Page 1 of 3 123 LastLast
Results 1 to 10 of 24
  1. #1
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default C:\ProgramData\rs\drsetup.exe

    Can somebody tell me what this is and if I need be concerned? If I look in the 'rs' folder, there are many screenshots from my laptop

    Thanks


    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 21/11/2014
    Scan Time: 04:11:33
    Logfile: MBAMLog.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.21.02
    Rootkit Database: v2014.11.18.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Steve Povey

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 456690
    Time Elapsed: 5 min, 50 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    Trojan.Agent, C:\ProgramData\rs\drsetup.exe, Quarantined, [4c1a2c12b0ccc96d81d7b883df230ff1],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,
    The application drsetup.exe has been detected as a potentially unwanted program by 26 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source.




    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  3. #3
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default

    Here you are






    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
    Ran by Steve Povey (administrator) on LENOVO on 22-11-2014 00:08:03
    Running from C:\Users\Steve Povey\Desktop
    Loaded Profile: Steve Povey (Available profiles: Steve Povey & Guest)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
    () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
    (Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    (Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
    (Realtek semiconductor) C:\Windows\RTFTrack.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
    () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
    () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
    (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
    (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
    (Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
    () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-02] (Intel Corporation)
    HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2013-12-29] (Lenovo)
    HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2013-12-29] ()
    HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59925488 2013-12-29] (Lenovo(beijing) Limited)
    HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-12-29] (Lenovo(beijing) Limited)
    HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
    HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [90640 2013-07-09] (Lenovo)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3014982265-1691719775-2840682121-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
    HKU\S-1-5-21-3014982265-1691719775-2840682121-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [468192 2014-10-15] (Sony)
    HKU\S-1-5-21-3014982265-1691719775-2840682121-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-06] (SUPERAntiSpyware)
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
    ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3014982265-1691719775-2840682121-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCJB
    HKU\S-1-5-21-3014982265-1691719775-2840682121-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Buy Computers Laptops & Tablets | For Those Who Do | Lenovo US
    SearchScopes: HKLM -> DefaultScope {1F8B7367-5EBB-4FCB-990F-487789BC2E7D} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {1F8B7367-5EBB-4FCB-990F-487789BC2E7D} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
    SearchScopes: HKLM-x32 -> DefaultScope {1F8B7367-5EBB-4FCB-990F-487789BC2E7D} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {1F8B7367-5EBB-4FCB-990F-487789BC2E7D} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
    SearchScopes: HKU\S-1-5-21-3014982265-1691719775-2840682121-1001 -> {1F8B7367-5EBB-4FCB-990F-487789BC2E7D} URL =
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

    FireFox:
    ========
    FF ProfilePath: C:\Users\Steve Povey\AppData\Roaming\Mozilla\Firefox\Profiles\cn6z7muz.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
    FF Plugin HKU\S-1-5-21-3014982265-1691719775-2840682121-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
    FF Plugin HKU\S-1-5-21-3014982265-1691719775-2840682121-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    FF Plugin ProgramFiles/Appdata: C:\Users\Steve Povey\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Extension: Default Full Zoom Level - C:\Users\Steve Povey\AppData\Roaming\Mozilla\Firefox\Profiles\cn6z7muz.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014-11-05]
    FF Extension: Theme Font & Size Changer - C:\Users\Steve Povey\AppData\Roaming\Mozilla\Firefox\Profiles\cn6z7muz.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2014-08-14]

