Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Have a BLUE screen [Solved]


  • This topic is locked This topic is locked

#1
SvenT

SvenT

    Member

  • Member
  • PipPip
  • 32 posts

Hello,

 

yesterday when I started my Lenovo laptop, all I got was a blue screen.

I managed today to start it in safe mode, but all I could do was play around,

since this is beyond my knowledge.

Can anybody here help me?

 

Many thanks, Sven


  • 0

Advertisements


#2
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Hi,

 

started my computer in 'Safe Mode' since I needed a file, which I copied onto a stick. Since I was in 'Safe Mode' I thought, let's just restart my computer and see what happens.

Well, it started normal, meaning no blue screen. It is working rather slow, but working nonetheless.

 

Having looked at other threads here, I downloaded the FRST and am now posting the two logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2015
Ran by gismeu (administrator) on GIAMEU on 01-01-2015 23:24:16
Running from C:\Users\gismeu\Desktop
Loaded Profile: gismeu (Available profiles: gismeu & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
( ) C:\Windows\System32\lxducoms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft) C:\Program Files (x86)\Common Files\Lenovo\SUP\sup_wermonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\gismeu\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63376 2012-09-07] (Lenovo)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {52d012e3-d5ad-11e1-b991-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851e3-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851ea-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a606-d4a6-11e1-a63d-e89a8f581443} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a654-d4a6-11e1-a63d-e89a8f581443} - F:\setup_vmb_lite.exe /checkApplicationPresence
IFEO\pcdlauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> DefaultScope {7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {BB319545-1E2A-4CCE-B6B8-B88FFC6327EC} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {BB319545-1E2A-4CCE-B6B8-B88FFC6327EC} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> DefaultScope {7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9} URL =
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> {7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9} URL =
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> {BB319545-1E2A-4CCE-B6B8-B88FFC6327EC} URL =
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> {F50431DE-C870-49C9-B89B-3F6947D72D32} URL = http://search.yahoo....02,20028,0,85,0
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\gismeu\AppData\Roaming\Mozilla\Firefox\Profiles\apobfhff.default-1419554762374
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: @citrixonline.com/appdetectorplugin -> C:\Users\gismeu\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\gismeu\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Adblock Plus - C:\Users\gismeu\AppData\Roaming\Mozilla\Firefox\Profiles\apobfhff.default-1419554762374\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.790
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.790 [2014-08-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]

