Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-06-2017
Ran by ah010067 (administrator) on LENOVO-KM-1340 (03-06-2017 16:30:13)
Running from C:\Users\ah010067\Downloads
Loaded Profiles: ah010067 (Available Profiles: Admin & ah010067 & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(IBM Corp) C:\Program Files (x86)\IBM\Notes\nsd.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Electronics for Imaging, Inc.) C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Gladinet, INC) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\InstantOn\InstantOnSrv.exe
(Electronics for Imaging, Inc) C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\FDC.exe
() C:\Program Files (x86)\Astria Solutions Group\Eclipse Client Service\Astria.Client.WindowsServices.AutomationService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(IBM Corp) C:\Program Files (x86)\IBM\Notes\SUService.exe
(IBM Corp) C:\Program Files (x86)\IBM\Notes\ntmulti.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe
() C:\Program Files (x86)\EFI\OFASQ2\ofaApp.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\PDFProFiltSrv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\ScreenConnect Client (2983e16809ce38ec)\ScreenConnect.ClientService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Dell SonicWALL, Inc.) C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Electronics for Imaging, Inc.) C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exe
() C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Veeam Software AG) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\LocalDB\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(ScreenConnect Software) C:\Program Files (x86)\ScreenConnect Client (2983e16809ce38ec)\ScreenConnect.WindowsClient.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 13\Snagit32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Flexera Software LLC) C:\Program Files (x86)\EFI\EFILM\lmgrd.exe
(Flexera Software LLC) C:\Program Files (x86)\EFI\EFILM\lmgrd.exe
(Electronics for Imaging, Inc.) C:\Program Files (x86)\EFI\EFILM\EFI.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
() C:\Program Files (x86)\Fiery\Fiery Software Manager\Fiery Software Manager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 13\SnagPriv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Users\ah010067\AppData\Local\Temp\RarSFX0\FSM\Fiery Software Manager.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Lenovo Group Limited) C:\Users\ah010067\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 13\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295664 2014-12-08] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (Lenovo)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Veeam.EndPoint.Tray.exe] => C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Tray.exe [540104 2016-03-10] (Veeam Software AG)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1172256 2014-10-10] (Intel Corporation)
HKLM-x32\...\Run: [Integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1723040 2014-09-01] (SunplusIT, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [1176880 2009-04-16] (Trend Micro Inc.)
HKLM-x32\...\Run: [PDF8 Registry Controller] => C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\RegistryController.exe [192536 2015-09-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\pdfpro8hook.exe [2443288 2015-09-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [InboxMonitor] => C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\InboxMonitor.exe [166936 2015-09-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2017-03-28] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [E3 System Tray Application] => C:\Program Files (x86)\Astria Solutions Group\Eclipse Client Service\Astria.Client.Systray.exe [868136 2017-05-04] (Astria Solutions Group)
HKU\S-1-5-21-345086361-1354177263-1882197541-10209\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-345086361-1354177263-1882197541-10209\...\Run: [ClipboardFusion] => C:\Users\ah010067\Downloads\ClipboardFusion-4.2\ClipboardFusion\ClipboardFusion.exe [3037728 2016-12-29] (Binary Fortress Software)
HKU\S-1-5-21-345086361-1354177263-1882197541-10209\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-345086361-1354177263-1882197541-10209\...\MountPoints2: {324c1237-fbb3-11e5-85e0-3cb027026af5} - "E:\setup.exe"
ShellIconOverlayIdentifiers: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll [2015-05-26] (Gladinet, INC)
ShellIconOverlayIdentifiers: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll [2015-05-26] (Gladinet, INC)
ShellIconOverlayIdentifiers-x32: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll [2015-05-26] (Gladinet, INC)
ShellIconOverlayIdentifiers-x32: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll [2015-05-26] (Gladinet, INC)
Startup: C:\Users\ah010067\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-02-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image XChange.lnk [2017-02-01]
ShortcutTarget: Image XChange.lnk -> C:\Program Files (x86)\Common Files\Square9\GetSmart\SSInterface.exe (Square 9 Softworks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nuance Cloud Connector.lnk [2016-11-22]
ShortcutTarget: Nuance Cloud Connector.lnk -> C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SocketScan10.lnk [2017-04-28]
ShortcutTarget: SocketScan10.lnk -> C:\Program Files\Socket Mobile\SocketScan 10\Bin\Windows-x64\SocketScan 10-64.exe (Socket Mobile, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TSC_SI_13.lnk [2017-05-23]
ShortcutTarget: TSC_SI_13.lnk -> C:\Program Files (x86)\TechSmith\Snagit 13\Snagit32.exe (TechSmith Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7792106c-ca0a-47de-bc92-8ff7f2a437c0}: [DhcpNameServer] 10.128.18.8 10.128.0.123
Tcpip\..\Interfaces\{7bee4132-7e87-47d8-8751-35ffcd45ad20}: [DhcpNameServer] 10.128.18.8 10.128.0.123
Tcpip\..\Interfaces\{f3806490-520d-4518-9d24-4710ba416767}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{fd598637-6e32-48b0-9077-ba3b9d6f7b89}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-345086361-1354177263-1882197541-10209\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-345086361-1354177263-1882197541-10209\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-345086361-1354177263-1882197541-10209\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-345086361-1354177263-1882197541-10209 -> DefaultScope {935E7A9D-E397-4F44-AA0E-4EBACF9A5990} URL =
SearchScopes: HKU\S-1-5-21-345086361-1354177263-1882197541-10209 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-345086361-1354177263-1882197541-10209 -> {935E7A9D-E397-4F44-AA0E-4EBACF9A5990} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-30] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-10-01] (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-30] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-10-01] (Adobe Systems Incorporated)
BHO-x32: Telephony Toolbar Services -> {431A60E6-675F-4b9f-B3F0-66E0FECC8B34} -> C:\Program Files (x86)\Evolve IP\bin\BW_Assistant_Enterprise_IE_S.dll [2012-01-16] (BroadSoft® Australia Pty Ltd)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-07] (Oracle Corporation)
BHO-x32: Telephony Toolbar Call Control -> {8F1FF1A7-C048-4d6b-B052-56E42CE427CB} -> C:\Program Files (x86)\Evolve IP\bin\BW_Assistant_Enterprise_IE_CC.dll [2012-01-16] (BroadSoft® Australia Pty Ltd)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-10-01] (Adobe Systems Incorporated)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\Bin\GZeonIEFavClient.dll [2013-05-16] (Zeon Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-07] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Telephony Toolbar Call Control - {6F6690B9-C5DB-4F08-8833-F2EF4DEE956B} - C:\Program Files (x86)\Evolve IP\bin\BW_Assistant_Enterprise_IE_CC.dll [2012-01-16] (BroadSoft® Australia Pty Ltd)
Toolbar: HKLM-x32 - Telephony Toolbar Services - {F10D927F-D3DF-4734-98AB-DD258253F5FD} - C:\Program Files (x86)\Evolve IP\bin\BW_Assistant_Enterprise_IE_S.dll [2012-01-16] (BroadSoft® Australia Pty Ltd)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\Bin\GZeonIEFavClient.dll [2013-05-16] (Zeon Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-10-01] (Adobe Systems Incorporated)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://cisco.webex.com/client/WBXclient-31.10.2-20000/webex/ieatgpc1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=2862
FireFox:
========
FF DefaultProfile: fvn31rnd.default
FF ProfilePath: C:\Users\ah010067\AppData\Roaming\Mozilla\Firefox\Profiles\fvn31rnd.default [2017-06-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-04-14]
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\bin\nppdf.dll [2013-05-24] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-345086361-1354177263-1882197541-10209: @citrixonline.com/appdetectorplugin -> C:\Users\ah010067\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-09-06] (Citrix Online)
Chrome:
=======
CHR Profile: C:\Users\ah010067\AppData\Local\Google\Chrome\User Data\Default [2017-06-03]
CHR Extension: (Adobe Acrobat) - C:\Users\ah010067\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Full Page Screen Capture) - C:\Users\ah010067\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-12-14]
CHR Extension: (No Name) - C:\Users\ah010067\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-04-17]
CHR Extension: (Project Viewer 365-Free) - C:\Users\ah010067\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpghmkgkalhonankenfklpmdgnilapp [2016-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ah010067\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\ah010067\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-14]
CHR HKU\S-1-5-21-345086361-1354177263-1882197541-10209\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-28]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-12] (SUPERAntiSpyware.com)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 connect2hotspot; C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe [100680 2017-02-08] (Lenovo)
R2 EclipseAutomation; C:\Program Files (x86)\Astria Solutions Group\Eclipse Client Service\Astria.Client.WindowsServices.AutomationService.exe [50472 2017-05-04] ()
R2 EFI ES1000; C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe [11776 2009-10-19] (Electronics for Imaging, Inc.) [File not signed]
R2 EFI License Manager; C:\Program Files (x86)\EFI\EFILM\lmgrd.exe [1499440 2016-12-16] (Flexera Software LLC)
R2 Fiery Data Collector; C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\FDC.exe [749056 2016-01-18] (Electronics for Imaging, Inc) [File not signed]
R2 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [30040 2015-05-26] (Gladinet, INC)
S3 hasplms; C:\WINDOWS\system32\hasplms.exe [4665168 2015-09-24] (SafeNet Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-06-03] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 IBM Notes Diagnostics; C:\Program Files (x86)\IBM\Notes\nsd.exe [5168888 2015-12-12] (IBM Corp)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-11-03] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-04-25] (Lenovo Group Limited)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
R2 Lenovo Instant On; C:\Program Files\Lenovo\InstantOn\InstantOnSrv.exe [3124808 2017-04-28] (Lenovo Group Limited)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197360 2014-12-08] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LenovoProdRegManager; C:\Program Files (x86)\Lenovo Registration\EngageService.exe [293416 2015-01-09] (Aviata, Inc.)
R2 LNSUSvc; C:\Program Files (x86)\IBM\Notes\SUService.exe [1654376 2013-10-15] (IBM Corp)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [21552 2014-02-21] (Lenovo)
R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [711248 2017-04-01] (Lenovo.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273216 2017-02-14] (Lenovo)
R2 Multi-user Cleanup Service; C:\Program Files (x86)\IBM\Notes\ntmulti.exe [38504 2013-10-15] (IBM Corp)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-02-13] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [1834800 2009-04-15] (Trend Micro Inc.)