    Chrome:
    =======

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
    R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
    R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.)
    R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-02] (Intel Corporation)
    R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-02] (Intel Corporation)
    R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-02] (Intel Corporation)
    R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-02] (Intel Corporation)
    R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
    R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-30] (Intel Corporation)
    R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] ()
    S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
    R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2013-12-29] (Lenovo)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] ()
    R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-28] (Nitro PDF Software)
    R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [162600 2013-08-30] (PointGrab LTD)
    R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [249872 2013-12-29] (Lenovo)
    S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [328720 2013-12-29] (Lenovo)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-13] (Realtek Semiconductor)
    R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-12-29] ()
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
    R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32016 2013-12-29] (Lenovo)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
    R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
    R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
    R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-02] (Intel Corporation)
    R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-02] (Intel Corporation)
    R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-02] (Intel Corporation)
    S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-10] (Intel Corporation)
    R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] ()
    R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] ()
    R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] ()
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] ()
    S3 L6PODHD5; C:\Windows\System32\Drivers\L6PODHD564.sys [772864 2013-07-11] (Line 6)
    S3 l6SonicPortVX; C:\Windows\System32\Drivers\l6SonicPortVX.sys [233984 2014-07-29] (Line 6)
    S3 l6SonicPortVX_AvsFilter; C:\Windows\system32\DRIVERS\l6SonicPortVX_AvsFilter.sys [98944 2014-07-29] (Line 6)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
    R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-19] (Intel Corporation)
    S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
    S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-29] (Synaptics Incorporated)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
    S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
    S1 bevmikgz; \??\C:\windows\system32\drivers\bevmikgz.sys [X]
    S1 dgjuwoor; \??\C:\windows\system32\drivers\dgjuwoor.sys [X]
    S1 dvjsdnoq; \??\C:\windows\system32\drivers\dvjsdnoq.sys [X]
    S1 fylrfdrp; \??\C:\windows\system32\drivers\fylrfdrp.sys [X]
    S1 hhkkmtbx; \??\C:\windows\system32\drivers\hhkkmtbx.sys [X]
    S1 iqehqoxa; \??\C:\windows\system32\drivers\iqehqoxa.sys [X]
    S1 jvifhvtx; \??\C:\windows\system32\drivers\jvifhvtx.sys [X]
    S1 myaaweax; \??\C:\windows\system32\drivers\myaaweax.sys [X]
    S3 NPF; system32\drivers\npf.sys [X]
    S1 sgabhgfj; \??\C:\windows\system32\drivers\sgabhgfj.sys [X]
    S1 tvinzleb; \??\C:\windows\system32\drivers\tvinzleb.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-22 00:08 - 2014-11-22 00:08 - 00018885 _____ () C:\Users\Steve Povey\Desktop\FRST.txt
    2014-11-22 00:07 - 2014-11-22 00:08 - 00000000 ____D () C:\FRST
    2014-11-22 00:07 - 2014-11-22 00:07 - 02117632 _____ (Farbar) C:\Users\Steve Povey\Desktop\FRST64.exe
    2014-11-22 00:06 - 2014-11-22 00:06 - 00000000 ____D () C:\Users\Steve Povey\Downloads\Forbar
    2014-11-21 23:56 - 2014-11-21 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
    2014-11-21 08:52 - 2014-11-21 08:52 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3014982265-1691719775-2840682121-1011
    2014-11-21 08:48 - 2014-11-21 08:48 - 00003914 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{37DD8601-A719-4CD1-AE28-A24512EB33FB}
    2014-11-21 08:47 - 2014-11-21 09:17 - 00000000 ____D () C:\Users\test.Lenovo.001
    2014-11-21 08:40 - 2014-11-21 08:40 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3014982265-1691719775-2840682121-1010
    2014-11-21 08:33 - 2014-11-21 08:42 - 00000000 ____D () C:\Users\test.Lenovo.000
    2014-11-21 02:52 - 2014-11-21 02:54 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3014982265-1691719775-2840682121-1009
    2014-11-21 02:47 - 2014-11-21 03:59 - 00000000 ____D () C:\Users\test2.Lenovo
    2014-11-21 02:40 - 2014-11-21 02:54 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3014982265-1691719775-2840682121-1008
    2014-11-21 02:35 - 2014-11-21 03:54 - 00000000 ____D () C:\Users\test.Lenovo
    2014-11-21 00:49 - 2014-11-21 01:01 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3014982265-1691719775-2840682121-1007
    2014-11-21 00:44 - 2014-11-21 02:18 - 00000000 ____D () C:\Users\Test2
    2014-11-20 19:59 - 2014-11-21 01:02 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3014982265-1691719775-2840682121-1006
    2014-11-20 19:55 - 2014-11-21 01:55 - 00003914 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{D77A382A-E10F-494F-B25F-666AAF98B39C}
    2014-11-20 19:54 - 2014-11-21 02:19 - 00000000 ____D () C:\Users\Test
    2014-11-19 23:14 - 2014-11-19 23:14 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
    2014-11-19 23:14 - 2014-11-19 23:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
    2014-11-19 08:31 - 2014-11-19 08:31 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
    2014-11-19 08:30 - 2014-11-19 08:30 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList
    2014-11-19 08:30 - 2014-11-19 08:30 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList
    2014-11-19 08:30 - 2014-11-19 08:30 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieBrowserModeList
    2014-11-19 08:30 - 2014-11-19 08:30 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Intel Corporation
    2014-11-19 01:12 - 2014-11-19 01:13 - 00000000 ____D () C:\Users\Guest
    2014-11-19 01:12 - 2014-11-19 01:12 - 00001453 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-11-19 01:12 - 2014-11-19 01:12 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
    2014-11-19 01:12 - 2014-11-19 01:12 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Intel
    2014-11-19 01:12 - 2014-11-19 01:12 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
    2014-11-19 01:12 - 2014-11-19 01:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
    2014-11-19 01:12 - 2014-11-19 01:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Packages
    2014-11-19 01:12 - 2014-11-15 09:44 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-11-19 01:12 - 2014-09-15 09:02 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-11-19 01:12 - 2014-04-10 08:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Garmin
    2014-11-19 01:12 - 2014-02-22 04:37 - 00000369 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2014-11-19 01:12 - 2014-02-22 04:37 - 00000369 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2014-11-19 01:12 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-11-19 01:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-11-18 23:12 - 2014-11-09 23:19 - 00991232 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-11-18 23:12 - 2014-11-09 23:19 - 00806400 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-11-18 23:12 - 2014-11-09 23:18 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
    2014-11-18 23:12 - 2014-11-09 23:18 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
    2014-11-17 16:24 - 2014-11-17 16:26 - 00022016 ___SH () C:\Users\Steve Povey\Documents\Thumbs.db
    2014-11-17 12:57 - 2014-11-17 13:15 - 00010297 _____ () C:\Users\Steve Povey\Desktop\Building.ods
    2014-11-15 17:34 - 2014-11-21 04:17 - 00000000 ___HD () C:\ProgramData\rs
    2014-11-15 17:34 - 2014-11-21 04:17 - 00000000 ____D () C:\ProgramData\sa
    2014-11-15 09:46 - 2014-11-15 09:46 - 00000000 __SHD () C:\Users\Steve Povey\AppData\Local\EmieBrowserModeList
    2014-11-12 13:40 - 2014-09-22 04:38 - 01519488 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
    2014-11-12 13:40 - 2014-09-22 03:06 - 00258368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
    2014-11-12 13:40 - 2014-09-22 03:06 - 00114496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
    2014-11-12 13:40 - 2014-09-22 02:49 - 00035320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
    2014-11-12 13:40 - 2014-09-19 00:16 - 01346048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
