Hi everyone,
My computer seems to be very slow at the moment, and I'm also having connectivity issues when trying to access websites. It's ALL websites, not just a particular one. At the moment I'm not sure if it's a hardware issue (router) or a software issue. I thought I would have someone here take a look and see if any malicious files pop-up that might be the root cause. I know that there used to be malicious files on the computer in the past, but I ran a few tools that seemed to fix the issue. Thank you in advance!
Here are the two log files:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-11-2015
Ran by wendy (administrator) on SCHILLINGPC (26-11-2015 17:09:12)
Running from C:\Users\wendy\Desktop
Loaded Profiles: wendy (Available Profiles: wendy & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(TPV-INVENTA TECHNOLOGY CO., LTD.) C:\Program Files (x86)\TNIOSDVolumeSync\TNISrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\Pelico.exe
() C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsDaemon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(TPV-INVENTA TECHNOLOGY CO., LTD) C:\Program Files (x86)\TNIOSDVolumeSync\TNIOSDVolumeSync.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [Lenovo Black Silk Input Device Main Program] => C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\Pelico.exe [118272 2011-04-18] (Primax Electronics Ltd.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [TNIOSDVolumeSync(x64)] => C:\Program Files (x86)\TNIOSDVolumeSync\TNIExec.exe [9728 2012-08-29] (TPV-INVENTA TECHNOLOGY CO., LTD.)
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [270680 2012-07-19] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1752408 2012-07-09] (TODO: <公司名>)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DrvInst] => C:\Program Files (x86)\Lenovo\Driver & Application Auto-installation\Bpd.exe [515928 2012-09-03] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoDrives] 33554432
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616 2014-05-23] (Amazon Inc.)
AppInit_DLLs-x32: C:/PROGRA~3/{AE9F4~1/190~1.1/lefa.dll => C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}\1.9.0.1\lefa.dll [966144 2015-01-24] ()
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [106304 2014-05-23] (Amazon Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{0018BDE0-5E87-4C03-8A85-B6D7735A0827}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{317EE491-2A17-4357-B336-03ACF68E5CFC}: [DhcpNameServer] 192.168.254.254 192.168.254.254
Internet Explorer:
==================
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2186271191-3458891878-1518541264-1001 -> {5D0E24A2-78F5-4645-B9D9-9472D9AE6CB7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20131042,19890,0,25,0
SearchScopes: HKU\S-1-5-21-2186271191-3458891878-1518541264-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2186271191-3458891878-1518541264-1001 -> {D4929332-219D-4437-8AAA-4F95180CB5A3} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2186271191-3458891878-1518541264-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-12] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\McAfee\MSK => not found
Chrome:
=======
CHR Profile: C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-29]
CHR Extension: (Google Drive) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-28]
CHR Extension: (YouTube) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-29]
CHR Extension: (Google Search) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-29]
CHR Extension: (No Name) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-27]
CHR Extension: (Google Wallet) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-28]
CHR Extension: (Gmail) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-29]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [24880 2013-01-15] (Microsoft) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165664 2012-08-23] (Intel Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 TNISrvc; C:\Program Files (x86)\TNIOSDVolumeSync\TNISrvc.exe [53760 2012-08-29] (TPV-INVENTA TECHNOLOGY CO., LTD.) [File not signed]
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [638272 2014-08-18] (RealVNC Ltd)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 LEMo602D; C:\Windows\system32\DRIVERS\LEMo602D.sys [24064 2011-04-19] (Primax Electronics Ltd.)