Chrome:
=======
CHR Profile: C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-24]
CHR Extension: (Google Wallet) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-05-07] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-05-07] (Alcatel-Lucent) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-11-21] (IBM Corp.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2253112 2014-07-14] (AVG)
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-07-14] (AVG)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2014-07-14] (AVG)
S4 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-14] (AVG Secure Search)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies)
S3 JMCR; C:\Windows\System32\DRIVERS\jmcr.sys [143320 2009-05-18] (JMicron Technology Corporation) [File not signed]
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 RapportCerberus_80083; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80083.sys [761720 2014-12-08] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445912 2014-11-21] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-11-21] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-11-21] (IBM Corp.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-01-01] ()
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 23:24 - 2015-01-01 23:27 - 00019989 _____ () C:\Users\gismeu\Desktop\FRST.txt
2015-01-01 23:23 - 2015-01-01 23:24 - 00000000 ____D () C:\FRST
2015-01-01 23:16 - 2015-01-01 23:17 - 02123264 _____ (Farbar) C:\Users\gismeu\Desktop\FRST64(1).exe
2014-12-30 15:12 - 2014-12-30 15:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 15:11 - 2014-12-31 11:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-30 15:11 - 2014-12-30 15:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-29 10:47 - 2014-12-29 13:31 - 00000000 ____D () C:\Users\gismeu\Desktop\USA TAX 2
2014-12-29 09:24 - 2014-12-29 10:17 - 00019884 _____ () C:\Users\gismeu\Desktop\LINDA SWISS CH.ods
2014-12-29 07:42 - 2014-12-29 07:42 - 00007142 _____ () C:\Users\gismeu\Desktop\smile recent items.htm
2014-12-29 07:42 - 2014-12-29 07:42 - 00000000 ____D () C:\Users\gismeu\Desktop\smile recent items_files
2014-12-28 15:26 - 2014-12-28 15:26 - 00024353 _____ () C:\Users\gismeu\Desktop\LINDA EURO final 2015.ods
2014-12-28 09:19 - 2014-12-28 15:25 - 00024353 _____ () C:\Users\gismeu\Desktop\LINDA EURO 12-28.ods
2014-12-24 16:05 - 2014-12-28 13:58 - 00023917 _____ () C:\Users\gismeu\Desktop\LINDA EURO 12-25.ods
2014-12-22 11:37 - 2014-12-24 16:02 - 00023845 _____ () C:\Users\gismeu\Desktop\LINDA EURO 12-23.ods
2014-12-19 22:38 - 2014-12-19 22:38 - 00000000 _____ () C:\Windows\SysWOW64\sho6C6A.tmp
2014-12-19 20:24 - 2014-12-19 20:24 - 00000000 _____ () C:\Windows\SysWOW64\sho1881.tmp
2014-12-19 19:46 - 2014-12-19 19:46 - 00002609 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvil Studio 2015.lnk
2014-12-19 19:46 - 2014-12-19 19:46 - 00000000 ____D () C:\Program Files (x86)\Anvil Studio 2015
2014-12-19 19:43 - 2014-12-19 19:46 - 00000000 ____D () C:\Users\gismeu\AppData\Local\Anvil Studio
2014-12-18 23:46 - 2014-12-18 23:46 - 00000000 _____ () C:\Windows\SysWOW64\sho7149.tmp
2014-12-18 09:05 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 09:05 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 16:03 - 2014-12-16 16:03 - 00011368 _____ () C:\Users\gismeu\Desktop\TOS.odt
2014-12-15 22:16 - 2014-12-15 22:16 - 00000000 _____ () C:\Windows\SysWOW64\shoD809.tmp
2014-12-15 17:06 - 2014-12-15 17:41 - 00022713 _____ () C:\Users\gismeu\Desktop\LINDA EURO 12-15.ods
2014-12-14 13:52 - 2014-12-14 13:52 - 00080384 _____ () C:\Users\gismeu\Desktop\LINDA 12-14 final.xls
2014-12-14 13:50 - 2014-12-14 13:50 - 00047616 _____ () C:\Users\gismeu\Desktop\LINDA test 12-14.xls
2014-12-14 13:28 - 2014-12-14 13:47 - 00022860 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 12-14 version 2.ods
2014-12-14 11:29 - 2014-12-14 13:27 - 00022946 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 12-14.ods
2014-12-13 14:02 - 2014-12-13 14:02 - 00009459 _____ () C:\Users\gismeu\Desktop\LINDA SWISS final.xlsx
2014-12-13 13:06 - 2014-12-13 13:06 - 00014348 _____ () C:\Users\gismeu\Desktop\LINDA new 12-13.xlsx
2014-12-13 12:52 - 2014-12-13 13:47 - 00011472 _____ () C:\Users\gismeu\Desktop\SWISS  12-13.ods
2014-12-13 11:28 - 2014-12-13 11:28 - 00049664 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 1 update.xls
2014-12-13 11:27 - 2014-12-14 11:29 - 00022956 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 1 12-13-2.ods
2014-12-13 10:52 - 2014-12-13 10:52 - 00049664 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 1 12-13 MS.xls
2014-12-13 08:15 - 2014-12-13 08:50 - 00022125 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 1 12-13 reserve.ods
2014-12-13 07:53 - 2014-12-13 11:25 - 00022494 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 1 12-13.ods
2014-12-12 20:34 - 2014-12-12 22:18 - 00021880 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 1 reserve reserve.ods
2014-12-12 20:30 - 2014-12-13 07:45 - 00021994 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 1 reserve.ods
2014-12-12 17:59 - 2014-12-12 20:07 - 00094208 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 1.xls
2014-12-12 10:12 - 2014-12-12 12:57 - 00049664 _____ () C:\Users\gismeu\Desktop\LINDA 2 MS.xls
2014-12-12 10:10 - 2014-12-12 10:10 - 00021037 _____ () C:\Users\gismeu\Desktop\LINDA 2.ods