    2014-11-12 13:40 - 2014-09-02 22:08 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\winshfhc.dll
    2014-11-12 13:40 - 2014-09-02 22:08 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\winshfhc.dll
    2014-11-12 13:39 - 2014-10-13 02:33 - 00116032 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
    2014-11-12 13:39 - 2014-10-11 00:58 - 03320320 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-11-12 13:39 - 2014-10-11 00:53 - 03607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-11-12 13:39 - 2014-10-08 07:30 - 00110080 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
    2014-11-12 13:39 - 2014-10-08 07:09 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
    2014-11-12 13:39 - 2014-10-08 06:27 - 00325120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
    2014-11-12 13:39 - 2014-10-08 05:32 - 02773504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2014-11-12 13:39 - 2014-10-08 05:19 - 02459136 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
    2014-11-12 13:39 - 2014-09-27 07:13 - 00104336 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
    2014-11-12 13:39 - 2014-09-27 05:24 - 00088800 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
    2014-11-12 13:39 - 2014-09-27 03:38 - 00426496 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2014-11-12 13:39 - 2014-09-27 03:30 - 00185856 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
    2014-11-12 13:39 - 2014-09-27 03:17 - 00357376 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2014-11-12 13:38 - 2014-10-10 01:58 - 00177472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2014-11-12 13:38 - 2014-10-10 01:58 - 00027456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
    2014-11-12 13:38 - 2014-10-10 01:44 - 00563976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
    2014-11-12 13:38 - 2014-10-08 07:37 - 00736768 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2014-11-12 13:38 - 2014-10-08 07:37 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2014-11-12 13:38 - 2014-10-08 07:34 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
    2014-11-12 13:38 - 2014-10-08 07:24 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\rfxvmt.dll
    2014-11-12 13:38 - 2014-10-08 06:56 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
    2014-11-12 13:38 - 2014-10-08 06:51 - 00736768 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2014-11-12 13:38 - 2014-10-08 06:51 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2014-11-12 13:38 - 2014-10-08 06:18 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
    2014-11-12 13:38 - 2014-10-08 06:17 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-11-12 13:38 - 2014-10-08 05:23 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
    2014-11-12 13:36 - 2014-10-31 05:28 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-11-12 13:36 - 2014-10-31 03:42 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-11-12 13:36 - 2014-10-18 09:55 - 00055776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2014-11-12 13:36 - 2014-10-18 08:09 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2014-11-12 13:36 - 2014-10-18 08:09 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
    2014-11-12 13:36 - 2014-10-18 07:25 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
    2014-11-12 13:36 - 2014-10-18 06:50 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
    2014-11-12 13:36 - 2014-10-18 06:38 - 03557376 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2014-11-12 13:36 - 2014-10-18 06:27 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2014-11-12 13:36 - 2014-10-18 06:26 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2014-11-12 13:36 - 2014-10-18 06:23 - 00407552 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
    2014-11-12 13:36 - 2014-10-18 06:23 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2014-11-12 13:36 - 2014-10-18 06:21 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2014-11-12 13:36 - 2014-10-18 06:20 - 01714176 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2014-11-12 13:36 - 2014-10-18 06:14 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2014-11-12 13:36 - 2014-10-18 06:14 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2014-11-12 13:36 - 2014-10-18 06:12 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2014-11-12 13:36 - 2014-10-18 06:11 - 00723968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2014-11-12 13:36 - 2014-10-17 07:01 - 00789184 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2014-11-12 13:36 - 2014-10-17 06:58 - 00602768 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
    2014-11-12 13:35 - 2014-10-31 05:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
    2014-11-12 13:35 - 2014-10-31 05:12 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
    2014-11-12 13:35 - 2014-10-31 05:10 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
    2014-11-12 13:35 - 2014-10-31 05:09 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
    2014-11-12 13:35 - 2014-10-31 05:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
    2014-11-12 13:35 - 2014-10-31 05:06 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-11-12 13:35 - 2014-10-31 05:06 - 00237568 _____ (Microsoft Corporation) C:\windows\system32\url.dll
    2014-11-12 13:35 - 2014-10-31 05:06 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-11-12 13:35 - 2014-10-31 05:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-11-12 13:35 - 2014-10-31 05:05 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-11-12 13:35 - 2014-10-31 05:05 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2014-11-12 13:35 - 2014-10-31 05:04 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-11-12 13:35 - 2014-10-31 04:57 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-11-12 13:35 - 2014-10-31 04:56 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-11-12 13:35 - 2014-10-31 04:54 - 00132096 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
    2014-11-12 13:35 - 2014-10-31 04:53 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-11-12 13:35 - 2014-10-31 04:52 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
    2014-11-12 13:35 - 2014-10-31 04:51 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2014-11-12 13:35 - 2014-10-31 04:51 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-11-12 13:35 - 2014-10-31 04:51 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-11-12 13:35 - 2014-10-31 04:50 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-11-12 13:35 - 2014-10-31 04:50 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-11-12 13:35 - 2014-10-31 04:40 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
    2014-11-12 13:35 - 2014-10-31 04:38 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-11-12 13:35 - 2014-10-31 04:30 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-12 13:35 - 2014-10-31 04:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
    2014-11-12 13:35 - 2014-10-31 04:29 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
    2014-11-12 13:35 - 2014-10-31 04:28 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
    2014-11-12 13:35 - 2014-10-31 04:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-11-12 13:35 - 2014-10-31 04:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-11-12 13:35 - 2014-10-31 04:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
    2014-11-12 13:35 - 2014-10-31 04:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
    2014-11-12 13:35 - 2014-10-31 04:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-11-12 13:35 - 2014-10-31 04:19 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
    2014-11-12 13:35 - 2014-10-31 04:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
    2014-11-12 13:35 - 2014-10-31 04:08 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2014-11-12 13:35 - 2014-10-31 04:06 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-11-12 13:35 - 2014-10-31 04:05 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-11-12 13:35 - 2014-10-31 04:05 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-11-12 13:35 - 2014-10-31 04:03 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-11-12 13:35 - 2014-10-31 03:59 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-11-12 13:35 - 2014-10-31 03:45 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-11-12 13:35 - 2014-10-31 03:44 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
    2014-11-12 13:35 - 2014-10-31 03:42 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
    2014-11-12 13:35 - 2014-10-31 03:32 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-11-12 13:35 - 2014-10-31 03:28 - 00137728 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
    2014-11-12 13:35 - 2014-10-31 03:28 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
    2014-11-12 13:35 - 2014-10-31 03:27 - 00152064 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
    2014-11-12 13:35 - 2014-10-31 03:26 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
    2014-11-12 13:35 - 2014-10-31 03:25 - 00011264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