R3 LEub602D; C:\Windows\system32\DRIVERS\LEub602D.sys [18944 2011-05-17] (Primax Electronics Ltd.)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [232576 2012-08-21] (Vimicro Corporation)
R3 vmuacflt; C:\Windows\System32\Drivers\vmuacflt.sys [13696 2012-05-02] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-26 17:09 - 2015-11-26 17:09 - 00022009 _____ C:\Users\wendy\Desktop\FRST.txt
2015-11-26 17:02 - 2015-11-26 17:09 - 00000000 ____D C:\FRST
2015-11-26 17:00 - 2015-11-26 17:00 - 02348544 _____ (Farbar) C:\Users\wendy\Desktop\FRST64.exe
2015-11-24 13:47 - 2015-11-24 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{83DFAAB6-6C02-4D73-A512-724875F22790}
2015-11-18 13:47 - 2015-11-18 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{8763BCCB-ECAA-4B7B-A5E0-EB4DE4BE6219}
2015-11-13 13:47 - 2015-11-13 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{764904D7-1D10-4848-9E97-0AAF12403B4B}
2015-11-11 13:47 - 2015-11-11 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{8A565DBB-41DA-4A63-AFAF-5B97031D7796}
2015-11-11 06:52 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 06:52 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 06:52 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-11 06:52 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-11 06:52 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 06:52 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 06:52 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-11 06:52 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 06:52 - 2015-10-30 16:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-11 06:52 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 06:52 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-11 06:52 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-11 06:52 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 06:52 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-11 06:52 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-11 06:52 - 2015-10-30 16:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-11 06:52 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-11 06:52 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 06:52 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 06:52 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-11 06:52 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-11 06:52 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 06:52 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-11 06:52 - 2015-09-12 07:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-10 19:36 - 2015-10-13 09:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-10 19:36 - 2015-10-13 09:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-10 19:36 - 2015-10-13 09:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-10 19:36 - 2015-10-13 09:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-10 19:36 - 2015-10-13 09:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-10 19:36 - 2015-10-13 09:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-10 19:36 - 2015-10-11 00:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-10 19:36 - 2015-10-11 00:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-10 19:36 - 2015-10-10 12:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-10 19:36 - 2015-10-10 12:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-10 19:36 - 2015-10-10 12:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-10 19:36 - 2015-10-10 11:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-10 19:36 - 2015-10-10 11:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-10 19:36 - 2015-10-10 11:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-10 19:36 - 2015-10-10 10:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-10 19:35 - 2015-10-15 10:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 19:35 - 2015-10-15 09:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 19:35 - 2015-10-13 11:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 19:35 - 2015-10-13 11:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 19:35 - 2015-09-29 06:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-10 19:35 - 2015-09-07 10:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-10 19:35 - 2015-09-07 09:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-10 19:35 - 2015-09-07 09:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-10 19:35 - 2015-09-04 13:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-10 19:35 - 2015-08-28 16:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-10 19:35 - 2015-08-20 14:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-10 19:35 - 2015-08-20 11:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-10 19:35 - 2014-11-04 19:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-11-10 19:35 - 2014-11-04 19:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-11-10 19:30 - 2015-10-20 15:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-10 19:30 - 2015-10-20 08:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-10 19:30 - 2015-10-20 08:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-10 19:30 - 2015-10-20 08:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-10 