51.2 - Canon Inc.)
    Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.12.2.1 - Canon Inc.)
    Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
    Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.12.2.0 - Canon Inc.)
    CCH® Browser Search (HKLM-x32\...\IntelliConnect Search) (Version: 2.0.0.35 - Wolters Kluwer)
    CCHBrowserSearchInstaller (HKLM-x32\...\{508C226E-8312-43A5-8B4E-31E98CCE669D}) (Version: 2.0.35 - Wolters Kluwer) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
    Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.0 - Conexant)
    Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
    Corel DVD MovieFactory 7 (HKLM-x32\...\{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Hidden
    Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
    Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
    Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
    Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Direct DiscRecorder (HKLM-x32\...\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
    Direct DiscRecorder (HKLM-x32\...\InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
    Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
    Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
    Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
    Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
    Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version: - SEIKO EPSON Corporation)
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
    Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
    Fax (HKLM-x32\...\{7A7DC702-DEDE-42A8-8722-B3BA724D546F}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
    Go PlayAlong (HKLM-x32\...\{E8AD89F3-C2D9-80E0-94A7-8461F8967E93}) (Version: 2.93 - UNKNOWN) Hidden
    Go PlayAlong (HKLM-x32\...\com.goplayalong.41DF8ADAAE31CA841C48A6C358D6E3DCCEC38798.1) (Version: 2.93 - UNKNOWN)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.138 - Google LLC)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    HP Deskjet 3000 J310 series Basic Device Software (HKLM\...\{C77B1ED4-A026-4E2F-8C91-184AEF5D1D87}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
    HP Deskjet 3000 J310 series Help (HKLM-x32\...\{654A65DA-7173-4B51-ACEB-F855201EE033}) (Version: 140.0.66.66 - Hewlett Packard)
    HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
    Image Resizer for Windows (64 bit) (HKLM\...\{617CA6E9-D5FB-4017-8130-82E68C56C34D}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
    Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
    Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
    Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
    Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version: - ) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
    Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
    Intuit PTG MachID (HKLM-x32\...\{24226917-7238-4477-8583-5BB632A89FC0}) (Version: 1.03.0000 - Intuit Inc)
    Intuit Runtime Components 6.0.16 (HKLM-x32\...\{6A3CAA8E-6DDB-4AA7-A411-9982FF9180FE}) (Version: 6.0.16 - Intuit Inc.)
    Intuit Runtime Components 8.0.92 (HKLM-x32\...\{901AFFCC-3992-4388-8D4B-414113ADE0E9}) (Version: 8.0.92 - Intuit, Inc.)
    Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
    Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Lacerte DMS (HKLM-x32\...\{5999E160-C1BC-4C32-B2A0-4CB22E71594D}) (Version: 11.1.0 - Intuit)
    Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
    Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
    Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
    Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
    Lenovo Solution Center (HKLM\...\{828CE72E-718B-4FDC-A469-8DE674CE8C4D}) (Version: 1.0.006.00 - Lenovo Group Limited)
    Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
    Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
    Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
    Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Message Center Plus (HKLM-x32\...\{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}) (Version: 3.0.0011.00 - Lenovo Group Limited)
    Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MuseScore 2 (HKLM-x32\...\{703926DE-F24B-11E4-AA68-472FB664A5DC}) (Version: 2.0.1 - Werner Schweer and Others)