    2014-11-12 13:35 - 2014-10-31 03:24 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-11-12 13:35 - 2014-10-31 03:24 - 00235520 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
    2014-11-12 13:35 - 2014-10-31 03:24 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-11-12 13:35 - 2014-10-31 03:23 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2014-11-12 13:35 - 2014-10-31 03:23 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-11-12 13:35 - 2014-10-31 03:22 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-11-12 13:35 - 2014-10-31 03:20 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-11-12 13:35 - 2014-10-31 03:18 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-11-12 13:35 - 2014-10-31 03:16 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-11-12 13:35 - 2014-10-31 03:15 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-11-12 13:35 - 2014-10-31 03:14 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
    2014-11-12 13:35 - 2014-10-31 03:13 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-11-12 13:35 - 2014-10-31 03:13 - 00099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
    2014-11-12 13:35 - 2014-10-31 03:12 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2014-11-12 13:35 - 2014-10-31 03:12 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-11-12 13:35 - 2014-10-31 03:11 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-11-12 13:35 - 2014-10-31 03:03 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
    2014-11-12 13:35 - 2014-10-31 03:02 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-11-12 13:35 - 2014-10-31 02:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-12 13:35 - 2014-10-31 02:56 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
    2014-11-12 13:35 - 2014-10-31 02:56 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
    2014-11-12 13:35 - 2014-10-31 02:56 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
    2014-11-12 13:35 - 2014-10-31 02:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-11-12 13:35 - 2014-10-31 02:53 - 00052736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
    2014-11-12 13:35 - 2014-10-31 02:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-11-12 13:35 - 2014-10-31 02:51 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
    2014-11-12 13:35 - 2014-10-31 02:50 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-11-12 13:35 - 2014-10-31 02:48 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
    2014-11-12 13:35 - 2014-10-31 02:46 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-11-12 13:35 - 2014-10-31 02:46 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
    2014-11-12 13:35 - 2014-10-31 02:42 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
    2014-11-12 13:35 - 2014-10-31 02:40 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-11-12 13:35 - 2014-10-31 02:40 - 00325632 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-11-12 13:35 - 2014-10-31 02:39 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-11-12 13:35 - 2014-10-31 02:30 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-11-12 13:35 - 2014-10-31 02:26 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
    2014-11-12 13:35 - 2014-10-31 02:24 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
    2014-11-12 13:35 - 2014-10-31 02:17 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-11-12 13:35 - 2014-10-31 02:13 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-11-12 13:35 - 2014-10-31 02:11 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-11-12 13:33 - 2014-11-04 23:38 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-11-12 13:33 - 2014-11-04 00:10 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-11-12 13:33 - 2014-10-31 04:53 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2014-11-12 13:33 - 2014-10-31 04:49 - 00537088 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-11-12 13:33 - 2014-10-31 04:24 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2014-11-12 13:33 - 2014-10-23 05:48 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
    2014-11-12 13:33 - 2014-10-23 05:05 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
    2014-11-12 13:33 - 2014-10-07 06:28 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2014-11-12 13:33 - 2014-10-07 06:27 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2014-11-12 13:33 - 2014-10-07 06:27 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2014-11-12 13:33 - 2014-10-07 06:27 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
    2014-11-12 13:33 - 2014-10-07 06:27 - 00108432 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2014-11-12 13:33 - 2014-10-07 03:34 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
    2014-11-12 13:33 - 2014-10-07 03:34 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
    2014-11-12 13:33 - 2014-10-07 03:33 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
    2014-11-12 13:33 - 2014-10-07 03:30 - 04182016 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-11-12 13:33 - 2014-10-07 01:54 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
    2014-11-12 13:33 - 2014-10-07 01:46 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2014-11-12 13:33 - 2014-09-10 06:25 - 00474432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
    2014-11-12 13:33 - 2014-09-08 03:07 - 02497344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
    2014-11-12 13:33 - 2014-09-04 22:30 - 00822272 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
    2014-11-12 13:33 - 2014-09-04 22:21 - 01053184 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
    2014-11-12 13:33 - 2014-09-04 03:05 - 00836176 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
    2014-11-12 13:33 - 2014-09-04 02:22 - 00670384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
    2014-11-12 13:33 - 2014-09-04 01:01 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
    2014-11-12 13:33 - 2014-09-04 00:32 - 00334336 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
    2014-11-12 13:33 - 2014-08-31 00:15 - 21197152 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
    2014-11-12 13:33 - 2014-08-30 22:59 - 18723112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
    2014-11-12 13:33 - 2014-08-30 21:04 - 00941568 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
    2014-11-12 13:33 - 2014-08-30 20:17 - 00799744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
    2014-11-12 13:33 - 2014-08-28 02:55 - 07484224 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2014-11-12 13:33 - 2014-08-28 00:21 - 02480128 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
    2014-11-12 13:33 - 2014-08-28 00:06 - 02030592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
    2014-11-12 13:33 - 2014-08-23 05:18 - 02149376 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2014-11-12 13:33 - 2014-08-23 05:14 - 13424128 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
    2014-11-12 13:33 - 2014-08-23 05:04 - 11820544 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
    2014-11-12 13:33 - 2014-08-23 05:03 - 01346048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2014-11-12 13:33 - 2014-08-23 04:50 - 02714112 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
    2014-11-12 13:32 - 2014-09-08 03:07 - 00428864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
    2014-11-12 13:32 - 2014-09-07 22:08 - 00389176 _____ () C:\windows\system32\ApnDatabase.xml
    2014-11-12 13:32 - 2014-08-31 00:17 - 00148800 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
    2014-11-12 13:32 - 2014-08-30 22:05 - 00615424 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll
    2014-11-12 13:32 - 2014-08-30 21:58 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll
    2014-11-12 13:32 - 2014-08-30 20:53 - 00239104 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll
    2014-11-12 13:32 - 2014-08-02 00:51 - 00545792 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
    2014-11-12 13:32 - 2014-08-02 00:35 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
    2014-11-11 14:22 - 2014-11-11 14:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-10-28 21:02 - 2014-10-28 21:02 - 00295104 _____ () C:\windows\Minidump\102814-4531-01.dmp
    2014-10-28 16:16 - 2014-10-28 16:19 - 00000016 _____ () C:\Users\Steve Povey\AppData\Roaming\msregsvv.dll
    2014-10-28 16:16 - 2014-10-28 16:19 - 00000016 _____ () C:\ProgramData\autobk.inc
    2014-10-28 16:16 - 2014-10-28 16:16 - 00000000 ____D () C:\Users\Steve Povey\AppData\Roaming\IK Multimedia
    2014-10-28 16:13 - 2014-10-28 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
    2014-10-28 16:13 - 2014-10-28 16:13 - 00001240 _____ () C:\Users\Steve Povey\Desktop\Custom Shop.lnk
    2014-10-28 16:12 - 2014-10-28 16:21 - 00000000 ____D () C:\Program Files (x86)\IK Multimedia
    2014-10-28 16:12 - 2014-10-28 16:13 - 00000000 ____D () C:\Users\Steve Povey\Documents\IK Multimedia
    2014-10-28 15:58 - 2014-10-28 16:11 - 00000000 ____D () C:\Users\Steve Povey\Downloads\Amplitube