R2 ofaApp; C:\Program Files (x86)\EFI\OFASQ2\ofaApp.exe [2531008 2016-12-16] ()
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\PDFProFiltSrv.exe [135192 2015-09-25] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61232 2014-12-05] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [317224 2014-12-05] (Lenovo Group Limited)
R2 ScreenConnect Client (2983e16809ce38ec); C:\Program Files (x86)\ScreenConnect Client (2983e16809ce38ec)\ScreenConnect.ClientService.exe [90768 2017-04-13] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-05-09] ()
R2 SWGVCSvc; C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [336576 2015-10-16] (Dell SonicWALL, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263288 2016-07-25] (Synaptics Incorporated)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
S2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [1867480 2009-04-21] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [865032 2009-02-23] (Trend Micro Inc.)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248856 2017-01-17] ()
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [86544 2016-07-13] (Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [56848 2016-07-13] (Synaptics Incorporated)
R2 VeeamEndpointBackupSvc; C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe [101888 2016-03-10] (Veeam Software AG) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3743648 2017-02-13] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 akshasp; C:\WINDOWS\system32\DRIVERS\akshasp.sys [77912 2015-09-24] (SafeNet Inc.)
S3 aksusb; C:\WINDOWS\system32\DRIVERS\aksusb.sys [322560 2015-09-24] (SafeNet Inc.)
S3 aksusb; C:\Windows\SysWOW64\DRIVERS\aksusb.sys [19968 2004-11-05] (Aladdin Knowledge Systems) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 DNE; C:\WINDOWS\system32\DRIVERS\dnelwf64.sys [327976 2015-10-14] (Citrix Systems, Inc.)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d62x64.sys [519680 2015-12-08] (Intel Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [350552 2015-09-24] (SafeNet Inc.)
R0 hotcore3; C:\WINDOWS\System32\DRIVERS\hotcore3.sys [34056 2014-11-24] (Paragon Software Group)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [345872 2016-05-26] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-09] (Intel Corporation)
S1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [41176 2014-10-30] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7621376 2017-03-18] (Intel Corporation)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [91976 2017-06-03] (Sysinternals - www.sysinternals.com)
R1 RegHiveRecovery; C:\WINDOWS\system32\drivers\RegHiveRecovery.sys [48304 2014-02-20] (Microsoft Corporation)
S3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
S3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5725192 2016-10-26] (Realtek Semiconductor Corporation )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [777944 2016-04-07] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3227648 2017-02-14] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72312 2016-07-25] (Synaptics Incorporated)
R1 SMIDriver; C:\WINDOWS\system32\DRIVERS\smi.sys [39488 2016-07-13] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 SWIPsec; C:\WINDOWS\system32\Drivers\SWIPsec.sys [110024 2015-10-16] (Dell SonicWALL, Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [344864 2013-08-14] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [93200 2009-02-23] (Trend Micro Inc.)
R1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [102664 2014-11-24] ()
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [25992 2014-11-24] ()
R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [700680 2014-11-24] ()
S3 vl810filter; C:\WINDOWS\system32\DRIVERS\vl810filter.sys [17008 2011-11-17] (VIA Labs, Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2260768 2013-08-14] (Trend Micro Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
S1 MpKsl3c6c9457; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C87F1957-AA7E-4C7E-AA00-BA93D7C9B43F}\MpKsl3c6c9457.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-03 16:30 - 2017-06-03 16:46 - 00035881 _____ C:\Users\ah010067\Downloads\FRST.txt
2017-06-03 16:28 - 2017-06-03 16:30 - 00000000 ____D C:\FRST
2017-06-03 16:27 - 2017-06-03 16:27 - 02433536 _____ (Farbar) C:\Users\ah010067\Downloads\FRST64.exe
2017-06-03 16:10 - 2017-06-03 16:10 - 00091976 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2017-06-03 16:05 - 2017-06-03 16:10 - 00000000 ____D C:\Users\ah010067\Downloads\ProcessMonitor
2017-06-03 16:00 - 2017-06-03 16:01 - 01005016 _____ C:\Users\ah010067\Downloads\ProcessMonitor.zip
2017-06-03 14:13 - 2017-06-03 15:45 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-03 13:14 - 2017-06-03 14:03 - 00003306 _____ C:\WINDOWS\System32\Tasks\TVInstallRestore
2017-06-03 12:15 - 2017-06-03 15:46 - 00000000 ____D C:\WINDOWS\pss
2017-06-03 11:25 - 2017-06-03 14:21 - 00000000 ____D C:\ProgramData\HitmanPro
2017-06-03 11:25 - 2017-06-03 11:25 - 00001977 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-06-03 11:25 - 2017-06-03 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-06-03 11:25 - 2017-06-03 11:25 - 00000000 ____D C:\Program Files\HitmanPro
2017-06-03 11:21 - 2017-06-03 11:25 - 11584088 _____ (SurfRight B.V.) C:\Users\ah010067\Downloads\hitmanpro_x64.exe
2017-06-02 12:14 - 2017-06-02 12:14 - 00000000 ____D C:\Users\ah010067\Downloads\storage-executive-win-64 (1)
2017-06-02 11:55 - 2017-06-02 11:55 - 00000010 _____ C:\Users\ah010067\AppData\Local\sponge.last.runtime.cache
2017-06-02 11:50 - 2017-06-02 11:50 - 00000000 ____D C:\WINDOWS\Trend Micro
2017-06-02 11:50 - 2017-06-02 11:50 - 00000000 ____D C:\ProgramData\Trend Micro
2017-06-02 11:47 - 2017-06-02 11:49 - 00000036 _____ C:\Users\ah010067\AppData\Local\housecall.guid.cache
2017-06-02 11:47 - 2017-06-02 11:47 - 02527376 _____ (Trend Micro Inc.) C:\Users\ah010067\Downloads\HousecallLauncher64.exe
2017-06-02 11:47 - 2016-08-22 12:20 - 00332512 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-06-01 16:18 - 2017-06-01 17:02 - 00204529 _____ C:\Users\ah010067\Documents\ServiceSupplyMaintenance.pdf
2017-06-01 09:11 - 2017-06-01 09:11 - 01017954 _____ C:\Users\ah010067\Documents\SE pipeline all.pdf
2017-06-01 08:07 - 2017-06-01 09:14 - 00656761 _____ C:\Users\ah010067\Documents\SE pipeline all.vsdx
2017-05-31 17:55 - 2017-05-31 17:55 - 00082964 _____ C:\Users\ah010067\Documents\SEPipeline053117.pdf
2017-05-31 14:21 - 2017-05-31 14:21 - 00000000 ____D C:\Program Files (x86)\ScreenConnect Client (2983e16809ce38ec)
2017-05-30 13:01 - 2017-05-30 13:01 - 00000884 _____ C:\Users\ah010067\Documents\EclipseConicalPermissions.txt
2017-05-26 16:40 - 2017-05-26 16:40 - 00145568 _____ C:\Users\ah010067\Documents\Fontana052617.pdf
2017-05-26 16:38 - 2017-05-26 16:38 - 00137814 _____ C:\Users\ah010067\Documents\AdvancedBookeeping052617.pdf
2017-05-26 16:14 - 2017-05-26 16:25 - 1270206464 _____ C:\Users\ah010067\Downloads\SW_DVD5_Office_Pro_2016_32-BIT_X64_MultiLang_LIP_Comp_Kit_MLF_X20-42858 (1).ISO
2017-05-26 16:14 - 2017-05-26 16:23 - 997179392 _____ C:\Users\ah010067\Downloads\SW_DVD5_Office_Professional_Plus_2016_64Bit_English_MLF_X20-42432.ISO
2017-05-26 16:14 - 2017-05-26 16:22 - 860350464 _____ C:\Users\ah010067\Downloads\SW_DVD5_Office_Professional_Plus_2016_W32_English_MLF_X20-41353.ISO
2017-05-26 16:06 - 2017-05-26 16:12 - 00000356 _____ C:\Users\ah010067\Documents\JulyEvansOpenLicense.txt
2017-05-26 14:59 - 2017-05-26 14:59 - 00143151 _____ C:\Users\ah010067\Documents\Tomorrow052617.pdf
2017-05-26 14:57 - 2017-05-26 14:57 - 00171942 _____ C:\Users\ah010067\Documents\Skits052617.pdf
2017-05-26 12:52 - 2017-05-26 12:52 - 00008645 _____ C:\Users\ah010067\Documents\SEPipeline052617.xlsx
2017-05-25 19:07 - 2017-05-25 19:07 - 00000000 ____D C:\Users\ah010067\AppData\Local\Tvsukernel
2017-05-24 16:37 - 2017-05-24 16:37 - 00000014 _____ C:\Users\ah010067\Desktop\BregSearch.txt
2017-05-24 13:39 - 2017-05-24 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2
2017-05-24 13:39 - 2017-05-24 13:39 - 00000000 ____D C:\Program Files (x86)\Advanced IP Scanner
2017-05-23 11:43 - 2017-05-23 11:43 - 00222207 _____ C:\Users\ah010067\Documents\Brent052317.pdf
2017-05-23 11:15 - 2017-05-23 11:15 - 00171047 _____ C:\Users\ah010067\Documents\Baldwin052317.pdf
2017-05-23 11:03 - 2017-05-23 11:03 - 00237641 _____ C:\Users\ah010067\Documents\SEPipe052317.pdf
2017-05-23 09:58 - 2017-05-23 09:58 - 00213254 _____ C:\Users\ah010067\Documents\Quatrine052317.pdf
2017-05-23 09:41 - 2017-05-23 09:41 - 00165145 _____ C:\Users\ah010067\Documents\Control052317.pdf
2017-05-23 09:32 - 2017-05-23 09:32 - 00152804 _____ C:\Users\ah010067\Documents\Spot052317.pdf
2017-05-22 17:35 - 2017-05-22 17:36 - 10263280 _____ (Lenovo Group Limited ) C:\Users\ah010067\Downloads\tdm_v1214.exe
2017-05-18 17:22 - 2017-05-18 17:22 - 00000000 ____D C:\Users\ah010067\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Password Key Standard
2017-05-18 17:22 - 2017-05-18 17:22 - 00000000 ____D C:\Program Files (x86)\Windows Password Key Standard
2017-05-18 14:06 - 2017-05-18 14:06 - 3515875328 _____ C:\Users\ah010067\Downloads\Windows81pro.iso
2017-05-18 13:00 - 2017-05-18 13:00 - 00954488 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\ah010067\Desktop\rufus-2.15.exe