    MYKI (HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\myki) (Version: 1.2.11 - MYKI Inc.)
    NetLib Encryptionizer (HKLM\...\{FD0E376F-D30A-477C-AA84-2F4F5B51D713}) (Version: 1.00.0000 - CCH Small Firm Services)
    NVIDIA 3D Vision Driver 268.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.71 - NVIDIA Corporation)
    NVIDIA Graphics Driver 268.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.71 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
    On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.03 - )
    Quicken 2005 (HKLM-x32\...\{2DBE41DD-2129-4C65-A3D3-5647236A60F3}) (Version: 14.00.0000 - Intuit) Hidden
    Quicken 2005 (HKLM-x32\...\InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}) (Version: 14.00.0000 - Intuit)
    RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
    Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
    RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
    RogueKiller version 13.2.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.2.0 - Adlice Software)
    Scan (HKLM-x32\...\{1746EA69-DCB6-4408-B5A5-E75F55439CDF}) (Version: 8.1.0.0 - Hewlett-Packard) Hidden
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
    SwannView Link version 2.1.2.10 (HKLM-x32\...\{992EF7D5-3D70-5A7F-AFDC-8C946676BD5D}_is1) (Version: 2.1.2.10 - )
    System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
    TaxACT 2013 California Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2013 California Preparer's - 1040 Edition) (Version: - TaxACT, Inc.)
    TaxACT 2013 California Preparer's - 1120 Edition (HKLM-x32\...\TaxACT 2013 California Preparer's - 1120 Edition) (Version: - TaxACT, Inc.)
    TaxACT 2013 Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2013 Preparer's - 1040 Edition) (Version: - TaxACT, Inc.)
    TaxACT 2013 Preparer's - 1120 Edition (HKLM-x32\...\TaxACT 2013 Preparer's - 1120 Edition) (Version: - TaxACT, Inc.)
    TaxACT 2014 Preparer's - 1120 Edition (HKLM-x32\...\TaxACT 2014 Preparer's - 1120 Edition) (Version: 1.02 - TaxACT, Inc.)
    ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
    ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
    ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.61.00.11 - )
    ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
    ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.8.0 - )
    ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
    ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
    ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
    ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
    Toolbox (HKLM-x32\...\{C716522C-3731-4667-8579-40B098294500}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
    TurboTax Business 2012 (HKLM-x32\...\TurboTax Business 2012) (Version: 2012.0 - Intuit, Inc)
    UnloadSupport (HKLM-x32\...\{E06F04B9-45E6-4AC0-8083-85F7515F40F7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
    VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.2.140 - VeriSign)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    WebReg (HKLM-x32\...\{179C56A4-F57F-4561-8BBF-F911D26EB435}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
    Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
    Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel)
    Windows Driver Package - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
    Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
    Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
    Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2020-03-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2013-02-23] (Brice Lambson) [File not signed]
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-03-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2011-05-25] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2020-03-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Codecs (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [msacm.ulmp3acm] => C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm [319488 2006-01-23] (Ulead systems) [File not signed]
    HKLM\...\Drivers32: [msacm.mpegacm] => C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\mpegacm.acm [69632 2006-04-17] (Ulead Systems, Inc.) [File not signed]
    HKLM\...\Drivers32: [msacm.dvacm] => C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm [32768 2008-05-16] (Ulead Systems, Inc.) [File not signed]