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-22 00:02 - 2013-12-29 04:52 - 02026398 _____ () C:\windows\WindowsUpdate.log
    2014-11-22 00:02 - 2013-08-28 08:36 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-11-22 00:01 - 2014-01-18 10:09 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3014982265-1691719775-2840682121-1001
    2014-11-22 00:00 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\system32\sru
    2014-11-21 23:58 - 2014-08-15 21:38 - 00157612 _____ () C:\Users\Steve Povey\Desktop\OTL.Txt
    2014-11-21 23:47 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\AppReadiness
    2014-11-21 23:46 - 2014-06-23 09:52 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-21 23:44 - 2014-06-16 10:20 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-11-21 23:34 - 2014-01-24 21:22 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-11-21 23:34 - 2013-12-29 05:06 - 00012800 _____ () C:\windows\system32\VfService.trf
    2014-11-21 23:34 - 2013-12-29 04:48 - 00130437 _____ () C:\windows\setupact.log
    2014-11-21 23:34 - 2013-08-22 14:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-11-21 23:29 - 2013-08-22 13:25 - 00786432 ___SH () C:\windows\system32\config\BBI
    2014-11-21 23:28 - 2013-08-28 08:34 - 00059776 _____ () C:\windows\PFRO.log
    2014-11-21 22:27 - 2014-01-18 10:03 - 00000000 ____D () C:\Users\Steve Povey
    2014-11-21 22:13 - 2014-08-20 08:16 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{AFDA89EB-C45C-46D1-AE92-7D48230FBB9A}
    2014-11-21 08:47 - 2014-01-18 10:04 - 00000000 ____D () C:\windows\System32\Tasks\WPD
    2014-11-21 02:17 - 2014-01-18 13:23 - 00000000 ____D () C:\Users\Steve Povey\AppData\Local\CrashDumps
    2014-11-19 23:50 - 2014-09-04 21:55 - 00000000 ____D () C:\Users\Steve
    2014-11-19 23:25 - 2014-09-04 22:00 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3014982265-1691719775-2840682121-1005
    2014-11-19 23:12 - 2013-12-29 05:07 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
    2014-11-19 23:11 - 2014-09-04 21:56 - 00003918 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{33501732-8CE0-42EE-BB38-ADE238A3E539}
    2014-11-19 19:18 - 2014-08-18 11:30 - 00036352 ___SH () C:\Users\Steve Povey\Desktop\Thumbs.db
    2014-11-19 19:03 - 2014-03-14 17:48 - 00020992 ___SH () C:\Users\Steve Povey\Downloads\Thumbs.db
    2014-11-19 18:58 - 2013-12-29 05:04 - 00000000 ____D () C:\ProgramData\Temp
    2014-11-19 18:57 - 2014-07-09 22:54 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2014-11-19 01:12 - 2013-08-22 15:20 - 00000000 ____D () C:\windows\CbsTemp
    2014-11-18 09:17 - 2013-08-22 19:12 - 00000000 ____D () C:\windows\ShellNew
    2014-11-15 11:32 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\rescache
    2014-11-15 09:45 - 2014-01-21 19:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-15 09:45 - 2013-08-22 14:44 - 00371368 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-11-15 09:44 - 2014-07-09 21:25 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-11-15 09:44 - 2013-08-22 15:36 - 00000000 ___RD () C:\windows\ToastData
    2014-11-15 09:44 - 2013-08-22 15:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
    2014-11-15 09:44 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-11-15 09:44 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-11-15 09:44 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-11-15 09:44 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-11-14 18:37 - 2014-04-12 20:01 - 00002053 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
    2014-11-14 18:37 - 2014-04-12 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
    2014-11-14 18:37 - 2013-12-29 04:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-11-14 18:37 - 2013-12-29 04:49 - 00439770 _____ () C:\windows\DPINST.LOG
    2014-11-14 13:05 - 2014-01-26 12:34 - 00000000 ____D () C:\Users\Steve Povey\AppData\Roaming\Audacity
    2014-11-13 09:21 - 2014-01-20 19:05 - 00000000 ____D () C:\windows\system32\MRT
    2014-11-13 09:18 - 2014-01-20 19:05 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-11-12 10:11 - 2014-02-08 01:44 - 00000000 ____D () C:\Users\Steve Povey\AppData\Roaming\Nitro PDF
    2014-11-11 20:35 - 2014-01-24 21:22 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-10 08:26 - 2014-08-18 11:30 - 00014192 _____ () C:\Users\Steve Povey\Desktop\Spurs Prediction.ods
    2014-11-07 14:33 - 2014-06-23 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-07 14:33 - 2014-06-23 09:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-07 14:33 - 2014-01-24 21:02 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-30 11:25 - 2014-02-18 18:39 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-10-30 00:55 - 2013-08-22 15:38 - 00714208 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-10-30 00:55 - 2013-08-22 15:38 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-10-28 21:02 - 2014-02-09 23:54 - 598530042 _____ () C:\windows\MEMORY.DMP
    2014-10-28 21:02 - 2014-02-09 23:54 - 00000000 ____D () C:\windows\Minidump
    2014-10-28 17:47 - 2014-09-25 13:55 - 00003718 _____ () C:\windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-11 18:53