2017-05-18 09:33 - 2017-02-14 05:21 - 00647168 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCamP64.dll
2017-05-18 09:33 - 2017-02-14 05:21 - 00562688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtCamP.dll
2017-05-17 17:41 - 2017-05-17 17:44 - 00000000 ____D C:\Users\ah010067\Downloads\produkey-x64
2017-05-17 17:41 - 2017-05-17 17:41 - 00080011 _____ C:\Users\ah010067\Downloads\produkey-x64.zip
2017-05-17 06:56 - 2017-05-17 06:56 - 00000000 ____D C:\ProgramData\logsaver
2017-05-16 20:02 - 2017-05-16 20:03 - 00000000 ____D C:\Users\ah010067\Downloads\caffeineOldIcons (1)
2017-05-16 18:37 - 2017-05-16 18:37 - 00000000 ____D C:\ProgramData\clonehdd
2017-05-15 18:58 - 2017-05-15 18:58 - 00681671 _____ C:\Users\ah010067\Downloads\Seal Methods.zip
2017-05-15 09:38 - 2017-05-15 18:31 - 00000025 _____ C:\Users\ah010067\Documents\Junipter.txt
2017-05-14 11:58 - 2017-05-14 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eclipse Client Service
2017-05-11 17:00 - 2017-05-11 17:00 - 00000000 ____D C:\ProgramData\wipe
2017-05-11 16:56 - 2017-05-11 16:56 - 00000000 ____D C:\ProgramData\formatpart
2017-05-11 11:29 - 2017-05-11 11:30 - 26157600 _____ C:\Users\ah010067\Downloads\SeaToolsforWindowsSetup.exe
2017-05-11 10:55 - 2017-05-11 10:56 - 00000159 _____ C:\Users\ah010067\Documents\LabTechControlCenter.txt
2017-05-11 10:31 - 2017-05-11 10:31 - 687666432 _____ C:\Users\ah010067\Downloads\KDSW5517.avi
2017-05-11 08:28 - 2017-05-11 08:28 - 00000065 _____ C:\Users\ah010067\Documents\Shutdown.txt
2017-05-10 17:26 - 2017-05-10 17:26 - 00176076 _____ C:\Users\ah010067\Documents\Skitsrpt.pdf
2017-05-10 15:55 - 2017-05-10 15:55 - 00000000 ____D C:\Users\ah010067\Downloads\memtest86+-5.01.usb.installer
2017-05-10 15:53 - 2017-05-10 15:53 - 00000000 ____D C:\Users\ah010067\Downloads\memtest86+-5.01
2017-05-10 15:49 - 2017-05-10 15:49 - 00305152 _____ C:\Users\ah010067\Documents\windiag.iso
2017-05-09 11:02 - 2017-05-09 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-05-09 11:02 - 2017-05-09 11:02 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-05-09 11:01 - 2017-05-09 11:02 - 00001878 _____ C:\Users\Public\Desktop\Data Migration.lnk
2017-05-09 08:11 - 2017-05-09 08:11 - 00834764 _____ C:\Users\ah010067\Documents\KDSWest Incoming Circuits - 20170509.pdf
2017-05-08 15:06 - 2017-05-08 15:06 - 00037026 _____ C:\Users\ah010067\Downloads\Computer master list2 (1).xlsx
2017-05-08 14:51 - 2017-05-08 14:51 - 00323008 _____ C:\Users\ah010067\Documents\Ticket627720.pdf
2017-05-08 07:48 - 2017-05-08 11:27 - 00000000 ____D C:\KDSW050517
2017-05-04 19:42 - 2017-05-04 19:42 - 00916888 _____ C:\Users\ah010067\Documents\20170502_155556_1493765793478 (002).jpeg
2017-05-04 06:42 - 2017-05-04 06:42 - 00148728 _____ (TWAIN Working Group) C:\WINDOWS\SysWOW64\TWAINDSM.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-03 16:09 - 2016-12-16 09:28 - 00000157 _____ C:\Users\ah010067\AppData\Roaming\com.efi.FierySoftwareManager
2017-06-03 16:09 - 2016-12-16 09:28 - 00000000 ____D C:\Users\ah010067\AppData\Roaming\Fiery Software Manager
2017-06-03 15:53 - 2016-10-09 18:39 - 02538212 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-03 15:48 - 2016-10-09 18:38 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-03 15:48 - 2016-04-13 16:23 - 00000000 __SHD C:\Users\ah010067\IntelGraphicsProfiles
2017-06-03 15:47 - 2017-03-20 12:13 - 00000000 ____D C:\ProgramData\ScreenConnect Client (2983e16809ce38ec)
2017-06-03 15:47 - 2017-03-01 18:01 - 00000000 ____D C:\ProgramData\Veeam
2017-06-03 15:47 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-03 15:46 - 2016-10-09 18:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-03 15:46 - 2016-10-09 18:38 - 00000000 ____D C:\ProgramData\Synaptics
2017-06-03 15:46 - 2016-07-30 13:57 - 00000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForah010067.job
2017-06-03 15:46 - 2016-07-15 23:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-06-03 15:39 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\TAPI
2017-06-03 15:00 - 2016-03-30 15:30 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-03 14:45 - 2016-10-13 12:13 - 00000000 ____D C:\Users\ah010067\AppData\Local\CrashDumps
2017-06-03 14:37 - 2016-04-14 17:29 - 00000000 ____D C:\Users\ah010067\AppData\Roaming\TeamViewer
2017-06-03 14:05 - 2016-10-09 18:40 - 00000000 ____D C:\Users\ah010067
2017-06-03 13:59 - 2016-10-09 18:49 - 00003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForah010067
2017-06-03 13:46 - 2016-06-15 12:07 - 00000000 ____D C:\admin
2017-06-03 13:14 - 2016-08-22 11:24 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-06-03 13:07 - 2016-04-13 16:21 - 00002776 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-06-03 12:34 - 2016-07-11 07:53 - 00042262 _____ C:\Users\ah010067\Documents\.Backup Reports.xlsx
2017-06-03 11:25 - 2016-11-16 07:32 - 00267624 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-06-03 11:19 - 2016-10-09 18:38 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-03 10:38 - 2016-12-07 09:59 - 00000000 ____D C:\ProgramData\Eclipse
2017-06-02 19:17 - 2016-04-07 11:04 - 00010679 __RSH C:\ProgramData\ntuser.pol
2017-06-02 16:50 - 2016-12-30 09:03 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2017-06-02 16:25 - 2016-10-09 18:40 - 00000000 ____D C:\Users\Admin
2017-06-02 16:25 - 2016-10-09 18:38 - 00504216 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-02 14:33 - 2016-04-14 15:36 - 00000000 ____D C:\Users\ah010067\AppData\Local\LogMeInIgnition
2017-06-02 14:33 - 2016-04-05 10:04 - 00000000 ____D C:\ProgramData\LogMeIn
2017-06-02 12:16 - 2017-03-30 21:29 - 00000000 ____D C:\Users\ah010067\AppData\Local\JxBrowser
2017-06-02 12:10 - 2016-04-26 12:23 - 00000000 ____D C:\Users\ah010067\Desktop\Clients
2017-06-02 11:46 - 2017-01-13 18:33 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-06-02 11:46 - 2017-01-13 18:33 - 00000000 ____D C:\Users\ah010067\AppData\Roaming\Wondershare
2017-06-02 11:34 - 2016-09-15 12:15 - 00000000 ____D C:\ProgramData\TEMP
2017-06-02 10:41 - 2016-12-29 09:53 - 00000000 ____D C:\Users\ah010067\AppData\Roaming\ClipboardFusion
2017-06-02 08:09 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-02 07:05 - 2016-05-30 17:50 - 00000000 ____D C:\Users\ah010067\AppData\Local\LenovoServiceBridge
2017-06-01 16:41 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-06-01 16:15 - 2016-10-13 19:07 - 00000296 _____ C:\WINDOWS\Tasks\Lenovo Active Protection System.job
2017-06-01 16:09 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-01 16:09 - 2016-04-26 23:21 - 00000000 ____D C:\WINDOWS\ShellNew
2017-06-01 16:09 - 2015-10-02 15:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-06-01 16:06 - 2009-07-13 19:34 - 00000510 _____ C:\WINDOWS\win.ini
2017-06-01 09:33 - 2016-10-13 19:07 - 00002768 _____ C:\WINDOWS\System32\Tasks\Lenovo Active Protection System
2017-06-01 09:33 - 2015-08-17 10:01 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2017-06-01 09:06 - 2016-10-10 17:05 - 00000000 ____D C:\Users\ah010067\AppData\Local\Deployment
2017-06-01 07:15 - 2016-04-19 09:03 - 00000000 ____D C:\ProgramData\LabTech Client
2017-06-01 07:08 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-31 17:47 - 2016-06-14 08:40 - 00000716 _____ C:\Users\ah010067\Documents\MailBoxStatistics.txt
2017-05-31 15:20 - 2016-04-14 17:31 - 00001165 _____ C:\Users\ah010067\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2017-05-31 14:22 - 2016-10-03 16:45 - 00000264 _____ C:\Users\ah010067\Documents\KDSW_VPS.txt
2017-05-31 14:19 - 2016-10-03 16:38 - 00000600 _____ C:\Users\ah010067\AppData\Local\PUTTY.RND
2017-05-31 08:00 - 2010-11-20 20:27 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-31 07:56 - 2016-07-15 19:10 - 00000000 ____D C:\Users\ah010067\AppData\Roaming\HpUpdate
2017-05-31 07:53 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-30 13:04 - 2016-05-12 16:01 - 00002250 ____H C:\Users\ah010067\Documents\Default.rdp
2017-05-30 13:02 - 2016-11-14 09:32 - 00000000 ____D C:\Users\ah010067\AppData\Local\LogMeIn Rescue Applet
2017-05-26 05:35 - 2016-07-16 04:47 - 00000000 __RSD C:\WINDOWS\Media
2017-05-25 09:52 - 2016-12-07 17:04 - 00003272 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-25 09:52 - 2016-09-15 17:36 - 00000000 ___RD C:\Users\ah010067\OneDrive - Control Switches Inc
2017-05-25 09:52 - 2016-07-25 07:44 - 00002432 _____ C:\Users\ah010067\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-24 13:46 - 2017-01-06 10:38 - 00011336 _____ C:\Users\ah010067\advanced_ip_scanner_MAC.bin
2017-05-24 13:46 - 2017-01-06 10:38 - 00000015 _____ C:\Users\ah010067\advanced_ip_scanner_Aliases.bin
2017-05-24 13:39 - 2017-02-28 09:25 - 00001061 _____ C:\Users\Public\Desktop\Advanced IP Scanner.lnk
2017-05-24 13:39 - 2017-01-06 10:35 - 00000000 ____D C:\Users\ah010067\AppData\Local\Advanced IP Scanner 2
2017-05-23 07:46 - 2017-01-17 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2017-05-22 10:55 - 2017-03-05 14:03 - 00000000 ____D C:\WINDOWS\LastGood
2017-05-19 11:50 - 2016-07-25 07:41 - 00000000 ____D C:\Users\ah010067\AppData\Local\Packages
2017-05-18 14:16 - 2016-10-22 10:27 - 00000000 __RHD C:\ESD
2017-05-18 09:34 - 2016-10-13 12:28 - 00003080 _____ C:\WINDOWS\System32\Tasks\RtsCM
2017-05-16 20:02 - 2016-04-12 21:18 - 00052736 _____ (Zhorn Software) C:\Users\ah010067\Desktop\caffeine.exe
2017-05-16 11:02 - 2015-08-17 08:58 - 00000000 ____D C:\ProgramData\Lenovo
