Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2017 01
Ran by T420 (18-04-2017 14:37:56)
Running from C:\Users\T420\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-08-22 09:44:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1107789336-688124548-375353748-500 - Administrator - Disabled)
Guest (S-1-5-21-1107789336-688124548-375353748-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1107789336-688124548-375353748-1002 - Limited - Enabled)
T420 (S-1-5-21-1107789336-688124548-375353748-1000 - Administrator - Enabled) => C:\Users\T420

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.6 - Adobe Systems Incorporated)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Age Of Empires II HD v2.5 [LAN Edition] (HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\Age Of Empires II HD v2.5 [LAN Edition]) (Version:  - )
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version:  - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version:  - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version:  - Microsoft)
Autodesk Fusion 360 (HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.2865 - Autodesk, Inc.)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM-x32\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry)
BlackBerry Blend (x32 Version: 1.2.0.50 - BlackBerry Ltd.) Hidden
BlackBerry Communication Drivers (x32 Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Device Drivers (x32 Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Link (x32 Version: 1.2.4.39 - BlackBerry) Hidden
BlackBerry Link Remover (x32 Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
Commandos: Behind Enemy Lines (HKLM-x32\...\Commandos: Behind Enemy Lines) (Version:  - )
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0222 - Disc Soft Ltd)
EAX Unified (HKLM-x32\...\EAX Unified) (Version:  - )
Evernote v. 6.4.2 (HKLM-x32\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
f.lux (HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\Flux) (Version:  - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
HWiNFO64 Version 5.32 (HKLM\...\HWiNFO64_is1) (Version: 5.32 - Martin Malík - REALiX)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.32.0 (HKLM-x32\...\{2D793E41-F598-1014-9984-F3B169A93F79}) (Version: 1.2.32.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1211 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.80.14 - Lenovo)
Lenovo Power Management Driver (Version: 1.67.12.14 - Lenovo) Hidden
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0045 - Lenovo)
Mafia Game (HKLM-x32\...\Mafia Game) (Version:  - )
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.2.0 - Mozilla)
OpenOffice 4.1.2 (HKLM-x32\...\{69D27D4C-36CE-4CB2-A290-C38B0A990955}) (Version: 4.12.9782 - Apache Software Foundation)
Oracle VM VirtualBox 5.1.2 (HKLM\...\{629314D8-8CB7-45F4-8C48-20EF2E330430}) (Version: 5.1.2 - Oracle Corporation)
Pale Moon 25.6.0 (x64 en-US) (HKLM\...\Pale Moon 25.6.0 (x64 en-US)) (Version: 25.6.0 - Moonchild Productions)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
pidgin-otr 4.0.1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.1 - Cypherpunks CA)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.10 - Lenovo Group Limited)
PuTTY release 0.68 (64-bit) (HKLM\...\{DB149DDE-903A-4B5E-93C4-46BBEC48F0C2}) (Version: 0.68.0.0 - Simon Tatham)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
SketchUp 2017 (HKLM\...\{BCA90A4C-9C6A-49D1-91F9-594A0BE02432}) (Version: 17.1.174 - Trimble, Inc.)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Software Intel(R) PROSet/Wireless WiFi (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
Spotify (HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\Spotify) (Version: 1.0.51.693.g6ea1e7f6 - Spotify AB)
SSDlife Pro (HKLM-x32\...\{6F104B6D-535A-4D27-9A11-8525368AEB1F}) (Version: 2.5.82 - BinarySense Inc.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