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
    WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
    WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

    ==================== Loaded Modules (Whitelisted) =============

    2020-04-19 17:51 - 2020-04-19 17:51 - 000128000 _____ () [File not signed] \\?\C:\Users\BC\AppData\Local\Temp\9f9cebf9-bad2-4378-b747-09f3c39db817.tmp.node
    2009-02-27 12:52 - 2009-02-27 12:52 - 000258048 _____ () [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll
    2012-03-10 19:59 - 2011-08-31 11:03 - 000045568 ____N () [File not signed] C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
    2011-07-27 21:07 - 2011-07-27 21:07 - 001501696 _____ () [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2012-03-10 20:01 - 2010-04-06 10:05 - 002085888 _____ () [File not signed] C:\Program Files\Lenovo\AutoLock\cv210.dll
    2012-03-10 20:01 - 2010-04-06 10:04 - 002201088 _____ () [File not signed] C:\Program Files\Lenovo\AutoLock\cxcore210.dll
    2011-06-07 18:16 - 2011-06-07 18:16 - 000784384 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll
    2013-05-08 12:49 - 2013-05-08 12:49 - 005714944 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll
    2009-02-27 16:35 - 2009-02-27 16:35 - 000102400 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIB.dll
    2009-02-27 12:59 - 2009-02-27 12:59 - 000153088 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIBUtils.dll
    2013-05-08 13:54 - 2013-05-08 13:54 - 002441216 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\CoolType.dll
    2013-05-08 12:48 - 2013-05-08 12:48 - 004863075 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api
    2013-05-08 12:47 - 2013-05-08 12:47 - 001526883 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.api
    2013-05-08 12:49 - 2013-05-08 12:49 - 000395363 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PDDom.api
    2013-05-08 12:59 - 2013-05-08 12:59 - 000231523 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api
    2013-05-08 03:32 - 2013-05-08 03:32 - 001392640 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ADMPlugin.apl
    2014-10-07 10:57 - 2009-08-20 14:36 - 000437760 _____ (AMYUNI Technologies hxxp://www.amyuni.com) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\acpdfui400.dll
    2015-06-12 01:22 - 2011-09-20 12:07 - 000508928 _____ (AMYUNI Technologies hxxp://www.amyuni.com) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\acpdfui450.dll
    2012-03-10 19:50 - 2011-01-16 18:19 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
    2013-02-23 11:46 - 2013-02-23 11:46 - 000141312 _____ (Brice Lambson) [File not signed] C:\Program Files (x86)\Image Resizer for Windows\ShellExtensions.dll
    2013-02-23 11:47 - 2013-02-23 11:47 - 000166400 _____ (Brice Lambson) [File not signed] C:\Program Files\Image Resizer for Windows\ShellExtensions.dll
    2007-03-13 03:23 - 2007-03-13 03:23 - 000442368 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll
    2007-03-13 03:23 - 2007-03-13 03:23 - 000135168 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll
    2007-03-13 03:23 - 2007-03-13 03:23 - 000225280 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll
    2007-03-13 03:23 - 2007-03-13 03:23 - 000184320 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll
    2007-03-13 03:23 - 2007-03-13 03:23 - 000131072 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll
    2012-03-10 19:50 - 2011-01-16 18:31 - 000015360 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\AMT_COM_InterfaceLib.dll
    2012-03-10 19:50 - 2011-01-16 18:20 - 000471040 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\AMT_SW_GUI.dll
    2012-03-10 19:50 - 2011-01-16 18:14 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
    2011-07-27 21:44 - 2011-07-27 21:44 - 001077248 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
    2011-07-27 21:46 - 2011-07-27 21:46 - 001045504 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll
    2011-07-27 21:46 - 2011-07-27 21:46 - 003719168 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll
    2011-07-27 21:44 - 2011-07-27 21:44 - 000846336 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\DbEngine.dll
    2011-07-27 21:46 - 2011-07-27 21:46 - 000841728 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IntStngs.dll
    2011-07-27 21:46 - 2011-07-27 21:46 - 000336896 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
    2011-07-27 21:51 - 2011-07-27 21:51 - 001278976 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\MurocApi.dll
    2011-07-27 21:50 - 2011-07-27 21:50 - 002072576 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll
    2011-07-27 21:44 - 2011-07-27 21:44 - 000177152 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
    2011-07-27 21:59 - 2011-07-27 21:59 - 002338816 _____ (Intel(R) Corporation) [File not signed] C:\Windows\System32\IWMSSvc.dll
    2008-04-11 12:54 - 2008-04-11 12:54 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\MSVCR71.dll
    2017-10-03 15:43 - 2017-10-03 15:43 - 000112128 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    2012-03-10 20:09 - 2012-03-10 20:09 - 001656320 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80.DLL
    2012-03-10 20:09 - 2012-03-10 20:09 - 001652736 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
    2012-03-10 20:09 - 2012-03-10 20:09 - 000047104 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_fc42961a63b5a82b\MFC80ENU.DLL
    2005-01-13 11:47 - 2005-01-13 11:47 - 000049152 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
    2010-10-12 10:54 - 2010-10-12 10:54 - 000055808 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ScnMgr10.dll
    2010-11-19 12:06 - 2010-11-19 12:06 - 000112640 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
    2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
    2010-10-12 10:58 - 2010-10-12 10:58 - 000136704 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ScanEngine30.dll
    2016-02-23 19:21 - 2010-09-13 16:00 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
    2016-02-23 19:21 - 2008-06-18 12:49 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enpres.dll
    2016-02-23 19:20 - 2011-03-08 08:00 - 000039936 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXGI09A.DLL
    2016-02-23 19:20 - 2011-03-08 08:00 - 000181248 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXMI09A.dll
    2016-02-23 19:20 - 2011-03-08 08:00 - 000228864 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXUI09A.DLL

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer trusted/restricted ==========

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\hsaservicecenter.com -> hxxps://www.hsaservicecenter.com
    IE trusted site: HKU\S-1-5-21-3430477350-3253428499-66189328-1001\...\piriform.com -> hxxp://www.piriform.com