    ==================== End Of Log ============================







    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014
    Ran by Steve Povey at 2014-11-22 00:08:22
    Running from C:\Users\Steve Povey\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.3.0.1 - Absolute Software)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    BD_3D Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.7510 - CyberLink Corp.)
    Cisco WebEx Meetings (HKU\S-1-5-21-3014982265-1691719775-2840682121-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Custom Shop version 1.5.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.5.0 - IK Multimedia)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
    CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
    Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
    Dragon Assistant Application en-GB version 1.5.8 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.8 - Nuance Communications, Inc.)
    Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.)
    Dragon Assistant Installer version 1.5.8 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.8 - Nuance Communications, Inc.)
    Dragon Assistant Language Data en-GB version 1.1.3 (HKLM-x32\...\{CA54E6DD-70F8-4AE5-8427-522A52FC4408}_is1) (Version: 1.1.3 - Nuance Communications, Inc.)
    Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.38 - Lenovo)
    Energy Manager (x32 Version: 1.0.1.38 - Lenovo) Hidden
    Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    IK Multimedia Authorization Manager version 1.0.10 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.10 - IK Multimedia)
    Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
    Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
    Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{e1172fd4-a6d9-4cfa-8256-268f728fec31}) (Version: 16.5.3 - Intel Corporation)
    Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
    Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
    Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo)
    Lenovo Motion Control (HKLM-x32\...\InstallShield_{A800D2BF-2F0D-4899-B265-C91C90981E8C}) (Version: 2.0.0.0829 - PointGrab)
    Lenovo Motion Control (x32 Version: 2.0.0.0829 - PointGrab) Hidden
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
    Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.0 - Lenovo)
    Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.8211 - Lenovo)
    Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
    Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.3 - Lenovo)
    Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.3 - Lenovo) Hidden
    Line 6 Driver2 SonicPortVX v1.52 Uninstaller (HKLM-x32\...\Line 6 Driver2 SonicPortVX Uninstaller) (Version: - Line 6)
    Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Mozilla Firefox 33.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-GB)) (Version: 33.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Nitro Pro 8 (HKLM\...\{2269F0D5-DE47-4313-9003-BB6357919314}) (Version: 8.5.5.7 - Nitro)
    OpenOffice 4.0.1 (HKLM-x32\...\{24B89186-2A56-4D28-B930-6F4FCF224E2F}) (Version: 4.01.9714 - Apache Software Foundation)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
    ReminderInstaller (HKLM-x32\...\InstallShield_{48B99BC9-CEB0-485E-96B1-4609BC86D2DE}) (Version: 1.00.0000 - Absolute Software.)
    ReminderInstaller (x32 Version: 1.00.0000 - Absolute Software.) Hidden
    Sony PC Companion 2.10.235 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.235 - Sony)
    SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.7 - Synaptics Incorporated)
    UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
    UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
    Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.00.013.0731 - Lenovo)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3014982265-1691719775-2840682121-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    CustomCLSID: HKU\S-1-5-21-3014982265-1691719775-2840682121-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)