2014-12-10 17:11 - 2014-12-10 17:11 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 16:06 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 16:06 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 11:33 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 11:33 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 11:33 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 11:33 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 11:33 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 11:33 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 11:33 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 11:33 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 11:33 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 11:33 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 11:33 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 11:32 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 11:32 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 11:32 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 11:32 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 11:32 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 11:32 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 11:32 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 11:32 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 11:32 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 11:32 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 11:32 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 11:32 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 11:32 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 11:32 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 11:32 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 11:32 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 11:32 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 11:32 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 11:32 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 11:32 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 11:32 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 11:32 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 11:32 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 11:32 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 11:32 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 11:32 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 11:32 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 11:32 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 11:32 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 11:32 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 11:32 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 11:32 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 11:32 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 11:32 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 11:32 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 11:32 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 11:32 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 11:32 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 11:32 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 11:32 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 11:32 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 11:32 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 11:32 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 11:32 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 11:32 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 11:32 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 11:32 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 11:32 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 11:32 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 11:32 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 11:32 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 11:32 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 11:32 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 11:32 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 11:32 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 11:32 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 11:32 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 11:32 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 11:32 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 11:32 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 11:32 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 11:32 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 11:32 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 11:32 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 11:32 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 11:32 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 11:32 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 11:32 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 23:17 - 2014-12-10 11:43 - 00018917 _____ () C:\Users\gismeu\Desktop\MEET AND MIX.odt
2014-12-09 10:00 - 2014-12-31 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-08 19:28 - 2014-12-08 19:28 - 00000000 _____ () C:\Windows\SysWOW64\sho9BF6.tmp
2014-12-07 11:25 - 2014-12-07 11:25 - 00775968 _____ (Reimage®) C:\Users\gismeu\Downloads\ReimageRepair.exe
2014-12-03 15:19 - 2014-12-03 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6300 series
2014-12-03 15:16 - 2014-12-03 15:16 - 00000000 ____D () C:\Windows\SysWOW64\STRING
2014-12-03 15:14 - 2014-12-03 15:14 - 26553504 _____ () C:\Users\gismeu\Downloads\mast-win-mg6300-1_0-ucd.exe
2014-12-02 22:12 - 2014-12-04 16:01 - 00019686 _____ () C:\Users\gismeu\Desktop\temp.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 23:24 - 2014-06-14 20:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-01 23:12 - 2011-06-10 13:47 - 02074650 _____ () C:\Windows\WindowsUpdate.log