TPFanControl v0.62 (HKLM\...\{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1) (Version:  - troubadix)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vivaldi (HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\Vivaldi) (Version: 1.7.735.46 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VPN Unlimited 3.6 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 3.6 - KeepSolid Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1107789336-688124548-375353748-1000_Classes\CLSID\{0A220119-00E4-A1A0-5409-9807DDC27DAE}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1107789336-688124548-375353748-1000_Classes\CLSID\{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 -> C:\Users\T420\AppData\Local\Autodesk\webdeploy\production\f9042f554b0a0c3d14c46a7d9f3679baf42fdd2d\NPreview10.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {135C0202-584E-4E70-A0BB-E7BF6ACC806F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {225965FA-F821-481A-915A-3C6ADB899EE8} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {2C15505D-883C-4464-BFB0-2A66B51BCD8E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3DF9FF36-FC43-4F88-841B-5479C15D6E32} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe 
Task: {3F71B372-C54E-444F-BE08-FD5D5C06BD3D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {42BBE20A-FD81-4A41-8125-B31D481F190A} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-01-18] ()
Task: {68E4A358-021F-45DB-A062-811E5004028E} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2016-04-14] (Lenovo Group Limited)
Task: {7D717263-8048-4E39-A405-1ED3F277342E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8471BF14-F633-4939-8C31-915B5D2F50AC} - \AutoKMS -> No File <==== ATTENTION
Task: {85899464-2309-4160-B1EA-A802E359330E} - System32\Tasks\{DF04813F-289B-49B3-B7E1-68C7D50E7CC3} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Zunkayeco\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Zunkayeco\uninstall.dat" -a uninstallme 54F90008-F462-4483-91A0-D57FD265D337 DeviceId=2b3409e7-e4ff-7682-395c-21bedde90e42 BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
Task: {BF9B907A-5EE8-4244-86F2-B5F8F5B1A6C8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C70BF4FA-830A-4341-81E5-AA491C73ED5D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {CA0796F1-ED82-4A7E-A779-F0DC6E8F8EAB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DF3C0EF0-EC8F-4AE8-982D-97A254DC71C8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {E0ACA282-7D27-4DCB-B705-A378AC614549} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-12-12] (Oracle Corporation)
Task: {F3904EB0-CFA0-47C3-8BC4-09C8C884BEAA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {F5C48038-5B11-4B3C-B50C-8FDC05B76BC2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F6C76293-51D1-4FDF-AEB4-F51D17F57A6D} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-01-18] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\T420\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Simрle x264 Launchеr.lnk -> C:\Users\T420\AppData\Roaming\Browsers\exe.rehcnual_462x.bat (No File) <===== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2011-11-01 12:58 - 2011-11-01 12:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-08-22 13:13 - 2016-04-14 06:08 - 00107008 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2015-08-22 13:34 - 2013-11-01 03:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-05-20 14:00 - 2015-05-20 14:00 - 00688888 _____ () C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
2017-02-01 13:56 - 2017-01-18 17:36 - 00023416 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2017-01-04 20:40 - 2016-12-21 13:13 - 00104280 _____ () C:\Program Files (x86)\VPN Unlimited\enc.dll
2015-05-26 17:46 - 2015-05-26 17:46 - 00094208 _____ () C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll
2016-07-29 09:35 - 2017-03-23 07:12 - 67725936 _____ () C:\Users\T420\AppData\Roaming\Spotify\libcef.dll
2017-01-30 12:52 - 2017-01-30 12:52 - 01926632 ____R () C:\Program Files (x86)\Skype\Phone\roottools.dll
2016-10-31 18:45 - 2016-10-31 18:45 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2016-07-29 09:35 - 2017-03-23 07:12 - 01929840 _____ () C:\Users\T420\AppData\Roaming\Spotify\libglesv2.dll
2016-07-29 09:35 - 2017-03-23 07:12 - 00087152 _____ () C:\Users\T420\AppData\Roaming\Spotify\libegl.dll