19:30 - 2015-10-20 08:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-10 19:30 - 2015-10-20 08:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-10 19:30 - 2015-10-20 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-10 19:30 - 2015-10-20 08:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-10 19:30 - 2015-10-20 08:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-10 19:30 - 2015-10-20 08:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-10 19:30 - 2015-10-20 08:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-10 19:30 - 2015-10-20 08:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-10 19:30 - 2015-10-14 17:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 19:30 - 2015-10-14 17:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-10 19:30 - 2015-10-14 17:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-10 19:30 - 2015-10-14 17:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-10 19:30 - 2015-10-14 17:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-10 19:29 - 2015-10-17 08:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-10 19:29 - 2015-10-08 10:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-10 19:29 - 2015-08-10 12:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-10 19:29 - 2015-08-10 12:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-10 19:29 - 2015-08-10 11:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-10 19:29 - 2015-08-10 10:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-10 19:29 - 2015-08-10 10:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-10 19:29 - 2014-11-10 12:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-11-08 08:40 - 2015-11-08 08:40 - 00075838 _____ C:\Users\wendy\Downloads\Lego Friends Rescue Base.jfif
2015-11-07 16:08 - 2015-11-07 16:08 - 00000000 _____ C:\Users\wendy\AppData\Local\{3441B966-1E30-424F-9056-4B59D883B2B3}
2015-11-06 13:47 - 2015-11-06 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{B9ABF72C-2B8C-4466-A32B-DF20134AED24}
2015-11-06 03:05 - 2015-11-06 03:05 - 00001917 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-11-06 03:05 - 2015-11-06 03:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-11-03 18:10 - 2015-11-03 18:10 - 00000000 _____ C:\Users\wendy\AppData\Local\{F70007E8-BA19-4D78-985C-B5A7C5A25A6C}
2015-11-01 13:47 - 2015-11-01 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{15135D05-20BE-4E7C-B82D-1DC0E37F554F}
2015-10-30 12:47 - 2015-10-30 12:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{38C9BF8B-1E54-4BCA-BA19-DC73F09BE67A}
2015-10-28 12:47 - 2015-10-28 12:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{D36816FC-F195-460C-ABCB-7BCE12DF09C1}
2015-10-27 12:47 - 2015-10-27 12:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{D2122FB7-DB86-492E-A19E-3581B5FB5A04}
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-26 17:02 - 2013-08-22 07:36 - 00000000 ____D C:\Windows
2015-11-26 15:48 - 2014-07-28 16:28 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-26 15:46 - 2014-07-27 19:32 - 00000000 ____D C:\Users\wendy\AppData\Local\ElevatedDiagnostics
2015-11-26 14:33 - 2013-10-19 17:04 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{23A68A7E-00C5-433E-85A2-71EC8D7C75FD}
2015-11-24 13:47 - 2014-07-28 16:28 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-22 20:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-19 19:45 - 2013-10-19 17:02 - 00000000 __RDO C:\Users\wendy\SkyDrive
2015-11-19 19:37 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-19 18:44 - 2013-09-29 22:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-19 18:44 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\Inf
2015-11-19 18:40 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-19 18:40 - 2013-08-22 08:44 - 00371720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-19 18:38 - 2013-08-22 07:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-11-19 18:37 - 2013-08-22 09:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-13 00:49 - 2014-07-28 16:35 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-11 12:52 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 12:50 - 2013-08-17 01:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 12:37 - 2013-07-24 08:38 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-07 11:03 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-06 03:06 - 2015-08-06 13:29 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-06 03:06 - 2015-08-06 13:29 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-11-06 03:05 - 2015-08-06 13:29 - 00003554 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2015-11-05 20:47 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-02 18:23 - 2014-11-18 21:16 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-02 18:23 - 2014-11-18 21:15 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-01 06:22 - 2015-01-12 21:59 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-30 03:55 - 2014-01-11 17:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-30 03:55 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
==================== Files in the root of some directories =======