2015-01-01 23:10 - 2014-05-28 22:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-01 23:01 - 2009-07-14 00:13 - 00868630 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-01 23:01 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-01 23:01 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-01 22:58 - 2014-11-21 17:46 - 00000000 ____D () C:\ProgramData\MCShield
2015-01-01 22:53 - 2014-09-14 07:13 - 00002848 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2015-01-01 22:53 - 2014-09-14 07:13 - 00000420 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2015-01-01 22:49 - 2012-10-12 12:00 - 00000424 _____ () C:\Users\gismeu\MASTER
2015-01-01 22:49 - 2012-09-28 23:48 - 00001536 _____ () C:\Users\gismeu\EMASTER
2015-01-01 22:49 - 2011-07-28 23:47 - 00000000 ____D () C:\Users\gismeu
2015-01-01 22:47 - 2014-02-20 12:30 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000.job
2015-01-01 22:44 - 2013-07-02 09:47 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-01 22:37 - 2013-11-27 06:49 - 00170828 _____ () C:\Users\gismeu\F14.DAT
2015-01-01 22:37 - 2013-10-11 19:21 - 00119560 _____ () C:\Users\gismeu\F13.DAT
2015-01-01 22:37 - 2013-06-10 08:33 - 00141708 _____ () C:\Users\gismeu\F11.DAT
2015-01-01 22:37 - 2011-08-05 11:30 - 00306684 _____ () C:\Users\gismeu\F3.DAT
2015-01-01 22:36 - 2014-09-14 07:13 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-01-01 22:35 - 2014-06-14 20:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-01 22:34 - 2014-02-20 23:09 - 00075410 _____ () C:\Windows\setupact.log
2015-01-01 22:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-31 11:42 - 2011-06-10 14:00 - 00000000 ____D () C:\swshare
2014-12-31 11:32 - 2013-01-30 13:21 - 00000000 ____D () C:\Users\DefaultAppPool
2014-12-31 11:32 - 2011-06-10 14:14 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-12-31 11:31 - 2013-08-01 01:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-12-31 11:31 - 2011-08-07 11:10 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-31 11:31 - 2011-07-29 00:31 - 00000000 ____D () C:\Program Files (x86)\thinkorswim
2014-12-31 11:31 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-31 11:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-31 11:30 - 2013-01-30 13:21 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-31 11:30 - 2013-01-30 13:21 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Trusteer
2014-12-31 11:30 - 2011-08-02 00:22 - 00000000 ____D () C:\Users\gismeu\AppData\Roaming\SoftGrid Client
2014-12-31 11:30 - 2011-07-29 14:03 - 00000000 ____D () C:\Users\gismeu\AppData\Roaming\Skype
2014-12-31 11:28 - 2011-07-29 14:02 - 00000000 ____D () C:\ProgramData\Skype
2014-12-31 11:27 - 2014-11-30 21:53 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-31 11:27 - 2011-08-02 00:27 - 00000000 __RHD () C:\MSOCache
2014-12-30 23:07 - 2013-07-02 09:47 - 00000000 ____D () C:\Users\gismeu\AppData\Local\Avg2013
2014-12-30 16:10 - 2013-11-01 07:46 - 00605277 _____ () C:\Users\gismeu\Desktop\AAA 2014.ods
2014-12-30 11:55 - 2012-07-24 04:14 - 00078482 _____ () C:\Users\gismeu\Desktop\FFO 2014.odt
2014-12-30 09:18 - 2011-07-30 03:16 - 00159689 _____ () C:\Users\gismeu\Desktop\REFERENCE 3-9-08 April 09.ods
2014-12-29 20:08 - 2014-08-29 21:10 - 00087584 _____ () C:\Users\gismeu\F23.DAT
2014-12-29 19:54 - 2014-04-19 18:49 - 00071288 _____ () C:\Users\gismeu\F17.DAT
2014-12-29 19:54 - 2014-03-26 11:40 - 00120596 _____ () C:\Users\gismeu\F16.DAT
2014-12-25 21:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-25 19:46 - 2013-12-21 10:13 - 00000000 ____D () C:\Users\gismeu\Desktop\Old Firefox Data
2014-12-25 19:11 - 2009-07-14 00:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-24 13:05 - 2013-04-14 20:45 - 00000000 ____D () C:\Users\gismeu\.thinkorswim
2014-12-24 12:21 - 2013-08-06 01:31 - 00000000 ____D () C:\Users\gismeu\Desktop\EMIN
2014-12-24 10:43 - 2014-02-20 12:30 - 00003592 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000
2014-12-22 13:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-20 13:59 - 2014-02-20 23:09 - 00355824 _____ () C:\Windows\PFRO.log
2014-12-19 19:46 - 2014-03-01 09:32 - 00002597 _____ () C:\Users\Public\Desktop\Anvil Studio.lnk
2014-12-19 18:18 - 2014-05-28 22:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-19 18:18 - 2014-05-28 22:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-19 18:18 - 2014-05-28 22:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-19 18:18 - 2014-05-28 10:51 - 00000000 ____D () C:\Users\gismeu\AppData\Local\Adobe
2014-12-15 22:14 - 2012-10-17 09:12 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-12-15 08:00 - 2011-07-29 00:48 - 00000000 ____D () C:\Jts
2014-12-14 14:55 - 2012-03-27 06:02 - 00000000 ____D () C:\Users\gismeu\AppData\Local\CrashDumps
2014-12-14 12:30 - 2012-07-10 10:43 - 00066188 _____ () C:\Users\gismeu\Desktop\ABRAHAM.odt
2014-12-14 11:28 - 2012-08-17 11:06 - 00000000 ____D () C:\Users\gismeu\Desktop\USA TAX
2014-12-12 11:16 - 2014-05-28 10:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 17:11 - 2014-05-06 11:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 17:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 17:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 16:20 - 2013-08-03 02:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 16:08 - 2011-07-30 12:05 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 09:34 - 2014-05-09 17:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-09 20:20 - 2014-06-14 20:39 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-03 15:20 - 2014-01-06 11:52 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-12-03 15:18 - 2014-01-06 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-12-03 15:18 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media