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:34 - 2018-12-03 07:20 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\ThinkPad\Bluetooth Software\;C:\Program Files\ThinkPad\Bluetooth Software\syswow64;C:\Program Files\Broadcom\WHL\;C:\Program Files\Broadcom\WHL\syswow64;C:\Program Files\Broadcom\WHL\SysWow64\;C:\Program Files\Broadcom\WHL\SysWow64\syswow64;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Lenovo;C:\Program Files (x86)\Windows Live\Shared;C:\SWTOOLS\ReadyApps;C:\Program Files (x86)\Intel\Services\IPT\;C:\Program Files (x86)\Symantec\VIP Access Client\;C:\Program Files (x86)\Common Files\Lenovo
    HKU\S-1-5-21-3430477350-3253428499-66189328-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\BC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [VirtualPC-In-UDP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [VirtualPC-In-UDP-2] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [VirtualPC-In-TCP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{AF721C4F-14F9-42B9-B256-E49F710F498A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{7E90317B-5058-4DC3-A966-D2F028BE8799}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{A604C6DC-EFA7-47A6-966F-8BD9D604415F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{AD2B08BF-E37D-4963-AB9A-87E8AC60DFE0}] => (Allow) LPort=2869
    FirewallRules: [{395E969A-02F7-4609-8318-5FBD5E497D8E}] => (Allow) LPort=1900
    FirewallRules: [{34063AD1-A6F5-4C5E-962A-F91B97B179BC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{C1FF7254-7440-4324-A330-21C73866FF9B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{1A7DCDD8-1484-4214-A2C2-A1B6E2605961}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe => No File
    FirewallRules: [{ACE8B46C-222E-45E9-8544-0EC5AE0FE1C2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe => No File
    FirewallRules: [{C3D252C6-3FCF-4D42-8B9A-7F34E64F2203}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe => No File
    FirewallRules: [{EAF5BD83-469D-433B-AA46-000B237A826A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe => No File
    FirewallRules: [{B3710FB3-1CCE-44CD-A093-33D11C423B4D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe => No File
    FirewallRules: [{2DA9FB56-DB82-4658-B40D-EA9E3CBEA71D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe => No File
    FirewallRules: [{71FB0B5D-04F5-45B3-A06F-6CAE4079D6AD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe => No File
    FirewallRules: [{B26BBC24-5C35-47FD-8A7A-08DDA1774137}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe => No File
    FirewallRules: [{E522FF1C-C258-444D-B860-82E6A563DFDC}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{62478CD9-394B-4A5B-AC25-A3B80E9115E4}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{557835A1-B93A-4F58-A0F4-9B85C9259139}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{A752A2E1-7370-41B0-8B7F-E1B8566768B4}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{4BE07C0C-6B31-41E8-B567-B44774DD1432}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{22AFF734-48CB-47A4-84F9-2A4B4AB6D04C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{5FC93890-A2FB-468F-8993-AFEEF46B6CE5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{4E641D80-43A9-4AF6-A2FA-83F2EAD10BFC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{E3E8B2E9-090C-4156-97AC-35A89EB00E60}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{5D442641-96C6-41F4-8E4C-D0629E59C152}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{3FCFA61F-FFD9-4D20-840C-648D5A261E70}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{6D1AE10F-1620-48F4-82F0-1A535603D87B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [TCP Query User{A161DDAF-13C2-45B4-A7E1-981232DB56E3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [UDP Query User{C71BB1F6-F001-4340-A26B-151F95988178}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{28A0D073-EE7B-4973-B12C-C8CA484E0F98}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> )
    FirewallRules: [{31936644-F06F-460A-A6FB-6BFD52503936}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> )