2013-08-08 14:08 - 2013-08-08 14:08 - 9842040 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2013-12-09 18:27 - 2013-12-09 18:27 - 0000288 _____ () C:\Users\wendy\AppData\Roaming\.backup.dm
2013-10-18 12:00 - 2013-06-27 09:36 - 0192512 ____H () C:\Users\wendy\AppData\Local\common_functions.dll
2013-06-27 09:36 - 2013-06-27 09:36 - 0114688 ____H () C:\Users\wendy\AppData\Local\ie_runner_app.exe
2013-10-18 12:00 - 2012-06-26 04:59 - 0940544 ____H (Apache Software Foundation) C:\Users\wendy\AppData\Local\log4cxx.dll
2015-07-14 06:29 - 2015-07-14 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{069E3ED4-8CDC-400C-BC88-B5BCFF252151}
2015-06-20 17:41 - 2015-06-20 17:41 - 0000000 _____ () C:\Users\wendy\AppData\Local\{110F9870-4E2F-4B59-A7FF-8EDD6C9D2317}
2015-11-01 13:47 - 2015-11-01 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{15135D05-20BE-4E7C-B82D-1DC0E37F554F}
2015-10-06 12:47 - 2015-10-06 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{1B9E8D18-5B0C-4C01-8A23-3B5C304C03B6}
2015-04-20 17:45 - 2015-04-20 17:45 - 0000000 _____ () C:\Users\wendy\AppData\Local\{1DDA70ED-3574-420E-B7AA-C4FA391F7DFC}
2015-06-24 06:29 - 2015-06-24 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{1FEC92C0-8E5D-4A7E-90AF-AD40D5236C78}
2015-06-26 06:29 - 2015-06-26 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{2D8D0F3D-D8BE-43A5-AD5D-58EF912469EC}
2015-11-07 16:08 - 2015-11-07 16:08 - 0000000 _____ () C:\Users\wendy\AppData\Local\{3441B966-1E30-424F-9056-4B59D883B2B3}
2015-10-30 12:47 - 2015-10-30 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{38C9BF8B-1E54-4BCA-BA19-DC73F09BE67A}
2015-08-01 00:35 - 2015-08-01 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{38E649A8-C06A-45B7-B14A-01034C9B4543}
2015-08-22 00:35 - 2015-08-22 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{430B5E45-FBBA-4F9E-9F3A-1ADAF7654337}
2015-08-29 20:41 - 2015-08-29 20:41 - 0000000 _____ () C:\Users\wendy\AppData\Local\{4BD56954-D807-4844-9F86-2D4CA4555C07}
2015-07-18 15:18 - 2015-07-18 15:18 - 0000000 _____ () C:\Users\wendy\AppData\Local\{624B602E-6D26-4AF6-BD82-B393703CB7AB}
2015-10-13 06:03 - 2015-10-13 06:03 - 0000000 _____ () C:\Users\wendy\AppData\Local\{6B8CC477-7FC3-4E5C-A9C7-1C4194BE3FAA}
2015-10-24 12:47 - 2015-10-24 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{722561CA-DFC4-4CB4-BE31-08A468563E9A}
2015-11-13 13:47 - 2015-11-13 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{764904D7-1D10-4848-9E97-0AAF12403B4B}
2015-06-28 06:29 - 2015-06-28 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{78886CB7-6662-4BF6-9BB6-C0BC2C75E15A}
2015-04-22 17:45 - 2015-04-22 17:45 - 0000000 _____ () C:\Users\wendy\AppData\Local\{7A2405BA-B6C9-467D-A1B4-A10896706AD3}
2015-06-15 06:29 - 2015-06-15 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{7B290F10-B94B-44EE-86A7-973FE33C0128}
2015-09-06 20:41 - 2015-09-06 20:41 - 0000000 _____ () C:\Users\wendy\AppData\Local\{83720732-A486-42BB-B2B1-4A04A1631D2B}
2015-11-24 13:47 - 2015-11-24 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{83DFAAB6-6C02-4D73-A512-724875F22790}
2015-11-18 13:47 - 2015-11-18 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{8763BCCB-ECAA-4B7B-A5E0-EB4DE4BE6219}
2015-11-11 13:47 - 2015-11-11 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{8A565DBB-41DA-4A63-AFAF-5B97031D7796}
2015-04-21 17:45 - 2015-04-21 17:45 - 0000000 _____ () C:\Users\wendy\AppData\Local\{94296B03-C699-4E5C-AF6F-DD88EE5A6521}
2015-06-22 06:29 - 2015-06-22 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{A500015C-CDCB-4A7D-BC16-AB13211F0392}
2015-09-11 20:41 - 2015-09-11 20:41 - 0000000 _____ () C:\Users\wendy\AppData\Local\{A5C22D0B-5D8E-4022-B7EB-C75436967C39}
2015-06-17 06:29 - 2015-06-17 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{AD1B6D5D-B922-44D6-9AF8-AE8D021B55AC}
2015-08-26 17:00 - 2015-08-26 17:00 - 0000000 _____ () C:\Users\wendy\AppData\Local\{AD3753E3-96B0-4874-B7E5-906E15A2B8D3}
2015-06-25 06:29 - 2015-06-25 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{B07F0F2B-8ED7-4959-A933-15BDA63ADD5D}
2015-07-23 00:35 - 2015-07-23 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{B0FB6489-F2C1-4D7C-A16B-2FCA7DB996A9}
2015-07-16 00:35 - 2015-07-16 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{B2048CBC-8B2C-4F3E-8F92-0057B099EF25}
2015-07-17 00:35 - 2015-07-17 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{B7B80A39-180E-4BCF-8AEF-C5DA856A5386}
2015-11-06 13:47 - 2015-11-06 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{B9ABF72C-2B8C-4466-A32B-DF20134AED24}
2015-07-09 06:29 - 2015-07-09 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{BB179260-8E99-454F-9785-8FB46993E6DB}
2015-09-29 12:47 - 2015-09-29 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{BC9F1C3E-A4B4-4C00-B0BF-84B3317C2738}
2015-09-22 18:41 - 2015-09-22 18:41 - 0000000 _____ () C:\Users\wendy\AppData\Local\{C26632A8-32C3-40A2-91A0-33A0DEFA0239}
2015-07-30 00:35 - 2015-07-30 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{C5CB08E3-9549-4972-8EA5-F65736FEE0F6}
2015-09-20 12:47 - 2015-09-20 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{D1CD6D91-06F9-4F2B-879E-370CA19BEC93}