Files to move or delete:
====================
C:\Users\gismeu\F11.DAT
C:\Users\gismeu\F13.DAT
C:\Users\gismeu\F14.DAT
C:\Users\gismeu\F16.DAT
C:\Users\gismeu\F17.DAT
C:\Users\gismeu\F23.DAT
C:\Users\gismeu\F3.DAT


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 21:25

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2015
Ran by gismeu at 2015-01-01 23:29:41
Running from C:\Users\gismeu\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Anvil Studio (HKLM-x32\...\{B2D2B7EF-2D0F-4E54-97DE-ED1445501B52}) (Version: 14.02.03 - Willow Software)
Anvil Studio 2012 (HKLM-x32\...\{29DFE555-55E2-48EC-BB5B-64E4B277674F}) (Version: 12.09.02 - Willow Software)
Anvil Studio 2015 (HKLM-x32\...\{CB7212EA-21F9-4EF4-B289-9D69E28EE68D}) (Version: 15.01.11 - Willow Software)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4253 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.519 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.790 - AVG Technologies)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.)
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DriverUpdate (HKLM-x32\...\{E2A3A216-9DFE-4EC1-AA69-162588FEF014}) (Version: 2.2.36929 - SlimWare Utilities, Inc.)
Gannalyst Professional 5.0 (HKLM-x32\...\Gannalyst Professional 5.0_is1) (Version:  - Gannalyst.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 6.4.9.2128 (HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\GoToMeeting) (Version: 6.4.9.2128 - CitrixOnline)
HQuote (HKLM-x32\...\HQuote) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\{986AB50A-A527-4F6D-8E8B-87FC3F0C2DBA}) (Version: 3.6.0006 - Lenovo)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QTrader (HKLM-x32\...\{41E28620-030B-4961-B4F5-8FB8E690582B}) (Version: 15.7.802 - CQG)
Rapport (Version: 3.5.1205.12 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1404.34 - Trusteer) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
SE_Aspectarian v1.26 (HKLM-x32\...\SE_Aspectarian_is1) (Version:  - Allen Edwall/AstroWin)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Sonic Icons for Lenovo (HKLM-x32\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StarFisher (HKLM-x32\...\{21C17FA8-28CA-4F00-80F1-1F96FACEC060}_is1) (Version: 0.8.5.4 - Tomas Kubec - OrionSoft)
thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.15 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.30 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.97 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.72 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.42 - Lenovo)
Timing Solution Demo Version (HKLM-x32\...\Timing Solution Demo Version) (Version:  - )
Trader Excel Add-In 3.3 (HKLM-x32\...\Trader Excel Add-In_is1) (Version:  - Open E Cry, LLC)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.34 - Trusteer)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Driver Package - Intel (iaStor) hdc  (01/15/2010 9.5.7.1002) (HKLM\...\C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6) (Version: 01/15/2010 9.5.7.1002 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wise Program Uninstaller 1.65 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.65 - WiseCleaner.com, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\gismeu\AppData\Local\Citrix\GoToMeeting\2031\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

08-12-2014 21:18:36 Installed Rapport
10-12-2014 16:04:59 Windows Update
12-12-2014 16:09:43 Windows Update
18-12-2014 16:10:17 Windows Update
19-12-2014 19:45:04 Installed Anvil Studio 2015
26-12-2014 16:39:30 Installed Rapport