2017-01-04 20:40 - 2016-12-21 13:13 - 01070424 _____ () C:\Program Files (x86)\VPN Unlimited\rpc_lib.dll
2017-01-04 20:40 - 2016-12-21 13:13 - 00747352 _____ () C:\Program Files (x86)\VPN Unlimited\open_vpn_wrapper_lib.dll
2017-01-04 20:40 - 2016-12-21 13:13 - 00046424 _____ () C:\Program Files (x86)\VPN Unlimited\qtkeychain.dll
2017-02-13 12:37 - 2017-02-07 21:28 - 01928824 _____ () C:\Users\T420\AppData\Local\Vivaldi\Application\1.7.735.46\libglesv2.dll
2017-02-13 12:37 - 2017-02-07 21:28 - 00087160 _____ () C:\Users\T420\AppData\Local\Vivaldi\Application\1.7.735.46\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78864583.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78864583.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-02-20 19:56 - 00000873 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1                   keystone.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1107789336-688124548-375353748-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\T420\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: AmoltoRecorder => "C:\Program Files (x86)\Amolto Call Recorder for Skype\AmoltoRecorder.exe" /minimized
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Bonus.SSR.FR12 => "C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{F99B6D28-0C0A-46D3-BBDF-9724F8E1C617}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CB9BC06E-E031-46E3-9894-59B13B99B5C1}] => (Allow) C:\Users\T420\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9BA13AB8-ED7E-4B8A-B919-FFC28B2F5CF4}] => (Allow) C:\Users\T420\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DF9F526A-1CB7-431B-88B9-CD646A3D8162}] => (Allow) C:\Users\T420\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3290B7A7-9EB4-4F16-B0CD-A4228C466B54}] => (Allow) C:\Users\T420\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C74B6F60-E2EC-4AD8-9C1F-9FDC54573555}] => (Allow) C:\Users\T420\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CFA29D87-3EEC-4CDE-9C12-9C166E1411EB}] => (Allow) C:\Users\T420\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{5E9C60F7-6A69-42F2-800F-264EFE555C13}C:\age of empires ii hd\game.dat] => (Allow) C:\age of empires ii hd\game.dat
FirewallRules: [UDP Query User{97E57CA9-6EB6-4F01-8F1D-DB615C16BA5A}C:\age of empires ii hd\game.dat] => (Allow) C:\age of empires ii hd\game.dat
FirewallRules: [{836BFE89-5D75-4868-89ED-4DEDDF8F44B2}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
FirewallRules: [{657417CB-EEE7-4C6C-AFCB-9592031A6B83}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\tunnel manager\PeerManager.exe
FirewallRules: [{846A0C92-EC44-45A5-BB84-9C48DBF7AF4E}] => (Allow) C:\Program Files (x86)\BlackBerry\BlackBerry Blend\desktopinvokeproxy.exe
FirewallRules: [TCP Query User{55591509-E38F-40CC-8218-6C96A265F33A}C:\hry\flat out 2\flatout2.exe] => (Allow) C:\hry\flat out 2\flatout2.exe
FirewallRules: [UDP Query User{EF21B59E-799A-46E5-B114-C404201F240F}C:\hry\flat out 2\flatout2.exe] => (Allow) C:\hry\flat out 2\flatout2.exe
FirewallRules: [TCP Query User{3517AB4A-BB39-423C-B673-F03CFCF75900}C:\users\t420\downloads\bulanci.exe] => (Allow) C:\users\t420\downloads\bulanci.exe
FirewallRules: [UDP Query User{C47ADCA1-6DAD-4FB3-88CF-2F7F5EFE674B}C:\users\t420\downloads\bulanci.exe] => (Allow) C:\users\t420\downloads\bulanci.exe
FirewallRules: [TCP Query User{362E9F06-0AC5-4DC2-80EA-D958E10D3ED8}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{86105E0D-3BA8-4F65-966C-837CFE719A48}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{6A05160D-E098-4108-A35F-A47E85C70284}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9D654EFF-340D-4098-BDD1-308DE335C294}] => (Allow) LPort=2869
FirewallRules: [{0A2D0B14-BCED-4363-AFC6-7F4737C1DDDC}] => (Allow) LPort=1900
FirewallRules: [{A7B0CF97-0A0D-4ED7-8E84-6F3CAF3D6DB7}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C967B247-197D-41F6-8292-2103D524D5EF}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{4FE44323-601F-4009-AD2A-2FB0C18980DC}C:\users\t420\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\t420\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BCF5F7D8-2B0D-4EC8-AF54-9E3908F314FA}C:\users\t420\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\t420\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F3919905-2217-445B-AA8B-803E5C04560F}C:\users\t420\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\t420\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2E563EAA-F42D-4E83-9D2D-6B2B211D0E51}C:\users\t420\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\t420\appdata\roaming\spotify\spotify.exe