    FirewallRules: [{3D77FE30-B00B-4A7B-9078-8B3FC8CC09BF}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2014\ATX.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{6793F16C-D4F3-42E3-A10D-2BF96064C514}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2014\Sfs.Max.RolloverService.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{59AAEFB4-8963-4F09-B71C-FCDD36C5A7EB}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2014\Sfs.PrintProcess.exe => No File
    FirewallRules: [{797170D6-C1C9-44C0-B01E-6EFF40DFEA3A}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.Serverhost.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{2E9EDB41-9521-4EBE-B689-2CF7DF458543}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2014 Server\Sfs.ServerHost.AdminConsole.exe => No File
    FirewallRules: [{48B34730-174F-4F9B-9615-C0E325250D10}] => (Allow) LPort=60616
    FirewallRules: [{AE2F6E1F-DA6C-42B0-AA58-3A402BDE4581}] => (Allow) LPort=60617
    FirewallRules: [{00E4C4B3-E2D9-4592-B586-C3FA063C4CCD}] => (Allow) LPort=60618
    FirewallRules: [{5C18B589-A6EF-42C1-9A86-CCA691857163}] => (Allow) LPort=31300
    FirewallRules: [{8F18E7F9-30EA-4537-A9D9-E113AE187F80}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
    FirewallRules: [{13840B08-AD46-458C-A2B7-F5E80C41D8E3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
    FirewallRules: [TCP Query User{683E012B-FC81-4846-87D0-481207766E4E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    FirewallRules: [UDP Query User{C8DA6645-ED2E-44B0-8DE1-FC3BC2B5A785}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    FirewallRules: [TCP Query User{659D6D8E-E231-495A-A139-D4EC270A2E24}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    FirewallRules: [UDP Query User{C6712213-F0E2-4D67-A35B-0D6B0B42F317}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    FirewallRules: [{6EEAD4E8-F32E-4FBA-B838-0EB7B7E0627E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe => No File
    FirewallRules: [{C194E06B-A313-42A0-A070-656682D4C2B6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe => No File
    FirewallRules: [{330934E9-BEC1-4FC5-9064-53739B2BE2D7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe => No File
    FirewallRules: [{736DB4C9-9137-4228-A82A-6464C0B7BB14}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe => No File
    FirewallRules: [{A67079EA-A500-4C5E-9A57-2D70C0458389}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe => No File
    FirewallRules: [{89642E62-C989-4ADA-B560-3AF0B3C467FD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe => No File
    FirewallRules: [{3427D388-BF58-482B-8966-AC2ADD89BE94}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe => No File
    FirewallRules: [{BCE9A74B-0B82-4C83-BA20-1BBD7C5B241E}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe => No File
    FirewallRules: [TCP Query User{7630D7BF-EC60-477E-B05E-3E0C7F314066}C:\program files (x86)\swannview link\mydvr.exe] => (Allow) C:\program files (x86)\swannview link\mydvr.exe () [File not signed]
    FirewallRules: [UDP Query User{A181AFCD-60AE-4AEF-8C11-C6A0E0A8A434}C:\program files (x86)\swannview link\mydvr.exe] => (Allow) C:\program files (x86)\swannview link\mydvr.exe () [File not signed]
    FirewallRules: [TCP Query User{90C4D7D6-081F-441E-A5DE-4ADFDD9A214D}C:\program files (x86)\swannview link\mydvr.exe] => (Block) C:\program files (x86)\swannview link\mydvr.exe () [File not signed]
    FirewallRules: [UDP Query User{3C96E279-FB38-49D3-AFE2-EB18CA9E89BB}C:\program files (x86)\swannview link\mydvr.exe] => (Block) C:\program files (x86)\swannview link\mydvr.exe () [File not signed]
    FirewallRules: [{3C16C0CA-F1F0-4C7B-B132-69461B59BB53}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2016\ATX.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{43087017-A1FD-4FED-B132-DDE3EA0DF6FA}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2016\Sfs.Max.RolloverService.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{58405E2F-C852-43DB-96AE-A177038F1C7D}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2016\Sfs.PrintProcess.exe => No File