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01BD4E26-55E1-4F64-A5B7-7BE8CCC58C7F} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {147478B3-293E-46BF-B3BA-F0E4624189FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {19E4F08B-6F45-4DA3-AFDC-82EBC3FB5FC9} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {1C11B708-2EAC-4C4C-BEB7-12E972593D0F} - System32\Tasks\{461E9536-DC2A-4586-B52E-AD3DC3ACDDEE} => Firefox.exe http://ui.skype.com/...all?page=tsBing
Task: {1E5DA755-3AC4-4A80-AEDB-D66D899830A0} - System32\Tasks\{D48658BC-119B-4EE2-B4BC-3F743CE316F3} => Firefox.exe http://ui.skype.com/...?LastError=1603
Task: {2AAE27B3-8E01-4F5B-B1B3-539CC89318F3} - System32\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000 => C:\Users\gismeu\AppData\Local\Citrix\GoToMeeting\2128\g2mupdate.exe [2014-12-24] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {349D0914-E27A-40E7-91EA-E41AEEBF1514} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {41555BD1-F810-401A-9588-CEF2DB8C2C6D} - System32\Tasks\{3FCE6A68-FD74-4753-B886-321A23DBD7A6} => pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {464FB591-1A29-443F-A4A6-0B274ED07034} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {480EEA42-2AE7-40BD-9D0F-7BD98812C179} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {490B67E5-A0C6-4D4B-8CF7-9C7F7A9CDB53} - System32\Tasks\RunSmartLeapServiceCenter => C:\Users\gismeu\Downloads\ServiceCenter.exe
Task: {5BE35628-9A9E-4B25-A002-D4B0A6FD4E26} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {6283A799-2A08-42B1-8366-73F1C2ACECED} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {670BC3EA-8C7A-42B2-B6CF-C3908B9C662A} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-24] (Lenovo Group Limited)
Task: {695244D2-9FC2-4885-962A-B66039EF1556} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
Task: {6E860934-FD7A-4877-91B4-02C9A52ED227} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Task: {6FFD2AE0-FE74-41D7-A013-467AF8A55D12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {809CDCC8-01C7-48C5-A681-46F5668C3403} - System32\Tasks\Trader Workstation Update => C:\Jts\WiseUpdt.exe
Task: {9FB5B7AD-C22D-4BA1-9505-93776C4C9C54} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {A5169FF6-1BF6-4260-8019-B3B630965D19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A6B698F0-4533-4944-80CF-E465149EEA4A} - System32\Tasks\{340124C1-FB07-4F34-A3AE-B6C9FA5F6778} => pcalua.exe -a "C:\Program Files (x86)\MetaTrader 4\Uninstall.exe"
Task: {B06A406B-B5CB-4592-85A8-EB2CA4A89803} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {B76104BB-182B-45BB-AA97-F0F5A96544EA} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {BB937074-419E-4BFF-ADF5-99F7D6CF68AC} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {CB1E2433-84A1-42FE-AE06-2BE2C33C5543} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-07-14] (AVG)
Task: {CF9B59CC-59CB-40ED-BD0B-D7F793A158FE} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2014-03-19] (SlimWare Utilities, Inc.)
Task: {DCD9FD18-D5D5-46DC-9334-7A1A437D3098} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {DEF1B57B-E5CE-4801-8D9B-32B4E2664242} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {E71D1494-3944-4B69-B30B-3920DC9EDC72} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {E9009AD7-5EC2-4ADA-ACFD-41BB62DE1F44} - System32\Tasks\Message Center plus => C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000.job => C:\Users\gismeu\AppData\Local\Citrix\GoToMeeting\2128\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2009-09-21 17:04 - 2009-09-21 17:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2008-08-25 05:02 - 2008-08-25 05:02 - 00027648 _____ () C:\Windows\System32\DELG1L6.DLL
2014-05-28 10:20 - 2011-02-28 17:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2012-09-28 21:59 - 2009-10-16 18:07 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll
2014-07-14 05:26 - 2014-07-14 05:26 - 00699704 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2014-07-14 05:26 - 2014-07-14 05:26 - 00407864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tuavga.dll
2014-05-14 11:45 - 2014-05-14 11:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2012-09-06 22:18 - 2012-09-06 22:18 - 00086016 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2014-12-09 10:00 - 2014-12-09 10:00 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: RapportMgmtService => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SUService => 3
MSCONFIG\Services: ThinkVantage Registry Monitor Service => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: TVT Backup Service => 3
MSCONFIG\Services: vToolbarUpdater18.1.9 => 2
MSCONFIG\startupfolder: C:^Users^gismeu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk.Startup
MSCONFIG\startupfolder: C:^Users^gismeu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: HP Officejet 4620 series (NET) => "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN35T3403D05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: Launch Backup Service Once => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe -start
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-4102688973-2130496443-4087980055-500 - Administrator - Disabled)
gismeu (S-1-5-21-4102688973-2130496443-4087980055-1000 - Administrator - Enabled) => C:\Users\gismeu
Guest (S-1-5-21-4102688973-2130496443-4087980055-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4102688973-2130496443-4087980055-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2015 10:36:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 10:31:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 08:46:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 08:36:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 08:09:12 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x8007045b Type: 88::UnexpectedError.

Error: (12/31/2014 07:52:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 00:28:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (12/30/2014 11:05:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2014 10:56:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2014 09:22:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/01/2015 10:55:08 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (01/01/2015 10:55:08 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (01/01/2015 10:54:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1070

Error: (01/01/2015 10:54:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Server service hung on starting.