2017-05-16 11:01 - 2015-08-17 09:48 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-05-16 06:33 - 2016-10-09 18:49 - 00000000 ____D C:\WINDOWS\System32\Tasks\TVT
2017-05-16 06:33 - 2015-08-17 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-05-15 09:31 - 2016-12-29 09:56 - 00000908 _____ C:\Users\ah010067\Desktop\MattLINKS.txt
2017-05-14 11:59 - 2015-08-17 09:47 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-14 11:57 - 2016-07-14 20:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-05-14 11:26 - 2016-03-02 05:44 - 00000000 ____D C:\temp
2017-05-14 11:23 - 2016-05-28 12:50 - 00000000 ____D C:\Users\ah010067\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-05-12 11:58 - 2016-03-30 15:20 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-12 11:58 - 2016-03-30 15:20 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-11 12:16 - 2017-03-08 11:56 - 00000684 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-345086361-1354177263-1882197541-10209.job
2017-05-11 12:16 - 2017-03-08 11:56 - 00000588 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-345086361-1354177263-1882197541-10209.job
2017-05-11 11:32 - 2016-05-28 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-05-09 15:53 - 2017-04-03 20:43 - 00000000 ____D C:\Users\ah010067\Documents\Outlook Files
2017-05-09 11:02 - 2015-08-17 09:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-07 22:28 - 2017-03-08 11:56 - 00003836 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-345086361-1354177263-1882197541-10209
2017-05-07 22:28 - 2017-03-08 11:56 - 00003740 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-345086361-1354177263-1882197541-10209
2017-05-05 08:06 - 2016-10-09 18:49 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
==================== Files in the root of some directories =======
2016-12-16 09:28 - 2017-06-03 16:09 - 0000157 _____ () C:\Users\ah010067\AppData\Roaming\com.efi.FierySoftwareManager
2016-06-13 08:56 - 2016-06-13 08:56 - 0004780 _____ () C:\Users\ah010067\AppData\Roaming\sherpa.dat
2017-06-02 11:47 - 2017-06-02 11:49 - 0000036 _____ () C:\Users\ah010067\AppData\Local\housecall.guid.cache
2016-10-03 16:38 - 2017-05-31 14:19 - 0000600 _____ () C:\Users\ah010067\AppData\Local\PUTTY.RND
2017-06-02 11:55 - 2017-06-02 11:55 - 0000010 _____ () C:\Users\ah010067\AppData\Local\sponge.last.runtime.cache
2016-07-15 19:09 - 2016-07-15 19:09 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-10-09 18:39 - 2016-10-09 18:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
2017-06-03 16:10 - 2017-06-03 16:10 - 1173152 ____H (Sysinternals - www.sysinternals.com) C:\Users\ah010067\AppData\Local\Temp\Procmon64.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-30 09:08
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2017
Ran by ah010067 (03-06-2017 16:55:11)
Running from C:\Users\ah010067\Downloads
Windows 10 Pro Version 1607 (X64) (2016-10-10 01:51:58)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Admin (S-1-5-21-3351432447-3376353146-3141236681-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3351432447-3376353146-3141236681-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3351432447-3376353146-3141236681-503 - Limited - Disabled)
Guest (S-1-5-21-3351432447-3376353146-3141236681-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Trend Micro OfficeScan Antivirus (Disabled - Up to date) {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
AS: Trend Micro OfficeScan Anti-spyware (Disabled - Up to date) {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.20 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe CMM (HKLM-x32\...\Adobe_b7572144686c889e4039b734b60fbbd) (Version: 1.0 - Adobe Systems Incorporated)
Advanced IP Scanner 2.4 (HKLM-x32\...\{2E644D2D-993F-43B4-B85A-15363CA777C3}) (Version: 2.4.3021 - Famatech)
Assessments on Client (x32 Version: 8.100.26866 - Microsoft) Hidden
Brother Printer Setting Tool (HKLM-x32\...\{8DA2E2DC-C572-4F87-89FC-833DB588CC7B}) (Version: 1.6.0010 - Brother Industries, Ltd.)
Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0500 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{FC5EDFE4-E073-4863-BC3F-2560AFA63B73}) (Version: 1.0.0110 - Brother Industries, Ltd.)
Brother PT-P700 Series Utility (x32 Version: 1.00.7046 - Brother Industries, Ltd.) Hidden
CalDavSynchronizer (HKLM-x32\...\{DFD1EF74-F116-4D6F-B3BF-156D3797974F}) (Version: 2.13.0 - Gerhard Zehetbauer)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6499 - CDBurnerXP)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Citrix XenCenter (HKLM-x32\...\{AD7C7678-890D-47BE-9047-FD09DA991673}) (Version: 6.5.0 - Citrix Systems, Inc.)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
Compass Sherpa v3 (HKLM-x32\...\{1D8ABB3C-AFD4-4FBE-92AF-99E9A0D6D3FB}) (Version: 3.00.0000 - Compass Sales Solutions)
Connect2 (HKLM-x32\...\Connect2_is1) (Version: 4.2.1.3973 - Lenovo)
ConnectWise Automate Control Center (x32 Version: 11.0.360 - LabTech Software, LLC) Hidden
ConnectWise Internet Client 64-bit (HKLM\...\{37FB2117-B23E-4ECE-8899-AB0730F16081}) (Version: 16.3.2 - ConnectWise)
Crystal Reports 2008 Runtime SP2 (x32 Version: 12.2.0.290 - Business Objects) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dell Open Print Driver (HKLM-x32\...\{C9DA76EB-1CEC-4CF9-84F7-5B34D987D52D}) (Version: 1.91.7882.0 - Dell Inc.)
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Eclipse Client Service (HKLM-x32\...\{a0bc8ebf-593d-4802-ac1e-5c7e56ea28a0}) (Version: 17.6.33821 - Astria Solutions Group)
Eclipse Client Service (x32 Version: 17.6.33821 - Astria Solutions Group) Hidden
Eclipse Imaging Support (HKLM-x32\...\{357DFF84-00A5-40B5-A10C-C2E8C7594102}) (Version: 22.2.1032.7035 - Astria Solutions Group)
Eclipse Integration Proxy (HKLM-x32\...\{04B2FA82-D98C-4735-861F-66BDFD6D2966}) (Version: 1.0.0.0 - Astria Solutions Group)
Eclipse ISIS Scanning Support (HKLM-x32\...\{C6FEBDB4-DC98-4D10-A659-B3EB49DC2FFF}) (Version: 1.0.0.0 - Astria Solutions Group)
Eclipse OCR Support (HKLM-x32\...\{489687BC-3B2A-401F-920B-0B1E97DDB287}) (Version: 1.2.0.0 - Astria Solutions Group)
eCopy PDF Pro Office 6 (HKLM\...\{F0925288-5E3E-4389-B4D5-24C617918A62}) (Version: 6.30.6447 - Nuance Communications, Inc.)
eCopy PDF Pro Office 6 (HKLM-x32\...\{F0925288-5E3E-4389-B4D5-24C617918A62}) (Version: 6.30.6447 - Nuance Communications, Inc.)
EFI Flexera License Manager (remove only) (HKLM-x32\...\EFILM) (Version: 11.12.1.2 - EFI)
Enfocus PackManager (HKLM-x32\...\{4DA9118E-EBBD-41D3-A2CA-F96432182A58}) (Version: 2.2 - Enfocus)
Enfocus PackManager (x32 Version: 2.2 - Enfocus) Hidden
Enfocus PitStop Edit (HKLM-x32\...\{4A75838B-F379-4920-8AA5-3C63E04B5E1B}) (Version: 12.1 - Enfocus)
Enfocus PitStop Pro (x32 Version: 12.1 - Enfocus) Hidden
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Fiery User Software-5.8.0.13 (HKLM-x32\...\{1B62E9DB-BD5B-4966-BF75-B038119E61FA}) (Version: 5.8.0.13 - Electronics For Imaging)
Global VPN Client (HKLM\...\{0E14625B-DF56-4657-8678-DFD1955BE97A}) (Version: 4.9.9 - Dell SonicWALL)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GoToMeeting 8.5.0.6956 (HKU\S-1-5-21-345086361-1354177263-1882197541-10209\...\GoToMeeting) (Version: 8.5.0.6956 - CitrixOnline)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HOST File Installer version 1.1 (HKLM-x32\...\{78D45494-2393-4A7E-AE10-6FD3B8237FB1}_is1) (Version: 1.1 - KDA SoCal)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (HKLM\...\{988D55BB-08DE-43C9-8D16-3751361E2A79}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.6.14.19 - HP)
HP ThinUpdate (HKLM\...\{987BEBCC-6F5A-4810-BBD8-21504DCD797B}) (Version: 2.2.9 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IBM Notes 9.0.1 Social Edition (HKLM-x32\...\{FFEBEBC7-7761-4D1F-9C7C-562EA3752590}) (Version: 9.01.13294 - IBM)
Inst5676 (Version: 8.01.57 - Softex Inc.) Hidden
Integrated Camera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.7.36 - SunplusIT)
Intel® Chipset Device Software (x32 Version: 10.1.1.33 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.3.60 - Intel Corporation)
Intel® WiDi (HKLM\...\{3F5D407B-86F5-4CA5-8F83-7C00BBB69080}) (Version: 5.1.23.0 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1450.402) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0502 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{185db067-38cd-4521-a43e-c39b96ee1389}) (Version: 19.50.1 - Intel Corporation)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
Juniper Networks Network Connect 7.1.12 (HKLM-x32\...\Juniper Network Connect 7.1.12) (Version: 7.1.12.21827 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-345086361-1354177263-1882197541-10209\...\Juniper_Setup_Client) (Version: 7.1.10.21853 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
LabTech Software Control Center (HKLM-x32\...\{4167e16d-086c-4ace-a885-eedd30ce801a}) (Version: 11.0.360 - LabTech Software, LLC)
Lenovo Active Protection System (Version: 1.82.00.14 - Lenovo) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.17.0 - Lenovo)
Lenovo On Screen Display (Version: 8.86.06 - Lenovo) Hidden
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo)
Lenovo Power Management Driver (Version: 1.67.12.24 - Lenovo) Hidden
Lenovo PowerENGAGE (HKLM-x32\...\{15B15395-FF53-44E1-ADAD-FCC279E3CA10}) (Version: 2.51.0040 - Lenovo Inc.)