    FirewallRules: [{35B8892D-BEA8-4CB3-BB34-1D08EE84DCB4}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.Serverhost.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{9CCBB48E-D409-46C8-A28F-27ECBB981E18}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Sfs.ServerHost.AdminConsole.exe => No File
    FirewallRules: [{E28D9FC6-FA29-40CE-BE14-45EED59AC7BC}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2016 Server\Slps.Distributor.Host.exe => No File
    FirewallRules: [{F9884FCB-0AE9-4921-97CB-FBB85BC41007}] => (Allow) LPort=60636
    FirewallRules: [{C98C85AC-BA49-44B8-BD2E-D15E63CD5362}] => (Allow) LPort=60637
    FirewallRules: [{B3322F12-7863-4957-8CBB-113EB176BAE3}] => (Allow) LPort=60638
    FirewallRules: [{88FAD717-8463-4FAA-A776-43ED41039565}] => (Allow) LPort=31300
    FirewallRules: [{C901635A-E4CD-4743-9B08-58D257D6560F}] => (Allow) LPort=51525
    FirewallRules: [{3C06F917-A67D-49F4-A0E8-0AFE5DEAFC0D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
    FirewallRules: [{D8177785-4073-4C13-AD0D-C7B9A4525578}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
    FirewallRules: [{26996E63-CF87-4019-B5D2-D68668BE93E1}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2017\ATX.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{C94768CB-FBBE-4956-97D7-C6D5679339E5}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2017\Sfs.Max.RolloverService.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{0ADD4AA8-6EF5-43FB-A208-F66FF3FE2DEE}] => (Allow) C:\Program Files (x86)\CCH Small Firm Services\ATX2017\Sfs.PrintProcess.exe => No File
    FirewallRules: [{22BB711E-90EF-46E3-B837-37061EDD0506}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.Serverhost.exe (CCH Small Firm Services -> CCH Small Firm Services)
    FirewallRules: [{2EDFDDC0-0FC3-4E2B-9F69-8F59859CE700}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Sfs.ServerHost.AdminConsole.exe => No File
    FirewallRules: [{DD3BFB8C-85D8-44C6-A7BB-B8625E5B353E}] => (Allow) C:\Program Files (x86)\Common Files\CCH Small Firm Services\ATX 2017 Server\Slps.Distributor.Host.exe => No File
    FirewallRules: [{D6BD70C5-54D9-435C-B7CF-E880BA6A1AFE}] => (Allow) LPort=60646
    FirewallRules: [{356822D7-CEEE-42F7-9006-A0EAD0EBA83B}] => (Allow) LPort=60647
    FirewallRules: [{B655E8DD-B805-4044-88CA-02ABCBEC66CE}] => (Allow) LPort=60648
    FirewallRules: [{3D3D1FD6-0F0C-4CFC-8CDF-65B21D838C91}] => (Allow) LPort=31310
    FirewallRules: [{C07BEF02-12FF-4AB4-90DB-31BAC9847A21}] => (Allow) LPort=51535
    FirewallRules: [{4579FF5F-679A-4512-9CE5-AF79C9767CAD}] => (Allow) C:\Program Files (x86)\Wolters Kluwer\ATX2018\ATX.exe (Wolters Kluwer United States Inc. -> CCH Small Firm Services)
    FirewallRules: [{2ADFD72E-EC9E-4EB0-9DF3-546ECA028F14}] => (Allow) C:\Program Files (x86)\Wolters Kluwer\ATX2018\Sfs.Max.RolloverService.exe (Wolters Kluwer United States Inc. -> CCH Small Firm Services)
    FirewallRules: [{540BAC4C-EF63-4A5B-901F-0E7294F6440A}] => (Allow) C:\Program Files (x86)\Wolters Kluwer\ATX2018\Sfs.PrintProcess.exe => No File
    FirewallRules: [{7767DEFB-3E9E-407B-BB21-06E4957E522D}] => (Allow) C:\Program Files (x86)\Common Files\Wolters Kluwer\ATX 2018 Server\Sfs.Serverhost.exe (Wolters Kluwer United States Inc. -> CCH Small Firm Services)
    FirewallRules: [{ACF9E037-6117-4517-A5AE-BF9915C1ADC9}] => (Allow) C:\Program Files (x86)\Common Files\Wolters Kluwer\ATX 2018 Server\Sfs.ServerHost.AdminConsole.exe => No File
    FirewallRules: [{C163652F-9C08-4594-8806-463582AB1A5D}] => (Allow) C:\Program Files (x86)\Common Files\Wolters Kluwer\ATX 2018 Server\Slps.Distributor.Host.exe => No File
    FirewallRules: [{7A9F214F-96AA-44B3-85D7-2453E7ECFD52}] => (Allow) LPort=60656
    FirewallRules: [{50B6D8C5-E35A-40AB-A84D-78A89B4AA978}] => (Allow) LPort=60657
    FirewallRules: [{A3FBB367-340C-45C4-AA5E-E1BD0BDF47D2}] => (Allow) LPort=60658
    FirewallRules: [{4EFCCF45-441E-4102-A0D6-E84AE7315BA2}] => (Allow) LPort=31320
    FirewallRules: [{E670F4F0-6160-4327-9E81-C48D8FDF8E1A}] => (Allow) LPort=51545
    FirewallRules: [{D759B8A1-129F-4279-8865-67D89449C698}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