Error: (01/01/2015 10:53:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/01/2015 10:53:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Error: (01/01/2015 10:53:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Error: (01/01/2015 10:51:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Server service hung on starting.

Error: (01/01/2015 10:30:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/01/2015 10:30:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (01/01/2015 10:36:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 10:31:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 08:46:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 08:36:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 08:09:12 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x8007045b Type: 88::UnexpectedError.

Error: (12/31/2014 07:52:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 00:28:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (12/30/2014 11:05:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2014 10:56:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2014 09:22:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6670 @ 2.20GHz
Percentage of memory in use: 57%
Total physical RAM: 1912.86 MB
Available physical RAM: 816.55 MB
Total Pagefile: 3825.72 MB
Available Pagefile: 1995.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:221.95 GB) (Free:148.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 6D47215F)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Thanks, Sven


  • 0

#3
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Now next, here is the log file from theAdwCleaner. There was only a toolbar updater to get rid of. And that was all:

 

 

# AdwCleaner v4.106 - Report created 01/01/2015 at 23:51:12
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : gismeu - GIAMEU
# Running from : C:\Users\gismeu\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater18.1.9

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\DefaultAppPool\AppData\LocalLow\Fast Free Converter
[!] Folder Deleted : C:\Users\gismeu\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\gismeu\AppData\LocalLow\AVG SafeGuard toolbar
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

***** [ Scheduled Tasks ] *****

Task Deleted : driverupdate startup
Task Deleted : IHUninstallTrackingTASK

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v39.0.2171.95

[C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [6842 octets] - [01/01/2015 23:43:11]
AdwCleaner[S0].txt - [6741 octets] - [01/01/2015 23:51:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6801 octets] ##########
 