Lenovo QuickControl (HKLM-x32\...\{04128C8C-7812-4DCC-816E-9C8AB1D6EECE}) (Version: 2.40 - Lenovo Group Limited)
Lenovo QuickDisplay (HKLM\...\{9DC1DF56-6E3C-4668-A4B1-AAD7108FECB9}) (Version: 1.2.11.0 - Lenovo Group Limited)
Lenovo Service Bridge (HKU\S-1-5-21-345086361-1354177263-1882197541-10209\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.5.2 - Lenovo)
Lenovo Settings - Power (x32 Version: 2.00.000 - Lenovo) Hidden
Lenovo Solution Center (HKLM\...\{7BB9AAFD-3350-49C8-92D1-833AAFF9E74E}) (Version: 3.4.003.013 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.076.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0053 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
License Activation (remove only) (HKLM-x32\...\OFASQ) (Version: 1.3.0.9 - EFI)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Message Center Plus (HKLM\...\{EE4D9822-C7F3-4386-8703-889CDDA22FAA}) (Version: 3.4.0001.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office 365 Client Performance Analyzer (HKLM-x32\...\{6B418C9D-C354-40B5-A4D3-55EF5B43FFA3}) (Version: 3.0.0.0 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-345086361-1354177263-1882197541-10209\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{E4A1FDA3-689D-44DA-9B39-86BD2270F522}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Connector Net 6.9.6 (x32 Version: 6.9.6 - Oracle) Hidden
MySQL Connector/ODBC 3.51 (x32 Version: 3.51.26 - MySQL AB) Hidden
NirSoft ProduKey (HKLM-x32\...\NirSoft ProduKey) (Version: - )
Nuance Cloud Connector (HKLM-x32\...\{936F2BB5-3074-43D9-94D7-B5B47B3AA0E7}) (Version: 3.2.1396 - Nuance Communications, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paragon Hard Disk Managerâ„¢ 15 Premium (HKLM\...\{619A89DE-5F01-11E2-85E8-000C2982512D}) (Version: 90.00.0003 - Paragon Software)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.0 - Samsung)
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM-x32\...\{8D6181F3-CACB-4B48-8B08-981F3A7F318B}) (Version: 13.0.0.99 - SAP)
Scansoft PDF Professional (x32 Version: - ) Hidden
ScreenConnect Client (2983e16809ce38ec) (HKLM-x32\...\{07416947-1351-44BE-B227-AC60A2E7FD03}) (Version: 6.2.12963.6312 - ScreenConnect Software)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Snagit 13 (HKLM-x32\...\{F0EE4FB7-90E5-445A-84BD-EA3844994034}) (Version: 13.1.3 - TechSmith Corporation)
SocketScan 10 for Windows (HKLM\...\{5692F25D-669C-4AC4-9BDA-2DA2AB2AF818}) (Version: 10.2.133.0 - Socket Mobile, Inc.)
SSClient (HKLM-x32\...\{FBD62A5C-F9AF-4545-976F-A6FE59E488E1}) (Version: 2.00.0000 - Square 9 Softworks)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1220 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: - )
Synaptics WBF DDK 5011 (HKLM\...\{1C3CE37F-B15A-4438-9E7A-C15B18E27625}) (Version: 4.5.327.0 - Synaptics)
Synaptics WBF DDK 5011 (HKLM\...\{4D70781C-36A9-4335-9568-565C6F61B5EB}) (Version: 4.5.327.0 - )
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: 6.1-15030 - Synology)
TeamViewer 12 (MSI Wrapper) (HKLM-x32\...\{5083310F-60A1-455B-9708-85952F00F371}) (Version: 12.1.10277 - TeamViewer)
The Evolved Office Assistant 17 SP4 (17.4.68.1) MB3 (HKLM-x32\...\{48B802C2-F24B-4374-BE45-84F4C9B395F3}) (Version: 17.4.68.1 - Evolve IP)
ThinkPad Pro Dock, Ultra Dock,Workstaion Dock Firmware Utility version 2.30.000 (HKLM-x32\...\TeslaUpdater_is1) (Version: 2.30.000 - )
ThinkPad Pro/Ultra Dock VIA Firmware version 5041 (HKLM-x32\...\VL812_is1) (Version: 5041 - )
Thinkpad USB Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.14.1114.2014 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
Toolkit Documentation (x32 Version: 8.100.26866 - Microsoft) Hidden
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Trend Micro OfficeScan Client (HKLM-x32\...\{ECEA7878-2100-4525-915D-B09174E36971}) (Version: 10.0.1068 - Trend Micro)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.STANDARD_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
Veeam Endpoint Backup (HKLM\...\{97BBA6CF-338C-4284-B605-5A5AC00132F8}) (Version: 1.5.0.306 - Veeam Software AG)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Assessment and Deployment Kit for Windows 8.1 (HKLM-x32\...\{e9e06304-a604-434b-b35f-d9beb94dc06d}) (Version: 8.100.26866 - Microsoft Corporation)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - Intel (e1dexpress) Net (07/15/2014 12.12.50.7202) (HKLM\...\9831220A78BC6CDB16870D8F80FF2AB41814019A) (Version: 07/15/2014 12.12.50.7202 - Intel)
Windows Driver Package - Intel Corporation (iaStorA) HDC (11/06/2014 13.6.0.1002) (HKLM\...\55320B67E6FF26D5CF6A352973677B5A68BD028B) (Version: 11/06/2014 13.6.0.1002 - Intel Corporation)
Windows Driver Package - Lenovo 1.67.09.03 (11/07/2014 1.67.09.03) (HKLM\...\FA3F6F3D6E8958FDDEE1E09CC77DFA71B0D7835A) (Version: 11/07/2014 1.67.09.03 - Lenovo)
Windows Password Key Standard (HKLM-x32\...\Windows Password Key Standard) (Version: - PasswordSeeker, Inc.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
WPT Redistributables (x32 Version: 8.100.26866 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.26837 - Microsoft) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-345086361-1354177263-1882197541-10209_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\ah010067\AppData\Local\Citrix\GoToMeeting\6441\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03322198-7670-42A5-AF2A-0878642C1952} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {0AB9D655-BFAA-4E5D-93B6-6C0CF44B8A4B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {0E085AD0-83B1-4AB1-A5D3-6D78BE6993AF} - System32\Tasks\LINQ_wxWidgets => C:\ProgramData\efiLINQ\efiLINQ.exe [2015-11-11] (Electronics For Imaging, Inc.) <==== ATTENTION
Task: {0F8983D8-D9AB-49B5-984A-C5E87A87CFAB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {0FA54604-1F3B-4423-B2D7-130E59FCC83E} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {14A2BE7D-C99E-4137-B3AF-32CEE121DD1E} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {1C7FFDFA-4CE1-43D9-A6A7-E2901C83CBFA} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {1DB7E105-883C-4CD4-AAE3-E305713E197F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {222D3206-D7F5-493C-A6B0-B68D59689585} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: {28ECD17C-A3E2-4FCC-9C2A-AD66620F1249} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {2CE0CA78-3568-4FA5-A1D0-84FAC46976C3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\021339e5-9fa9-46d5-ad9e-2d69a0d4a49f => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-04-25] (Lenovo Group Limited)
Task: {30B91804-43F3-4200-A8D0-C5F31771677A} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-06-24] (Realtek Semiconductor)
Task: {347F5063-7396-42E9-9AB7-AF7D0EC03D19} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-05-09] ()
Task: {35343024-A8C7-43C9-B5A5-758C4BF91DB7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {3792A522-31EB-4143-AF2C-50A770E9DF66} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {3A1463C4-8F40-4B14-B25E-23E33EB6A280} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {3A17B9FF-7D0F-4E8C-9C20-C3639B4F2F65} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {3D6280F6-AA4D-4D6D-BC0F-34EAF95ED417} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2017-02-14] ()
Task: {3EED1B40-A796-4F9C-825A-2E7FB793C0E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-30] (Google Inc.)
Task: {4272BA05-572F-4FED-AC04-A4FD8DD5D5C7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3b95cd47-431e-49eb-a688-973e0e8c407e => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-04-25] (Lenovo Group Limited)
Task: {49D5F8EC-88B1-4E97-AD01-958CAFD5EB55} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {4B4CA54E-91F3-4114-9922-D80F52216627} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {4C138480-A1CE-465D-8596-3D805F92CA0F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {5DE7D40B-7A3C-485F-B272-978C33CF5923} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {5F63530B-6AAE-4FF4-810F-1FBA1AD5E6FB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {601A2E2E-DA5A-476A-B1D7-C3AB95AAB334} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe [2016-07-16] (Microsoft Corporation)
Task: {622C18A3-F637-4497-AD83-27B91B253FE1} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {62B9145F-DB6C-4F5C-983C-9DF6ADE179A5} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2017-02-14] (Lenovo)
Task: {63FEA39B-73F2-4E3F-8023-493F4D7C1683} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {66BFFA01-ECE8-4548-9B46-6612D8070257} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe [2016-07-16] (Microsoft Corporation)
Task: {69EBDA0A-8974-47A6-A83C-21986E259554} - System32\Tasks\G2MUploadTask-S-1-5-21-345086361-1354177263-1882197541-10209 => C:\Users\ah010067\AppData\Local\Citrix\GoToMeeting\6956\g2mupload.exe [2017-05-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6B3A7361-0480-42CE-9C63-09EAF48601B3} - System32\Tasks\TVT\Lenovo QuickDisplay Agent => C:\Program Files\Lenovo\QuickDisplay\QuickDisplayAgent.exe [2014-10-02] (Lenovo Corporation)
Task: {701B27DB-BBFC-4812-B2ED-52B21D0A71BC} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {75A1435B-6A19-499F-9359-070E6D80525D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {7922A99F-511F-4F7D-9822-A6C743216CA4} - System32\Tasks\Lenovo Active Protection System => C:\Windows\system32\TpShUI.exe [2017-03-21] (Lenovo.)