2015-10-27 12:47 - 2015-10-27 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{D2122FB7-DB86-492E-A19E-3581B5FB5A04}
2015-10-28 12:47 - 2015-10-28 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{D36816FC-F195-460C-ABCB-7BCE12DF09C1}
2015-07-11 06:29 - 2015-07-11 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{D75A69AF-DA36-40B3-AE04-72A0ADA1BBE0}
2015-07-26 00:35 - 2015-07-26 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{DB9B9209-E11B-4B21-9C7B-CDFEA77FF65C}
2015-05-24 06:29 - 2015-05-24 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{DEB9E28D-F9E3-49C2-B604-79474D14CB51}
2015-07-05 20:52 - 2015-07-05 20:52 - 0000000 _____ () C:\Users\wendy\AppData\Local\{DEC8628E-5F1E-46B3-A1A2-D0C2E5363623}
2015-07-13 06:29 - 2015-07-13 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{E171084E-4FA7-4443-AE0B-9E9BB0E78E71}
2015-05-22 06:29 - 2015-05-22 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{E44E9E29-9DC5-4383-8DEC-AC5785CCD3AD}
2015-10-08 12:47 - 2015-10-08 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{E638D5D6-13DC-4025-915D-6476D561236B}
2015-08-06 13:40 - 2015-08-06 13:40 - 0000000 _____ () C:\Users\wendy\AppData\Local\{E6BD08D1-7655-4E53-B4AE-84300A6553FF}
2015-09-17 12:47 - 2015-09-17 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{F1A3865B-DDDB-4416-9B8D-FF0C2FD6F351}
2015-09-10 06:09 - 2015-09-10 06:09 - 0000000 _____ () C:\Users\wendy\AppData\Local\{F550ADF8-0A25-4C29-A443-496EBB56CEDC}
2015-11-03 18:10 - 2015-11-03 18:10 - 0000000 _____ () C:\Users\wendy\AppData\Local\{F70007E8-BA19-4D78-985C-B5A7C5A25A6C}
2015-06-29 06:29 - 2015-06-29 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{FD76CF26-49A6-4328-AECA-104A67C1D980}
2013-05-30 02:51 - 2013-05-30 02:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-30 02:56 - 2013-05-30 02:56 - 0000198 ____H () C:\ProgramData\Lenovo-10516.vbs
2013-05-30 02:56 - 2013-05-30 02:56 - 0000198 ____H () C:\ProgramData\Lenovo-10562.vbs
Files to move or delete:
====================
C:\ProgramData\Lenovo-10516.vbs
C:\ProgramData\Lenovo-10562.vbs
Some files in TEMP:
====================
C:\Users\wendy\AppData\Local\Temp\mpam-5675fe71.exe
C:\Users\wendy\AppData\Local\Temp\mpam-a57a0532.exe
C:\Users\wendy\AppData\Local\Temp\mpam-bca53d14.exe
C:\Users\wendy\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\wendy\AppData\Local\Temp\_is9DFE.exe
C:\Users\wendy\AppData\Local\Temp\{0D485AD8-5B21-4A32-82AC-8B1394B26FDF}-43.0.2357.65_42.0.2311.90_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{14719E8E-FF8A-44EF-8940-C24B1D990AFE}-46.0.2490.86_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{1602FCB1-4A8E-4985-83E1-DCA076A24EBF}-46.0.2490.71_45.0.2454.101_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{195001F8-83DF-4562-9ED5-207F3F2A6F0B}-43.0.2357.132_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{26B4DAE9-FCAC-4EF1-8D35-8096D89EA351}-46.0.2490.71_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{2D713F4E-E3D7-4426-A213-29BDF21BABA6}-44.0.2403.89_43.0.2357.134_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{2FA2A1DC-D182-424F-9463-AF15EE0DC93B}-42.0.2311.90_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{38307534-4163-418E-A3F0-02AAD6CCF4D3}-44.0.2403.130_44.0.2403.125_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{3C610C77-BFDB-4F27-B96A-0B1431B1A8EB}-45.0.2454.93_45.0.2454.85_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{41C89F9A-9B65-4542-BCEA-D03FCC0F2F3F}-43.0.2357.132_43.0.2357.130_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{43DF90B1-5CF7-4F6A-81B2-9F3B39FF3E9D}-GoogleUpdateSetup.exe
C:\Users\wendy\AppData\Local\Temp\{4F8DACC1-2154-47BA-8DF7-FE4A0A80118F}-41.0.2272.118_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{50B43127-2F37-43D1-B1DD-B2383D38F787}-GoogleUpdateSetup.exe
C:\Users\wendy\AppData\Local\Temp\{56C195CA-C865-4F47-9CB4-72ED3A8319AA}-43.0.2357.65_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{59C071DD-EF0A-4D81-9BC1-A4BDE78D4186}-43.0.2357.130_43.0.2357.124_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{611BC64A-F8D7-4B9A-A410-BFBC2FDF89DA}-43.0.2357.124_43.0.2357.65_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{6BF689B5-B275-4E48-92AB-951FCA32550E}-44.0.2403.155_44.0.2403.130_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{746728E6-D1DA-4A19-9C9F-2695B19E724D}-45.0.2454.101_45.0.2454.99_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{75E307AB-A938-426A-A9C3-C83CD2E93E43}-44.0.2403.107_44.0.2403.89_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{7D17A395-6003-4BBA-8F9C-354C80007F06}-44.0.2403.125_44.0.2403.107_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{83E1712C-3E79-46F4-B249-F3B0DA2BE1C0}-46.0.2490.80_46.0.2490.71_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{858C3519-3CB6-4906-9467-E664742A794A}-44.0.2403.89_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{8B9EC845-15B6-42B5-A030-D8C417840918}-43.0.2357.134_43.0.2357.132_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{912E262B-69B2-4A5E-9014-8E7C0E2C6D77}-43.0.2357.124_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{93358086-21F7-4966-879F-539A2894FEC2}-45.0.2454.99_45.0.2454.93_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{B36874BB-AC03-4886-BFB7-00100A5E7B98}-46.0.2490.86_46.0.2490.80_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{C84F8028-8072-4BF5-B666-C6831F30427C}-GoogleUpdateSetup.exe