    ==================== Restore Points =========================

    03-11-2014 12:39:40 Scheduled Checkpoint
    10-11-2014 18:58:43 Scheduled Checkpoint
    18-11-2014 12:49:39 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {36371B86-3FCE-440A-969B-615EDFF5C3F5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
    Task: {56BF2EFC-3E86-4CF1-BDBC-6BAB87E2D8B9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-29] (Synaptics Incorporated)
    Task: {674C2846-0AFC-4EEF-B3B0-27D0674A676E} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-06-03] (Lenovo)
    Task: {678F5C43-BDBC-4CAA-8246-7C217DC92F25} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2013-12-29] (Lenovo)
    Task: {91978C43-C4F7-4B64-A809-136D2FC95F32} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
    Task: {B8EB09B0-90A7-4236-B791-E10589E18D85} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
    Task: {BCF7A417-A654-4886-9DD8-94FB73F83527} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-08-02 01:31 - 2013-08-02 01:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    2013-08-02 01:31 - 2013-08-02 01:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
    2013-08-02 01:31 - 2013-08-02 01:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
    2013-12-29 05:05 - 2012-04-24 10:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2013-12-29 05:06 - 2013-12-29 05:06 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    2013-12-29 05:06 - 2013-12-29 05:06 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
    2013-12-29 05:06 - 2013-12-29 05:06 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
    2013-12-29 05:06 - 2013-12-29 05:06 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
    2013-12-29 05:06 - 2013-12-29 05:06 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
    2014-04-12 20:01 - 2014-06-23 08:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
    2013-12-29 05:02 - 2013-07-31 23:32 - 00034288 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Lenovo.YogaPicks.Utils.dll
    2013-12-29 05:06 - 2013-12-29 05:06 - 00161792 _____ () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
    2013-12-29 05:06 - 2013-05-02 19:26 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
    2013-12-29 05:06 - 2013-05-02 19:26 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
    2013-12-29 05:06 - 2013-05-02 19:26 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
    2013-12-29 05:06 - 2013-05-02 19:26 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
    2013-12-29 05:06 - 2013-05-02 19:26 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
    2013-12-29 05:06 - 2013-05-02 19:26 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
    2013-12-29 05:06 - 2013-05-02 19:25 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
    2013-12-29 04:50 - 2013-08-08 20:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2013-12-29 05:06 - 2013-12-29 05:06 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\3200\TransitionLib.dll
    2013-12-29 05:06 - 2013-12-29 05:06 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
    2014-04-12 20:01 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
    2014-04-12 20:01 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
    2013-12-29 05:06 - 2013-12-29 05:06 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3014982265-1691719775-2840682121-500 - Administrator - Disabled)
    Guest (S-1-5-21-3014982265-1691719775-2840682121-501 - Limited - Enabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-3014982265-1691719775-2840682121-1003 - Limited - Enabled)
    Steve Povey (S-1-5-21-3014982265-1691719775-2840682121-1001 - Administrator - Enabled) => C:\Users\Steve Povey

    ==================== Faulty Device Manager Devices =============

    Name: UMDF HID minidriver Device
    Description: UMDF HID minidriver Device
    Class Guid: {177b1d2a-679c-4093-98bf-fd6999695d3b}
    Manufacturer: Lenovo
    Service: mshidumdf
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/21/2014 09:17:46 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: Lenovo)
    Description: Windows cannot delete the profile directory C:\Users\test.Lenovo.001. This error may be caused by files in this directory being used by another program.

    DETAIL - The directory is not empty.

    Error: (11/21/2014 08:47:40 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (11/21/2014 08:42:47 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: Lenovo)
    Description: Windows cannot delete the profile directory C:\Users\test.Lenovo.000. This error may be caused by files in this directory being used by another program.

    DETAIL - The directory is not empty.

    Error: (11/21/2014 08:41:49 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Yoga Picks.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: exception code c0020001, exception address 00007FFEFBEC606C
    Stack:

    Error: (11/21/2014 08:33:32 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (11/21/2014 03:59:30 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: Lenovo)
    Description: Windows cannot delete the profile directory C:\Users\test2.Lenovo. This error may be caused by files in this directory being used by another program.

    DETAIL - The directory is not empty.

    Error: (11/21/2014 03:55:01 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: Lenovo)
    Description: Windows cannot delete the profile directory C:\Users\test.Lenovo. This error may be caused by files in this directory being used by another program.

    DETAIL - The directory is not empty.

    Error: (11/21/2014 02:47:26 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (11/21/2014 02:35:28 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (11/21/2014 02:19:39 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: Lenovo)
    Description: Windows cannot delete the profile directory C:\Users\Test. This error may be caused by files in this directory being used by another program.

    DETAIL - The directory is not empty.