Task: {79321065-1122-4971-97EC-6D759DA35410} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {7E8A9289-0D78-4164-9874-F4FAA610A6B3} - \Lenovo\Lenovo Service Bridge\S-1-5-21-3351432447-3376353146-3141236681-1000 -> No File <==== ATTENTION
Task: {81DCA860-ED2B-4163-AD62-796E84DCB590} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {8387DF1B-F084-41AC-A0EE-31C03DB1D086} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {83F11894-6B5C-49B4-8C54-82B87D3A6FB6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-04-26] (Lenovo)
Task: {84C313FC-BD21-4DE9-81AF-579F107D1E7A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {8D3BF6EA-D629-47A4-9405-1255EBB996FF} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {8E60D48B-95EB-48C2-8B97-EC18CF070D4A} - System32\Tasks\TVT\LaunchFR => C:\Program Files (x86)\Lenovo\Factory Recovery\FRReminder.exe
Task: {93169E77-6AB3-4629-AE2E-7FD93EF561A2} - System32\Tasks\TVInstallRestore => C:\Users\ah010067\AppData\Local\Temp\TeamViewer\TeamViewer_.exe <==== ATTENTION
Task: {97B8346B-F27F-42F4-9315-06B325BA3FF8} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {98F39FBA-7135-4D22-B621-F2E24558D89C} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2017-05-12] (TechSmith Corporation)
Task: {A0075C2C-3296-424E-8297-742B05860197} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-345086361-1354177263-1882197541-10209 => C:\Users\ah010067\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2017-05-31] (Lenovo Group Limited)
Task: {A2E83621-2E32-4C79-A463-98744640CBDA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-10] (Piriform Ltd)
Task: {A35424F5-A6F2-4062-851B-04EC9FBF22F2} - System32\Tasks\Lenovo\Lenovo PowerENGAGE Update => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {A7BC2539-05AF-485F-8532-FC79FE0CAB75} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-05-09] ()
Task: {B34F6AB4-D579-433D-A782-91DDCECF261B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {B37839D0-A299-4956-BA34-95CF75D2C436} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {B5818C26-C6A0-4FCA-B517-85983AE7AD80} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {B594C4DF-5615-42B3-A7A9-A674B5427FE3} - System32\Tasks\Lenovo\Lenovo PowerENGAGE => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {B6DD56C7-64A5-4E87-9A8B-D48DD816B19E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {BCF19AF5-01F8-40F5-9241-73732DF137D8} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {C4ED5F68-99D5-438F-AEDE-5DE9B76C42D7} - \PMTask -> No File <==== ATTENTION
Task: {C59F9CA0-6EA0-477E-9D0D-BBB05145C704} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {C7794666-9924-4E53-8DC0-FFA78E1E5C63} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {C9AE3F9D-BABD-4A6A-8917-366E49A8851B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {CB64F74E-1EDD-4DB0-8A3F-EB909786368F} - System32\Tasks\{F8CCCC00-2FAF-491F-B0AC-B18E8D515BBE} => pcalua.exe -a "D:\Kyocera Builds\IBM Notes\9.01 Client\notes901FP5_win.exe" -d "D:\Kyocera Builds\IBM Notes\9.01 Client"
Task: {CE99C8DE-D7CA-4FA1-B4B4-EB0C3AEAACEC} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-06-24] (Realtek Semiconductor)
Task: {CF33EE5C-CDD8-435C-9D57-C09AE1D6A144} - System32\Tasks\HPCeeScheduleForah010067 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {D1746BDA-9BAE-4C8D-862C-3ADE3E2C2D3C} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2017-02-14] (Lenovo)
Task: {D4AC5CDE-AF41-4300-83E4-3E44A9F21075} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {D5C77B97-61A2-40A5-9D8B-E0DC1BFA5F87} - System32\Tasks\CWS Analytics => C:\ProgramData\efiLINQ\efiLINQ.exe [2015-11-11] (Electronics For Imaging, Inc.) <==== ATTENTION
Task: {D6317F7C-9576-4D2B-B6D4-8F37A4E6C78F} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2015-03-23] (Lenovo)
Task: {D7CC9AFD-F0E0-4E33-9B61-676A3BE3B8D4} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D8DA37B1-7D7B-422E-8B7E-1E1D9F4389C3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {DBC83D69-A5CF-4C1A-B043-FF19DECB4DFB} - System32\Tasks\DolbySelectorTask => %ProgramFiles%\Dolby Digital Plus\ddp.exe
Task: {DC6F2029-AEFC-487C-BEEC-6C9BE608ACF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-30] (Google Inc.)
Task: {DE7ABDFF-37EC-407C-9A92-7DC38ED53A93} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {E53DEA12-FBCE-4001-9496-9857828C1558} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E603B22E-7305-4F9D-88C7-2765E902B206} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\ah010067\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {E714815F-B3B4-4912-8628-6936181F9B3E} - System32\Tasks\RtsCM => C:\WINDOWS\RtsCM64.exe [2017-02-14] (Realtek Semiconductor Corp.)
Task: {E879BF75-2E06-4F1F-9181-323D8BAD1889} - System32\Tasks\Fiery Software Manager => C:\Program Files (x86)\Fiery\Fiery Software Manager\Fiery Software Manager.exe [2016-01-06] ()
Task: {EFDF6D72-C3EA-4436-9EE3-152D2E064FB4} - System32\Tasks\G2MUpdateTask-S-1-5-21-345086361-1354177263-1882197541-10209 => C:\Users\ah010067\AppData\Local\Citrix\GoToMeeting\6956\g2mupdate.exe [2017-05-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F612D2F9-970D-4A79-8D79-003A8C29E47A} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-06-24] (Realtek Semiconductor)
Task: {FF5019E2-5D2B-488F-B4C1-7F2461F6B217} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-345086361-1354177263-1882197541-10209.job => C:\Users\ah010067\AppData\Local\Citrix\GoToMeeting\6956\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-345086361-1354177263-1882197541-10209.job => C:\Users\ah010067\AppData\Local\Citrix\GoToMeeting\6956\g2mupload.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForah010067.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Lenovo Active Protection System.job => C:\Windows\system32\TpShUI.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-09 08:44 - 2016-11-11 03:10 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-04 06:46 - 2017-05-04 06:46 - 00050472 _____ () C:\Program Files (x86)\Astria Solutions Group\Eclipse Client Service\Astria.Client.WindowsServices.AutomationService.exe
2016-12-16 11:09 - 2016-12-16 11:09 - 02531008 _____ () C:\Program Files (x86)\EFI\OFASQ2\ofaApp.exe
2017-04-13 16:32 - 2017-04-13 16:32 - 00090768 _____ () C:\Program Files (x86)\ScreenConnect Client (2983e16809ce38ec)\ScreenConnect.ClientService.exe
2017-01-17 22:31 - 2017-01-17 22:31 - 00248856 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2015-05-26 22:45 - 2015-05-26 22:45 - 00222552 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
2016-11-15 15:23 - 2016-11-15 15:23 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-14 18:10 - 2016-11-03 02:36 - 00384496 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-12-09 08:44 - 2016-09-06 21:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-09 08:44 - 2016-11-11 02:23 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-05-26 05:35 - 2017-04-28 08:03 - 00200560 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2016-12-16 11:11 - 2016-01-06 06:16 - 06345360 _____ () C:\Program Files (x86)\Fiery\Fiery Software Manager\Fiery Software Manager.exe
2017-05-26 05:45 - 2017-05-26 05:45 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-26 05:45 - 2017-05-26 05:45 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-26 05:45 - 2017-05-26 05:45 - 43202048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-26 05:45 - 2017-05-26 05:45 - 02442752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\skypert.dll
2016-12-09 08:45 - 2016-11-02 03:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-12-09 08:45 - 2016-11-02 03:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-12-09 08:44 - 2016-11-02 03:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-12-09 08:45 - 2016-11-02 03:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-12-09 08:45 - 2016-11-02 03:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-12-09 08:45 - 2016-11-02 03:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-06-03 15:49 - 2016-01-07 22:41 - 05150368 _____ () C:\Users\ah010067\AppData\Local\Temp\RarSFX0\FSM\Fiery Software Manager.exe
2017-05-12 11:58 - 2017-05-09 02:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-12 11:58 - 2017-05-09 02:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2015-08-17 10:03 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2015-08-17 10:03 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2015-05-26 22:31 - 2015-05-26 22:31 - 00293208 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\sqlite3.dll
2015-05-26 22:31 - 2015-05-26 22:31 - 00080216 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\zlib125.dll
2015-05-26 22:32 - 2015-05-26 22:32 - 00016728 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui.dll
2016-12-16 11:07 - 2014-11-27 15:37 - 00194048 _____ () C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\curllib.dll
2016-12-16 11:07 - 2014-11-27 15:37 - 00110592 _____ () C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\OpenLDAP.dll
2016-12-16 11:09 - 2016-12-16 11:09 - 00663552 _____ () C:\Program Files (x86)\EFI\OFASQ2\LIBEXPAT.dll
2017-02-16 17:16 - 2017-02-16 17:16 - 20629504 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\opencv_imgproc310.dll
2017-02-16 17:16 - 2017-02-16 17:16 - 08968192 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\opencv_core310.dll
2017-02-16 17:17 - 2017-02-16 17:17 - 00601088 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\fontconfig.dll
2017-02-16 17:17 - 2017-02-16 17:17 - 01152512 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\cairo.dll
2017-02-16 17:16 - 2017-02-16 17:16 - 00800768 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\opencv_photo310.dll
2017-02-16 17:15 - 2017-02-16 17:15 - 08968192 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\opencv_core300.dll
2017-02-16 17:15 - 2017-02-16 17:15 - 20629504 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\opencv_imgproc300.dll
2017-02-16 17:17 - 2017-02-16 17:17 - 01015296 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\libxml2.dll
2017-02-16 17:17 - 2017-02-16 17:17 - 00023552 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\iconv.dll
2017-02-16 17:17 - 2017-02-16 17:17 - 00588288 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\pixman-1.dll
2017-02-16 17:17 - 2017-02-16 17:17 - 00165888 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\libpng16.dll
2017-02-16 17:17 - 2017-02-16 17:17 - 00071680 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\zlib1.dll
2017-02-16 17:17 - 2017-02-16 17:17 - 00778240 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\harfbuzz.dll
2014-10-10 09:37 - 2014-10-10 09:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-06-03 15:49 - 2015-11-19 21:13 - 00181760 _____ () C:\Users\ah010067\AppData\Local\Temp\RarSFX0\FSM\cfscore.dll
2017-06-03 15:49 - 2015-11-19 21:13 - 00194048 _____ () C:\Users\ah010067\AppData\Local\Temp\RarSFX0\FSM\curllib.dll
2017-06-03 15:49 - 2015-11-19 21:13 - 00110592 _____ () C:\Users\ah010067\AppData\Local\Temp\RarSFX0\FSM\OpenLDAP.dll