C:\Users\wendy\AppData\Local\Temp\{CFA2678A-0AA1-47A4-9DAA-3C4720FDFC79}-44.0.2403.157_44.0.2403.155_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{D31DCAC5-5EC6-4810-B66C-0691289C20FE}-GoogleUpdateSetup.exe
C:\Users\wendy\AppData\Local\Temp\{F5E763D0-5CBF-4151-9916-84513B2F154A}-46.0.2490.80_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{F87C147E-1F08-48DF-AF9A-2539A37A049D}-45.0.2454.85_44.0.2403.157_chrome_updater.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-19 18:51
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-11-2015
Ran by wendy (2015-11-26 17:10:07)
Running from C:\Users\wendy\Desktop
Windows 8.1 (X64) (2013-10-19 22:59:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2186271191-3458891878-1518541264-500 - Administrator - Disabled)
Guest (S-1-5-21-2186271191-3458891878-1518541264-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2186271191-3458891878-1518541264-1005 - Limited - Enabled)
wendy (S-1-5-21-2186271191-3458891878-1518541264-1001 - Administrator - Enabled) => C:\Users\wendy
zschi_000 (S-1-5-21-2186271191-3458891878-1518541264-1006 - Administrator - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Amazon 1Button App (x32 Version: 1.0.8 - Amazon) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0617 - Lenovo)
Elevated Installer (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Garmin Express (HKLM-x32\...\{b292f4e5-60ca-4bb8-8810-e5f908c3c1ff}) (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.20.1337 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.27 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.9 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4521.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4521.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1511 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1511 - CyberLink Corp.) Hidden
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
ScummVM 1.2.1 (HKLM-x32\...\ScummVM_is1) (Version: - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
TNIOSDVolumeSync (HKLM-x32\...\InstallShield_{86B9BBB1-B06B-4B31-9D0A-634B41598251}) (Version: 1.0.0.3 - TPV-INVENTA TECHNOLOGY CO., LTD.)
TNIOSDVolumeSync (x32 Version: 1.0.0.3 - TPV-INVENTA TECHNOLOGY CO., LTD.) Hidden
VNC Server 5.2.1 (HKLM\...\{6B624E00-364E-4F07-9768-BFEF08692CB0}) (Version: 5.2.1 - RealVNC Ltd)
VNC Viewer 5.2.1 (HKLM\...\{F5572534-DC0E-428B-A24B-C9D312C63359}) (Version: 5.2.1 - RealVNC Ltd)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
11-11-2015 12:36:02 Windows Update
19-11-2015 19:35:52 Scheduled Checkpoint
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2015-02-08 20:54 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {05AD421F-C80F-4099-8B22-3CB907C122EE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {0C524683-4352-4F7A-975D-3065B8D40122} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {1E06C527-0826-4E83-83A0-EB2FEAFFFB98} - System32\Tasks\Lenovo\Lenovo-10516 => C:\ProgramData\Lenovo-10516.vbs [2013-05-30] ()
Task: {2AAEEB7D-BFB0-46AF-A5FE-51C74D54333D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {55EE8601-9FC8-4160-92BE-437509DF4D4F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5EB92DA3-01BD-4358-9DB9-8574E6DCCC00} - System32\Tasks\Lenovo\Lenovo-10562 => C:\ProgramData\Lenovo-10562.vbs [2013-05-30] ()
Task: {A7F8C194-7803-4B15-A498-12C8943C360C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CCD4FD81-4E9D-4726-8C2D-0B72588DF857} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-10-29] ()
Task: {CEEF6B53-6672-42EF-A02E-DF2AC1DD1155} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-11] (Microsoft Corporation)
Task: {E5D67E78-72D2-44B2-A00F-BA1B84A77272} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F8AA04A6-12F4-4FDE-9E28-10252D1D9C13} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-04-20 17:11 - 2015-10-07 18:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-30 03:53 - 2015-09-01 10:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-03 22:42 - 2013-10-03 22:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-30 02:52 - 2011-04-19 00:50 - 01739776 ____N () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsDaemon.exe
2013-05-30 02:52 - 2011-05-12 02:29 - 00045056 ____N () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsComm.dll
2013-05-30 02:52 - 2011-05-16 20:28 - 00110592 ____N () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsUtil.dll
2013-05-30 02:52 - 2011-04-19 00:50 - 00044544 ____N () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsDrv.dll
2013-05-30 02:52 - 2011-04-19 00:49 - 00038400 ____N () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsHooks.dll
2015-10-19 05:41 - 2015-10-19 05:41 - 00472064 _____ () C:\Users\wendy\AppData\Local\Packages\c59ad0af.lenovocloudstoragebysugarsync_m3tnjedffpfhj\AC\Microsoft\CLR_v4.0\NativeImages\SugarSyncWin8.Agent\35690532c713020ea1ad4d897f61a31b\SugarSyncWin8.Agent.ni.dll