    13-09-2019 01:16:06 Scheduled Checkpoint
    20-09-2019 12:35:34 Scheduled Checkpoint
    26-09-2019 20:18:33 Windows Update
    26-09-2019 22:11:54 Installed CCHBrowserSearchInstaller
    07-10-2019 18:27:53 Scheduled Checkpoint
    19-10-2019 14:57:29 Scheduled Checkpoint
    08-03-2020 05:12:41 Scheduled Checkpoint
    15-03-2020 22:12:04 Scheduled Checkpoint
    28-03-2020 16:27:22 Scheduled Checkpoint
    07-04-2020 15:10:57 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (05/19/2020 07:58:03 AM) (Source: ESENT) (EventID: 454) (User: )
    Description: Raven (2668) 148-DJzTh-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery/restore failed with unexpected error -1216.

    Error: (05/19/2020 07:58:03 AM) (Source: ESENT) (EventID: 494) (User: )
    Description: Raven (2668) 148-DJzTh-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery failed with error -1216 because it encountered references to a database, 'C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

    Error: (05/19/2020 07:57:55 AM) (Source: ESENT) (EventID: 454) (User: )
    Description: esentutl (161884) Database recovery/restore failed with unexpected error -1216.

    Error: (05/19/2020 07:57:55 AM) (Source: ESENT) (EventID: 494) (User: )
    Description: esentutl (161884) Database recovery failed with error -1216 because it encountered references to a database, 'C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

    Error: (05/19/2020 07:57:46 AM) (Source: ESENT) (EventID: 454) (User: )
    Description: Raven (2668) 147-1oQNtq-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery/restore failed with unexpected error -1216.

    Error: (05/19/2020 07:57:46 AM) (Source: ESENT) (EventID: 494) (User: )
    Description: Raven (2668) 147-1oQNtq-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery failed with error -1216 because it encountered references to a database, 'C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

    Error: (05/18/2020 01:39:22 PM) (Source: ESENT) (EventID: 454) (User: )
    Description: Raven (2668) 146-1W7mnO-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery/restore failed with unexpected error -1216.

    Error: (05/18/2020 01:39:22 PM) (Source: ESENT) (EventID: 494) (User: )
    Description: Raven (2668) 146-1W7mnO-C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data: Database recovery failed with error -1216 because it encountered references to a database, 'C:\ProgramData\CCH Small Firm Services\ATX 2016 Server\DataStore\Data', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.


    System errors:
    =============
    Error: (05/15/2020 06:29:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.

    Error: (05/15/2020 07:53:42 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

    Error: (05/13/2020 12:44:05 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.

    Error: (05/13/2020 12:44:04 AM) (Source: Server) (EventID: 2505) (User: )
    Description: The server could not bind to the transport \Device\NetBT_Tcpip_{DAF7FC41-BAD0-4F31-90A5-6CF3A19F3236} because another computer on the network has the same name. The server could not start.

    Error: (05/11/2020 07:48:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TPHKSVC service.

    Error: (05/09/2020 09:45:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service.

    Error: (05/08/2020 07:18:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The ATX 2014 Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/08/2020 07:18:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The ATX 2018 Service service terminated unexpectedly. It has done this 1 time(s).


    CodeIntegrity:
    ===================================

    Date: 2016-08-21 17:59:51.008
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-21 17:59:50.968
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-21 17:59:50.928
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-21 17:59:50.878
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-21 17:59:50.808
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-21 02:54:00.146
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-21 02:54:00.083
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-21 02:53:59.699
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    BIOS: LENOVO 8AET56WW (1.36 ) 12/06/2011
    Motherboard: LENOVO 4239CTO
    Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
    Percentage of memory in use: 96%
    Total physical RAM: 6027.23 MB
    Available physical RAM: 211.75 MB
    Total Virtual: 12888.23 MB
    Available Virtual: 1915.56 MB

    ==================== Drives ================================

    Drive c: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:294.46 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:4.7 GB) NTFS

    \\?\Volume{8b6c8d44-6b23-11e1-b4f9-806e6f6e6963}\ (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:1.13 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 9BCB5F28)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=448.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt =======================
     
    bgc, May 19, 2020
    #2
  3. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    This is a known scam. Nothing to worry about. Your logs are clean.
     
    broni, May 20, 2020
    #3
  4. bgc

    bgc Established Techie7 Member

    Thanks for looking at the logs.
     
    bgc, May 20, 2020
    #4
  5. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    You're very welcome [​IMG]
     
    broni, May 20, 2020
    #5