    System errors:
    =============
    Error: (11/21/2014 11:43:05 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
    Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}LenovoGuestS-1-5-21-3014982265-1691719775-2840682121-501LocalHost (Using LRPC)UnavailableUnavailable

    Error: (11/21/2014 11:43:04 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
    Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}LenovoGuestS-1-5-21-3014982265-1691719775-2840682121-501LocalHost (Using LRPC)UnavailableUnavailable

    Error: (11/21/2014 11:43:03 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
    Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}LenovoGuestS-1-5-21-3014982265-1691719775-2840682121-501LocalHost (Using LRPC)UnavailableUnavailable

    Error: (11/21/2014 11:37:52 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
    Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}LenovoGuestS-1-5-21-3014982265-1691719775-2840682121-501LocalHost (Using LRPC)UnavailableUnavailable

    Error: (11/21/2014 11:37:52 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
    Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}LenovoGuestS-1-5-21-3014982265-1691719775-2840682121-501LocalHost (Using LRPC)UnavailableUnavailable

    Error: (11/21/2014 11:37:50 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
    Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}LenovoGuestS-1-5-21-3014982265-1691719775-2840682121-501LocalHost (Using LRPC)UnavailableUnavailable

    Error: (11/21/2014 11:35:09 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
    Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}LenovoGuestS-1-5-21-3014982265-1691719775-2840682121-501LocalHost (Using LRPC)UnavailableUnavailable

    Error: (11/21/2014 11:35:09 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
    Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}LenovoGuestS-1-5-21-3014982265-1691719775-2840682121-501LocalHost (Using LRPC)UnavailableUnavailable

    Error: (11/21/2014 11:35:07 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
    Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}LenovoGuestS-1-5-21-3014982265-1691719775-2840682121-501LocalHost (Using LRPC)UnavailableUnavailable

    Error: (11/21/2014 11:31:16 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo)
    Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}LenovoGuestS-1-5-21-3014982265-1691719775-2840682121-501LocalHost (Using LRPC)UnavailableUnavailable


    Microsoft Office Sessions:
    =========================
    Error: (11/21/2014 09:17:46 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: Lenovo)
    Description: C:\Users\test.Lenovo.001The directory is not empty.

    Error: (11/21/2014 08:47:40 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0"C:\windows\system32\L6DriverControlPanel.cpl

    Error: (11/21/2014 08:42:47 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: Lenovo)
    Description: C:\Users\test.Lenovo.000The directory is not empty.

    Error: (11/21/2014 08:41:49 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Yoga Picks.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: exception code c0020001, exception address 00007FFEFBEC606C
    Stack:

    Error: (11/21/2014 08:33:32 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0"C:\windows\system32\L6DriverControlPanel.cpl

    Error: (11/21/2014 03:59:30 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: Lenovo)
    Description: C:\Users\test2.LenovoThe directory is not empty.

    Error: (11/21/2014 03:55:01 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: Lenovo)
    Description: C:\Users\test.LenovoThe directory is not empty.

    Error: (11/21/2014 02:47:26 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0"C:\windows\system32\L6DriverControlPanel.cpl

    Error: (11/21/2014 02:35:28 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0"C:\windows\system32\L6DriverControlPanel.cpl

    Error: (11/21/2014 02:19:39 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: Lenovo)
    Description: C:\Users\TestThe directory is not empty.


    CodeIntegrity Errors:
    ===================================
    Date: 2014-11-19 12:17:57.897
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-11-19 12:17:57.787
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-11-19 12:17:57.569
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-11-19 12:17:57.459
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-11-19 12:17:57.225
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-11-19 12:17:57.131
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-11-19 12:17:56.912
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-11-19 12:17:56.803
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-11-19 12:17:56.600
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-11-19 12:17:56.490
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
    Percentage of memory in use: 29%
    Total physical RAM: 8104.27 MB
    Available physical RAM: 5727.88 MB
    Total Pagefile: 16296.27 MB
    Available Pagefile: 13852.61 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.78 MB

    ==================== Drives ================================

    Drive c: (Windows8_OS) (Fixed) (Total:437.92 GB) (Free:360.8 GB) NTFS
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:13.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 476.9 GB) (Disk ID: 6DC96336)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================




    I suspect there may be a key logger too

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Please upload the file from your computer and scan the file at Virus total

    To use Virustotal go Here
    • Click the Choose File button in the middle of the screen. This will open a File Upload window.
    • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
      NOTE.. Only one file per scan


    drsetup.exe

    • This will put the file in the box on the Virustotal page.
    • Click the Scan it! button.
    • Please be patient while the file is scanned. It may take several minutes
    • Once the scan results appear, please provide them in your next reply, or copy and paste the Virustotal link(s) (URL) in your next reply

  5. #5
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default

    That's odd, the file isn't there now

  6. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror#2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      regfind
      drsetup.exe
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt

  7. #7
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default

    I'm not sure what I'm supposed to do with virustotal but I have tried other exe files in the rs folder such as services.exe & rspoolv.exe and the meter goes into the red

  8. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    I don't want those files scanned, I never told you to scan them. I want this file scanned drsetup.exe if you cant find that file use system look as outlined in post #6

  9. #9
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default

    SystemLook 30.07.11 by jpshortstuff
    Log created at 11:57 on 22/11/2014 by Steve Povey
    Administrator - Elevation successful
    WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

    No Context: regfind

    No Context: drsetup.exe

    -= EOF =-

  10. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    I messed the code up here it is

    Code:
    :regfind
    
    drsetup.exe
    Now put that in system look.

Page 1 of 3 123 LastLast