2015-08-06 14:28 - 2015-08-06 14:28 - 01782272 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\f1407bb1d381cf5dee299c4e5f0fdf9d\Windows.ApplicationModel.ni.dll
2015-10-19 05:42 - 2015-10-19 05:42 - 00099328 _____ () C:\Users\wendy\AppData\Local\Packages\c59ad0af.lenovocloudstoragebysugarsync_m3tnjedffpfhj\AC\Microsoft\CLR_v4.0\NativeImages\nVentive.Um114fe9fe#\fb357b0ef59cff36c07e6a8449a54219\nVentive.Umbrella.Services.Contract.WinRT.ni.dll
2015-08-06 14:29 - 2015-08-06 14:29 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\5ab6059d1e922dc371685c5207f6f7a6\Windows.System.ni.dll
2015-08-06 14:29 - 2015-08-06 14:29 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\eea3e743a58cb4d556fe113d6336020b\Windows.Storage.ni.dll
2015-08-06 14:29 - 2015-08-06 14:29 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\b3972424579e18e6699549ecb948c4ef\Windows.Foundation.ni.dll
2015-10-19 05:42 - 2015-10-19 05:42 - 01182720 _____ () C:\Users\wendy\AppData\Local\Packages\c59ad0af.lenovocloudstoragebysugarsync_m3tnjedffpfhj\AC\Microsoft\CLR_v4.0\NativeImages\nVentive.Um9106121c#\a6b2cea6e8c85aa2234f27310f700efe\nVentive.Umbrella.Web.WinRT.ni.dll
2015-08-06 14:29 - 2015-08-06 14:29 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\84819467f44d3da49aa14236af8fcc9a\Windows.Networking.ni.dll
2015-08-06 14:29 - 2015-08-06 14:29 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\5c9c0b89a558d0e589c254af6b1ca238\Windows.UI.ni.dll
2015-08-06 14:29 - 2015-08-06 14:29 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\e291aa8a59dc390d0cdf99d3c6d8b6e5\Windows.Data.ni.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-30 02:51 - 2012-10-22 15:22 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2015-11-13 00:49 - 2015-11-06 22:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-13 00:49 - 2015-11-06 22:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\wendy\Pictures\dolphin bible verse case.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "DrvInst"
HKLM\...\StartupApproved\Run32: => "Lenovo Dynamic Brightness System"
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\StartupApproved\Run: => "ooVoo.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2521E100-6378-466D-A3E9-03DA1DC9693A}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{06E1E97B-0589-4C0E-B04F-5E3D3B4C66DF}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{55043391-B0A0-405B-91FA-716FAE7E1DD8}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{BE34D85F-A9A5-4056-B6C5-0E378F4D1D87}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{A74E9B37-3A1F-4A05-AB52-4FDAE0B15CD7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ED6061F6-36F6-426E-BE30-56B80B0B70ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADF98A85-B6E3-4896-99B3-EC310C605694}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{98DF14ED-2F06-4724-960E-817979C0E238}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B47F3BE-F48B-4D24-BC63-FB25836C5B67}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4C192BB8-767D-4A3C-9B26-B5CFE06E16AD}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{DA6EC777-2FEE-4407-84CA-18B5D320FD07}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F980D3A9-1DD8-4CE9-87BF-CE3EDF405C0C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{7890ED8B-E2E3-42B9-ABBE-D874DE53415A}] => (Allow) C:\Users\wendy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{E1796A64-F379-4856-ACA9-6472936E9D17}C:\users\wendy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\wendy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{94A310E6-2F3E-4DD9-A9EF-C31A6AD679CB}C:\users\wendy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\wendy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{63B6F2A0-BB43-4ACF-90D7-6E7E44778EA5}C:\users\wendy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\wendy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{98A636F4-3969-4C43-BEC1-59FB55EBEEA8}C:\users\wendy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\wendy\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3860B4D3-55E0-4621-A3F0-12EFDF1108D3}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{921A7E5E-6B54-4573-9D8D-DAECCC689FF2}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{2ECBBCDF-4D22-46A0-B277-2A9C4237CABF}] => (Allow) C:\Program Files (x86)\ace race\bin\acerace.BRT.Helper.exe
FirewallRules: [{00DA4837-027D-4AE2-8228-3E003A674A1D}] => (Allow) C:\Program Files (x86)\ace race\bin\acerace.BRT.Helper.exe
FirewallRules: [{11C18B54-5915-4404-B1FF-49433EFCB301}] => (Allow) C:\Program Files (x86)\ace race\bin\acerace.BRT.Helper.exe
FirewallRules: [{33B69A5E-A656-4206-B015-490571C132CB}] => (Allow) C:\Program Files (x86)\ace race\bin\acerace.BRT.Helper.exe
FirewallRules: [{3635C314-2391-4EC4-9FED-ABC5F6C221C1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Broadcom 802.11n Network Adapter
Description: Broadcom 802.11n Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/26/2015 05:10:45 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (1596) {D3E63344-B968-490C-B7F1-850E6774E3C0}: Database recovery/restore failed with unexpected error -1032.