FirewallRules: [{09088C6E-35F3-48DA-9C41-9EFA29B70D75}] => (Allow) C:\Users\T420\AppData\Local\Temp\inst_buychannel_06.exe
FirewallRules: [{705EB917-6C94-4001-B66F-8F4C89C32FD2}] => (Allow) C:\Users\T420\AppData\Local\Temp\inst_buychannel_06.exe
FirewallRules: [{6A93953F-2BC8-4877-BAD8-0C4D57653FC9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{89A5DC1A-230E-4CB8-B97A-2313905E8198}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{B1D5D7EB-AD84-4EA0-A687-B815E3B93A65}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E35ED72A-1734-4A55-8AA6-2BCDE9D9A4C1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{20255A07-0A95-4516-83D0-6B3D07ADBFBC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5FFE9F7D-5D4D-449D-A500-1D0CAE12E5AF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{E6F4CBB4-1314-42FF-A4C0-A37ED7273435}C:\users\t420\appdata\roaming\utorrent\updates\3.4.9_43085.exe] => (Allow) C:\users\t420\appdata\roaming\utorrent\updates\3.4.9_43085.exe
FirewallRules: [UDP Query User{350A7EB2-983B-42AD-8EFD-FDB80C4EBF7D}C:\users\t420\appdata\roaming\utorrent\updates\3.4.9_43085.exe] => (Allow) C:\users\t420\appdata\roaming\utorrent\updates\3.4.9_43085.exe
FirewallRules: [{140D4938-43BC-4DE0-8254-1FD2AC485A70}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{D3D87162-5500-4F00-A109-53B9A9261C6D}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{0F633318-18CE-4B45-902E-7ABF9E0CE668}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [{C62547BC-A4B0-43C8-9701-8ACB1FD87DBF}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [TCP Query User{85F8A4FC-2CEE-475E-B8B1-30B5E0EEDB53}L:\portableapps\pidginportable\app\pidgin\pidgin-portable.exe] => (Allow) L:\portableapps\pidginportable\app\pidgin\pidgin-portable.exe
FirewallRules: [UDP Query User{03C4F991-B870-482E-B48D-186A1263D79A}L:\portableapps\pidginportable\app\pidgin\pidgin-portable.exe] => (Allow) L:\portableapps\pidginportable\app\pidgin\pidgin-portable.exe
FirewallRules: [{CA00003A-441C-4889-A491-F841B8BD5B3E}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{F4FCB0EF-CA13-4122-811F-4CC679EB059A}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [TCP Query User{9A63009C-B250-4AB4-9089-C51F92A8B4E7}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [UDP Query User{E4CDBAC9-BB71-4612-88C2-44EF50909B6F}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe

==================== Restore Points =========================

17-03-2017 04:00:12 Windows Update
20-03-2017 18:34:37 Windows Update
29-03-2017 11:12:49 Windows Update
10-04-2017 13:04:17 Windows Update
10-04-2017 19:40:33 Installed SSDlife Pro
18-04-2017 08:23:32 Windows Update

==================== Faulty Device Manager Devices =============

Name: MpKslDrv
Description: MpKslDrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKslDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2017 02:17:30 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Local Hostname pythonp-t420.local already in use; will try pythonp-t420-2.local instead

Error: (04/18/2017 02:17:30 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 pythonp-t420.local. Addr 192.168.0.120

Error: (04/18/2017 02:17:30 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.120:5353   16 pythonp-t420.local. AAAA FE80:0000:0000:0000:6189:E193:CCEE:B43A

Error: (04/18/2017 02:17:29 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:    4 pythonp-t420.local. Addr 192.168.0.120

Error: (04/18/2017 02:17:29 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.120:5353   16 pythonp-t420.local. AAAA FE80:0000:0000:0000:6189:E193:CCEE:B43A

Error: (04/18/2017 02:14:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/18/2017 12:40:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