2017-06-03 15:49 - 2015-11-19 21:13 - 00674304 _____ () C:\Users\ah010067\AppData\Local\Temp\RarSFX0\FSM\updater_lib\Win\GradInterface.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:A303874F [274]
AlternateDataStreams: C:\ProgramData\TEMP:AB1A1E3D [300]
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81 [330]
AlternateDataStreams: C:\ProgramData\TEMP:D5375828 [316]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (2983e16809ce38ec) => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-345086361-1354177263-1882197541-10209\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-345086361-1354177263-1882197541-10209\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2017-06-03 14:05 - 00001140 _____ C:\WINDOWS\system32\Drivers\etc\hosts
10.128.18.6 CANotes01
10.128.18.12 KDAmailCA01
10.128.18.7 irvinesvr
10.128.0.205 kmawestern
10.128.0.12 HQNotes01
10.128.0.11 HQNotes03
10.128.0.67 HQNotes04
10.128.0.59 KMASametime
10.128.71.17 KDANotesPrd0310.128.33.3 Server-473
10.128.33.5 SynologySD
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-345086361-1354177263-1882197541-10209\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Think\Think_Blue.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "Nuance Cloud Connector.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Image XChange.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SocketScan10.lnk"
HKLM\...\StartupApproved\Run: => "AcWin7Hlpr"
HKLM\...\StartupApproved\Run: => "LENOVO.TPKNRRES"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Veeam.EndPoint.Tray.exe"
HKLM\...\StartupApproved\Run32: => "Integrated Camera_Monitor"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "IMSS"
HKLM\...\StartupApproved\Run32: => "OfficeScanNT Monitor"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "E3 System Tray Application"
HKLM\...\StartupApproved\Run32: => "InboxMonitor"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "PDF8 Registry Controller"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-345086361-1354177263-1882197541-10209\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-345086361-1354177263-1882197541-10209\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-345086361-1354177263-1882197541-10209\...\StartupApproved\Run: => "HP Officejet 6700 (NET)"
HKU\S-1-5-21-345086361-1354177263-1882197541-10209\...\StartupApproved\Run: => "ClipboardFusion"
HKU\S-1-5-21-345086361-1354177263-1882197541-10209\...\StartupApproved\Run: => "Jing"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{E0C3F4D0-11D6-4A8E-AD32-53B13C254747}C:\users\ah010067\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\ah010067\appdata\local\logmein client\lmiignition.exe
FirewallRules: [TCP Query User{58A531B0-335C-4634-8547-4A6C504EB642}C:\users\ah010067\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\ah010067\appdata\local\logmein client\lmiignition.exe
FirewallRules: [{64B1EC9F-9D82-4C8D-B03E-D7A5DE774A2D}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{D291391D-6019-44D6-9DCA-5AE8B6E9A8AC}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{1CBD33CF-5A03-40E9-A002-27D2CD7C476E}] => (Allow) C:\Users\Admin\Downloads\ASD5_trial_en-US.exe
FirewallRules: [{C32941D0-73A9-4FB5-99D6-EECFC003A2A1}] => (Allow) C:\Users\Admin\Downloads\ASD5_trial_en-US.exe
FirewallRules: [{A0B8AB54-3723-4156-A1B3-0B5733FE1CEE}] => (Allow) C:\Users\Admin\Downloads\ASD5_trial_en-US.exe
FirewallRules: [{E2C90C1F-66E0-4275-8845-7E82C6C362CE}] => (Allow) C:\Users\Admin\Downloads\ASD5_trial_en-US.exe
FirewallRules: [TCP Query User{6C19C6CF-4930-407E-A494-5A053B4E7C27}C:\users\ah010067\appdata\local\logmein client\lmiignition.exe] => (Block) C:\users\ah010067\appdata\local\logmein client\lmiignition.exe
FirewallRules: [UDP Query User{262569F2-91AE-424F-A1EF-261D8BF2376A}C:\users\ah010067\appdata\local\logmein client\lmiignition.exe] => (Block) C:\users\ah010067\appdata\local\logmein client\lmiignition.exe
FirewallRules: [TCP Query User{2839EF3D-A464-4931-806A-B8D4E9FAA2A7}C:\users\ah010067\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\ah010067\appdata\local\logmein client\lmiignition.exe
FirewallRules: [UDP Query User{D728162E-5D30-403C-9D55-993648992AAC}C:\users\ah010067\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\ah010067\appdata\local\logmein client\lmiignition.exe
FirewallRules: [TCP Query User{6847B0A7-E3DA-47C2-8A2F-06E0AB09D91B}C:\program files (x86)\labtech client\ltclient.exe] => (Allow) C:\program files (x86)\labtech client\ltclient.exe
FirewallRules: [UDP Query User{09223135-2292-4749-89C4-82C744F8A617}C:\program files (x86)\labtech client\ltclient.exe] => (Allow) C:\program files (x86)\labtech client\ltclient.exe
FirewallRules: [TCP Query User{89BBE35A-FF09-477D-8D43-CF087A09F727}C:\program files\dell sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\dell sonicwall\global vpn client\swgvc.exe
FirewallRules: [UDP Query User{8231075A-EA9B-4082-9FE3-C56DF5D35161}C:\program files\dell sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\dell sonicwall\global vpn client\swgvc.exe
FirewallRules: [TCP Query User{B61BCBEC-68F4-4580-B792-5A58F9AA4901}C:\program files\dell sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\dell sonicwall\global vpn client\swgvc.exe
FirewallRules: [UDP Query User{2174366B-FDFE-4E19-95E9-6F47AAB8C907}C:\program files\dell sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\dell sonicwall\global vpn client\swgvc.exe
FirewallRules: [{CDCEF31A-779E-4B6E-9BA9-019677D90E02}] => (Block) C:\program files\dell sonicwall\global vpn client\swgvc.exe
FirewallRules: [{DECB678E-D9D6-4F9D-86BE-1E78933FF34F}] => (Block) C:\program files\dell sonicwall\global vpn client\swgvc.exe
FirewallRules: [TCP Query User{727A148F-6976-44FE-91B3-3B4EFDA63549}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0B594C22-E77F-41F6-B083-4256D45A5059}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{3A61E98E-3DCE-4668-95A3-E5531DBCB8B5}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{C333A20D-4864-4B56-AA78-20B4C5E53C95}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{880F27B8-EDA4-4339-BA4D-9026E7050907}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{FCC79DE4-91EB-41B4-9FE4-00959B68351F}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{28ADD29A-6919-416D-9BDA-53108845EFB1}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{CED6B88C-8D9B-4E8B-AF6A-2803A28F5421}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BE6906C7-3FED-4DA4-AE4D-53B811FE65F1}] => (Allow) LPort=35115
FirewallRules: [{5DE4D091-60FC-494C-82E6-081F4AB7FF2C}] => (Allow) LPort=35115
FirewallRules: [TCP Query User{CC712C98-00B8-428E-A1FD-55B3D1FDB575}C:\users\ah010067\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_instantchat.exe] => (Allow) C:\users\ah010067\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_instantchat.exe
FirewallRules: [UDP Query User{6B63BB41-B8BB-4DC2-99A3-8E5B18BCCD76}C:\users\ah010067\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_instantchat.exe] => (Allow) C:\users\ah010067\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_instantchat.exe
FirewallRules: [{68A5A1F4-68C2-4BAD-A391-B5C91BC1895F}] => (Allow) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\PdfRouter.exe
FirewallRules: [{C9867671-8009-4D16-BE47-EC9F03FE71F4}] => (Allow) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\PdfRouter.exe
FirewallRules: [{F3A0503B-5F68-42D0-8CC9-C5FF119D5B47}] => (Allow) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\PdfPro8Hook.exe
FirewallRules: [{E39E535C-FF9D-44ED-A3CF-85E39929DF5D}] => (Allow) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\PdfPro8Hook.exe
FirewallRules: [{83B6E6CD-180F-4947-8A4C-0E14D293EAA7}] => (Allow) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\bin\GPDFDirect.exe
FirewallRules: [{1B6B28F9-6435-40CE-88A4-28E529817857}] => (Allow) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\bin\GPDFDirect.exe
FirewallRules: [{C1C86372-BD37-48C4-BD25-7D4F06F45C80}] => (Allow) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\bin\GaaihoDoc.exe
FirewallRules: [{2B903045-86F2-4280-8439-F1D35BFC7F1D}] => (Allow) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\bin\GaaihoDoc.exe
FirewallRules: [{587858A0-BFF2-4835-B9D7-8D505D40C62C}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
FirewallRules: [{8F6E0CB3-A553-4C08-A8B4-97751C6619D1}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
FirewallRules: [{1E026676-19D0-4DC1-B3C6-5EFA05355158}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
FirewallRules: [{3378831A-AB51-4289-9973-B96C69ACF7A1}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
FirewallRules: [{F8A8B784-2E6B-43E2-A72E-1E6A19AA2EFB}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe
FirewallRules: [{E5DA34E3-3982-47BD-A39B-1B4AEA43B0FD}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe
FirewallRules: [TCP Query User{A5E5939E-C028-442F-8135-247EB495832E}C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe] => (Allow) C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe
FirewallRules: [UDP Query User{C17C465F-CA18-49E6-8A84-434FCEAC4858}C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe] => (Allow) C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe
FirewallRules: [TCP Query User{9C9DB574-6126-4995-8753-77BB0B130E16}C:\program files (x86)\astria solutions group\eclipse client service\astria.client.systray.exe] => (Allow) C:\program files (x86)\astria solutions group\eclipse client service\astria.client.systray.exe
FirewallRules: [UDP Query User{1616A78E-CEB2-4B8D-A172-35D06BF0AE8A}C:\program files (x86)\astria solutions group\eclipse client service\astria.client.systray.exe] => (Allow) C:\program files (x86)\astria solutions group\eclipse client service\astria.client.systray.exe
FirewallRules: [{6E73FB6A-B628-40F6-B365-4CE3926BD180}] => (Allow) C:\WINDOWS\system32\hasplms.exe
FirewallRules: [{ED23FD6B-25EE-40C3-99F0-028144D1C3E4}] => (Allow) C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exe
FirewallRules: [TCP Query User{487DD10B-8560-48EB-897D-270B33A6AB30}C:\program files (x86)\java\jre1.8.0_111\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\jp2launcher.exe
FirewallRules: [UDP Query User{DA25E3A0-09DA-4D49-B7BA-5DDDE1EC319C}C:\program files (x86)\java\jre1.8.0_111\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\jp2launcher.exe
FirewallRules: [{BD22083E-8081-44B6-90F5-96E5D5EDBB38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E1B306B5-6015-429D-9814-74EFB9C4307B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{55D5CC9D-346D-4E56-B4FD-E3A94DDFE9B0}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Recovery.exe
FirewallRules: [{B21D613F-E68F-4327-B8CB-AC0DD3BF9A7C}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe
FirewallRules: [{5EA66CC9-5A19-4F0D-9277-92786643C02D}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe
FirewallRules: [{592383B6-958B-4900-88FF-08D8A67C35D6}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe
FirewallRules: [{558A5EAF-CE05-4ABD-92AC-CCA347FEB139}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe
FirewallRules: [{1CE39CE4-5F83-4683-AE0A-5A81DCE165A0}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x86\VeeamAgent.exe
FirewallRules: [{D19CA029-1379-490E-95C9-EE7120CF4BA0}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x86\VeeamAgent.exe
FirewallRules: [{6AB03AB9-FEDD-4FE9-B037-3A81063A9D0B}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\VeeamDeploymentSvc.exe
FirewallRules: [{9694AAC3-D707-4926-904B-82883E089451}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\VeeamDeploymentSvc.exe
FirewallRules: [{87E86558-726E-466F-B192-E08985F5A843}] => (Allow) C:\Program Files (x86)\Lenovo\Connect2\Connect2.exe
FirewallRules: [{3E44969A-FD44-4DC3-9B4D-E4C5F4587DD1}] => (Allow) C:\Program Files (x86)\Lenovo\Connect2\Connect2.exe
FirewallRules: [{56B2C268-0B20-4AAE-95FC-06E9028850EB}] => (Allow) C:\Program Files (x86)\Lenovo\Connect2\Connect2.exe
FirewallRules: [{2B3755AA-546D-4B33-A543-6BD5120EED90}] => (Allow) LPort=8298
FirewallRules: [{AE94DEB9-CCAA-425A-9026-60CE324E00AC}] => (Allow) C:\Program Files (x86)\ShowMyPCService\tvnserver.exe
FirewallRules: [{49D59EF6-40B6-4571-BB8F-36CE8E4EFE62}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{1C343559-DCE2-41D4-B392-3340A90C2B76}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{3450B9F1-55D8-4CC6-AEA8-56C19CE3FEE2}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{EAC66EDB-58B2-4521-8CDF-71DB0AE961FC}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{4BED7D52-74AC-4FFE-9479-C8B2ADF0E60F}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{DD4C5882-CD91-4D67-B2AB-82A723A4C857}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{10793D0E-402B-4A19-B6DC-3575918E9A0C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{8B6F6AAB-BAB1-413D-8835-B309D54E228D}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [TCP Query User{2FDCF9E8-5CDF-4348-8C56-860C228A6B16}C:\program files (x86)\screenconnect client (2983e16809ce38ec)\screenconnect.windowsclient.exe] => (Allow) C:\program files (x86)\screenconnect client (2983e16809ce38ec)\screenconnect.windowsclient.exe
FirewallRules: [UDP Query User{00592C62-74F4-4FC6-8F72-F0F8823955A6}C:\program files (x86)\screenconnect client (2983e16809ce38ec)\screenconnect.windowsclient.exe] => (Allow) C:\program files (x86)\screenconnect client (2983e16809ce38ec)\screenconnect.windowsclient.exe
FirewallRules: [{6E6C09A3-94F0-43C1-B8ED-6F79D8CD0325}] => (Allow) C:\Users\ah010067\AppData\Local\Temp\RarSFX0\FSM\Fiery Software Manager.exe
==================== Restore Points =========================
26-05-2017 05:34:59 Installed Lenovo Settings - Power
01-06-2017 16:04:10 Configured Microsoft Office Standard 2013
02-06-2017 16:20:07 Micron SSD Cache 1.7.3.0 removal
==================== Faulty Device Manager Devices =============
Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/03/2017 04:54:09 PM) (Source: EclipseAutomationService) (EventID: 0) (User: )
Description: Automation Engine SignalR Hub Warning: System.Net.WebSockets.WebSocketException (0x80004005): An internal WebSocket error occurred. Please see the innerException, if present, for more details. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)
at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at System.Net.Security._SslStream.EndRead(IAsyncResult asyncResult)
at System.Net.TlsStream.EndRead(IAsyncResult asyncResult)
at System.Net.PooledStream.EndRead(IAsyncResult asyncResult)
at System.IO.Stream.<>c.<BeginEndReadAsync>b__43_1(Stream stream, IAsyncResult asyncResult)
at System.Threading.Tasks.TaskFactory`1.FromAsyncTrimPromise`1.Complete(TInstance thisRef, Func`3 endMethod, IAsyncResult asyncResult, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Net.WebSockets.WebSocketConnectionStream.<ReadAsync>d__21.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at System.Net.WebSockets.WebSocketBase.WebSocketOperation.<Process>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Net.WebSockets.WebSocketBase.<ReceiveAsyncCore>d__45.MoveNext()
at System.Net.WebSockets.WebSocketBase.ThrowIfConvertibleException(String methodName, Exception exception, CancellationToken cancellationToken, Boolean aborted)
at System.Net.WebSockets.WebSocketBase.<ReceiveAsyncCore>d__45.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNet.SignalR.WebSockets.WebSocketMessageReader.<ReadMessageAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNet.SignalR.WebSockets.WebSocketHandler.<ProcessWebSocketRequestAsync>d__25.MoveNext()
Error: (06/03/2017 04:24:02 PM) (Source: EclipseAutomationService) (EventID: 0) (User: )
Description: Automation Engine SignalR Hub Warning: System.Net.WebSockets.WebSocketException (0x80004005): An internal WebSocket error occurred. Please see the innerException, if present, for more details. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)
at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at System.Net.Security._SslStream.EndRead(IAsyncResult asyncResult)
at System.Net.TlsStream.EndRead(IAsyncResult asyncResult)
at System.Net.PooledStream.EndRead(IAsyncResult asyncResult)
at System.IO.Stream.<>c.<BeginEndReadAsync>b__43_1(Stream stream, IAsyncResult asyncResult)
at System.Threading.Tasks.TaskFactory`1.FromAsyncTrimPromise`1.Complete(TInstance thisRef, Func`3 endMethod, IAsyncResult asyncResult, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Net.WebSockets.WebSocketConnectionStream.<ReadAsync>d__21.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at System.Net.WebSockets.WebSocketBase.WebSocketOperation.<Process>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Net.WebSockets.WebSocketBase.<ReceiveAsyncCore>d__45.MoveNext()
at System.Net.WebSockets.WebSocketBase.ThrowIfConvertibleException(String methodName, Exception exception, CancellationToken cancellationToken, Boolean aborted)
at System.Net.WebSockets.WebSocketBase.<ReceiveAsyncCore>d__45.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNet.SignalR.WebSockets.WebSocketMessageReader.<ReadMessageAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNet.SignalR.WebSockets.WebSocketHandler.<ProcessWebSocketRequestAsync>d__25.MoveNext()
Error: (06/03/2017 04:20:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Procmon64.exe version 3.33.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 264c
Start Time: 01d2dcbea82ce7fc
Termination Time: 13
Application Path: C:\Users\ah010067\AppData\Local\Temp\Procmon64.exe
Report Id: 989fc934-48b2-11e7-a97b-185e0f69d083
Faulting package full name:
Faulting package-relative application ID:
Error: (06/03/2017 04:05:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: KMA)
Description: Package E046963F.LenovoCompanion_3.73.1.0_x86__k1h2ywk1493x8+App was terminated because it took too long to suspend.
Error: (06/03/2017 04:05:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: KMA)
Description: Package Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
Error: (06/03/2017 03:54:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KMA)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/03/2017 03:54:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: KMA)
Description: App Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI did not launch within its allotted time.
Error: (06/03/2017 03:47:08 PM) (Source: EclipseAutomationService) (EventID: 0) (User: )
Description: Database Sync Engine:System.NullReferenceException: Object reference not set to an instance of an object.
at Astria.Client.Service.DatabaseSyncEngine.SyncEligible()
at Astria.Client.Service.DatabaseSyncEngine.SyncDatabase(Object state)
Error: (06/03/2017 03:47:05 PM) (Source: EclipseAutomationService) (EventID: 0) (User: )
Description: Database Sync Engine:System.NullReferenceException: Object reference not set to an instance of an object.
at Astria.Client.Service.DatabaseSyncEngine.SyncEligible()
at Astria.Client.Service.DatabaseSyncEngine.CheckMachineIdChange()
Error: (06/03/2017 03:47:03 PM) (Source: EclipseAutomationService) (EventID: 0) (User: )
Description: Scheduled Task Engine:Astria.Framework.DataContracts.CustomExceptions.EclipseApplicationException:
The remote name could not be resolved: 'cloud3.docstar.com'
at Astria.Framework.DataContracts.ExceptionsML.Check(ExceptionsML ex)
at Astria.Client.Service.ScheduledTaskEngine.GetServiceBuilder(AutomationServiceSettings settings)
at Astria.Client.Service.ScheduledTaskEngine.LoadScheduledTasks(AutomationServiceSettings settings)
at Astria.Client.Service.ScheduledTaskEngine.mainTimerTick(Object state)
System errors:
=============
Error: (06/03/2017 05:19:04 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (06/03/2017 03:54:11 PM) (Source: DCOM) (EventID: 10010) (User: KMA)
Description: The server CortanaUI did not register with DCOM within the required timeout.
Error: (06/03/2017 03:48:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/03/2017 03:48:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/03/2017 03:48:06 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: KMA)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (06/03/2017 03:47:13 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain KMA due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
Error: (06/03/2017 03:47:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tmlisten service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/03/2017 03:47:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the tmlisten service to connect.
Error: (06/03/2017 03:47:04 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (06/03/2017 03:47:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
CodeIntegrity:
===================================
Date: 2017-06-03 10:53:26.949
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-06-02 07:23:50.310
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-05-25 18:21:50.660
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-05-14 19:16:57.479
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-05-12 15:17:09.745
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-05-01 07:53:25.436
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2017-05-01 07:53:25.392
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2017-05-01 07:53:25.351
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2017-05-01 07:53:25.288
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2017-05-01 07:53:25.269
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 25%
Total physical RAM: 11984.09 MB
Available physical RAM: 8952.46 MB
Total Virtual: 24272.09 MB
Available Virtual: 20319.68 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:474.53 GB) (Free:142.6 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 1A98BEDF)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=474.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=504 MB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 2B312FA8)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)
==================== End of Addition.txt ============================
Sign In
Create Account