Error: (11/26/2015 05:10:45 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1596) {D3E63344-B968-490C-B7F1-850E6774E3C0}: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Error: (11/26/2015 05:10:45 PM) (Source: ESENT) (EventID: 486) (User: )
Description: SettingSyncHost (1596) {D3E63344-B968-490C-B7F1-850E6774E3C0}: An attempt to move the file "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" to "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00F15.log" failed with system error 5 (0x00000005): "Access is denied. ". The move file operation will fail with error -1032 (0xfffffbf8).
Error: (11/26/2015 05:10:35 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (1596) {96A7876E-D353-4343-A181-E817C2804D2E}: Database recovery/restore failed with unexpected error -1032.
Error: (11/26/2015 05:10:35 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1596) {96A7876E-D353-4343-A181-E817C2804D2E}: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Error: (11/26/2015 05:10:35 PM) (Source: ESENT) (EventID: 486) (User: )
Description: SettingSyncHost (1596) {96A7876E-D353-4343-A181-E817C2804D2E}: An attempt to move the file "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" to "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00F15.log" failed with system error 5 (0x00000005): "Access is denied. ". The move file operation will fail with error -1032 (0xfffffbf8).
Error: (11/26/2015 05:10:17 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (1596) {1AE6156D-B45A-43D6-B018-DF8EE21E1E73}: Database recovery/restore failed with unexpected error -1032.
Error: (11/26/2015 05:10:16 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1596) {1AE6156D-B45A-43D6-B018-DF8EE21E1E73}: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Error: (11/26/2015 05:10:15 PM) (Source: ESENT) (EventID: 486) (User: )
Description: SettingSyncHost (1596) {1AE6156D-B45A-43D6-B018-DF8EE21E1E73}: An attempt to move the file "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" to "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00F15.log" failed with system error 5 (0x00000005): "Access is denied. ". The move file operation will fail with error -1032 (0xfffffbf8).
Error: (11/26/2015 05:10:02 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (1596) {A5516E34-0798-41F8-A475-3F22483089FF}: Database recovery/restore failed with unexpected error -1032.
System errors:
=============
Error: (11/26/2015 04:17:43 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 0.0.0.0 with the system
having network hardware address 00-00-00-00-00-00. Network operations on this system may
be disrupted as a result.
Error: (11/26/2015 03:51:56 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.254.3 with the system
having network hardware address 90-8D-6C-1A-1D-58. Network operations on this system may
be disrupted as a result.
Error: (11/26/2015 02:41:50 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows8_OS.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (11/26/2015 02:41:49 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows8_OS.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (11/26/2015 02:41:48 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows8_OS.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (11/26/2015 02:41:47 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows8_OS.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (11/26/2015 02:41:47 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows8_OS.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (11/26/2015 02:41:47 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows8_OS.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (11/26/2015 02:41:43 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows8_OS.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (11/19/2015 07:38:20 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows8_OS.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
CodeIntegrity:
===================================
Date: 2015-11-26 17:01:46.369
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-11-26 17:01:46.166
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-10 18:54:40.332
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-10 18:54:40.113
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-23 17:26:31.598
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-23 17:26:31.395
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-05 14:06:52.517
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-08-05 13:17:16.658
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-09 23:18:50.738
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-07-09 23:18:50.569
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Pentium® CPU G2030 @ 3.00GHz
Percentage of memory in use: 38%
Total physical RAM: 3984.59 MB
Available physical RAM: 2451.39 MB
Total Virtual: 10128.59 MB
Available Virtual: 7876.68 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:904.91 GB) (Free:850.95 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C5EF4566)
Partition: GPT.
==================== End of Addition.txt ============================