  • 0

#4
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

And here is the result of the JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by gismeu on Fri 01/02/2015 at  0:17:03.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\gismeu\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Users\gismeu\appdata\local\blekkotb_soc"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\gismeu\appdata\local\{01E65C7A-5252-4C54-A367-84032EAFEE2E}
Successfully deleted: [Empty Folder] C:\Users\gismeu\appdata\local\{0FDBFCF7-0A2F-436C-A30D-33394315A2B5}
Successfully deleted: [Empty Folder] C:\Users\gismeu\appdata\local\{24114290-9997-4641-9644-25DABA5001B5}
Successfully deleted: [Empty Folder] C:\Users\gismeu\appdata\local\{3731496B-DECF-4874-803D-5B6B82DC8F1F}
Successfully deleted: [Empty Folder] C:\Users\gismeu\appdata\local\{3B2BC8A5-CF43-4F94-9D2A-A710E1AED4F4}
Successfully deleted: [Empty Folder] C:\Users\gismeu\appdata\local\{81F09DCB-160D-4D2E-9BB6-739E9780C383}
Successfully deleted: [Empty Folder] C:\Users\gismeu\appdata\local\{9D9C856C-0F53-41E2-9759-DEAE91F581CD}
Successfully deleted: [Empty Folder] C:\Users\gismeu\appdata\local\{B04A8A18-51BF-4803-86E0-01DBCC2CB0D9}
Successfully deleted: [Empty Folder] C:\Users\gismeu\appdata\local\{B20E6542-BA78-47EF-A8FF-B7B50CEA8CB1}
Successfully deleted: [Empty Folder] C:\Users\gismeu\appdata\local\{B5AC4740-3876-4ED4-B21E-C8E4D8A3152F}
Successfully deleted: [Empty Folder] C:\Users\gismeu\appdata\local\{B8AEFF24-39B1-4E9E-AD13-8387D1BB9D34}
Successfully deleted: [Empty Folder] C:\Users\gismeu\appdata\local\{C10AE479-D8AE-45DE-9BCE-7A8546350311}
Successfully deleted: [Empty Folder] C:\Users\gismeu\appdata\local\{D488540C-A937-4165-A2F5-28858D22393A}
Successfully deleted: [Empty Folder] C:\Users\gismeu\appdata\local\{D8372482-C30B-4BB8-9D46-846BD331B671}
Successfully deleted: [Empty Folder] C:\Users\gismeu\appdata\local\{E4E917E6-7E6B-485E-8E2A-BADE8A827814}
Successfully deleted: [Empty Folder] C:\Users\gismeu\appdata\local\{E8C79C96-4C73-4523-96E0-991EB3E7C08F}



~~~ FireFox

Emptied folder: C:\Users\gismeu\AppData\Roaming\mozilla\firefox\profiles\apobfhff.default-1419554762374\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/02/2015 at  0:30:14.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

So that's it. Now I will wait until you contact me and tell me what to do.

 

Appreciate any help I can get, Sven


  • 0

#5
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi Sven :)

 

Apologies for the delay! The additional posts may have made it more difficult to spot you as we generally look for posts with no replies.
How is the computer running?  Are you currently experiencing any issues?

 

If you still need help, let's take a fresh look:

 

FRST

 

  • Right click on FRST to run as administrator.  When the tool opens click Yes to disclaimer.
  • Please check the Addition box.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because we checked the box for Addition it will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply and we'll see what it looks like from there.

 

 

Thank you :)


  • 0

#6
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Hello 23red,

 

no worries, thought that my several postings might be the reason.

Computer starts now okay, but there are still unusual things happening, like

today my data downloader for my stock charting software had no more data,

so I would appreciate it if you could have a look!

 

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by gismeu (administrator) on GIAMEU on 09-01-2015 21:46:48
Running from C:\Users\gismeu\Desktop
Loaded Profile: gismeu (Available profiles: gismeu & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
( ) C:\Windows\System32\lxducoms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63376 2012-09-07] (Lenovo)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {52d012e3-d5ad-11e1-b991-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851e3-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851ea-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a606-d4a6-11e1-a63d-e89a8f581443} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a654-d4a6-11e1-a63d-e89a8f581443} - F:\setup_vmb_lite.exe /checkApplicationPresence
IFEO\pcdlauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {BB319545-1E2A-4CCE-B6B8-B88FFC6327EC} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> {7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9} URL =
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> {BB319545-1E2A-4CCE-B6B8-B88FFC6327EC} URL =
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> {F50431DE-C870-49C9-B89B-3F6947D72D32} URL = http://search.yahoo....02,20028,0,85,0
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\gismeu\AppData\Roaming\Mozilla\Firefox\Profiles\apobfhff.default-1419554762374
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: @citrixonline.com/appdetectorplugin -> C:\Users\gismeu\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\gismeu\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Adblock Plus - C:\Users\gismeu\AppData\Roaming\Mozilla\Firefox\Profiles\apobfhff.default-1419554762374\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]

Chrome:
=======
CHR Profile: C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Google Docs) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-26]
CHR Extension: (Google Drive) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-24]
CHR Extension: (YouTube) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Google Search) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (Google Sheets) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Google Wallet) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-24]
CHR Extension: (Gmail) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-05-07] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-05-07] (Alcatel-Lucent) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-15] (IBM Corp.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2253112 2014-07-14] (AVG)
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-07-14] (AVG)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2014-07-14] (AVG)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies)
S3 JMCR; C:\Windows\System32\DRIVERS\jmcr.sys [143320 2009-05-18] (JMicron Technology Corporation) [File not signed]
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 RapportCerberus_80083; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80083.sys [761720 2014-12-08] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445912 2014-12-15] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-12-15] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-12-15] (IBM Corp.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-01-01] ()
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 21:46 - 2015-01-09 21:46 - 02124288 _____ (Farbar) C:\Users\gismeu\Desktop\FRST64.exe
2015-01-09 21:46 - 2015-01-09 21:46 - 00000000 ____D () C:\Users\gismeu\Desktop\FRST-OlderVersion
2015-01-09 20:53 - 2015-01-09 20:56 - 00000056 _____ () C:\Users\gismeu\F1.DAT
2015-01-09 20:21 - 2015-01-09 20:21 - 00000000 ____D () C:\RECYCLED
2015-01-06 23:28 - 2015-01-06 23:28 - 00000000 _____ () C:\Windows\SysWOW64\shoB03E.tmp
2015-01-04 23:21 - 2015-01-04 23:21 - 00000000 _____ () C:\Windows\SysWOW64\sho7B28.tmp
2015-01-02 21:00 - 2015-01-02 21:00 - 00025988 _____ () C:\Users\gismeu\Desktop\AMEX Tax 2014.odt
2015-01-02 00:30 - 2015-01-02 00:30 - 00002821 _____ () C:\Users\gismeu\Desktop\JRT.txt
2015-01-02 00:16 - 2015-01-02 00:16 - 00000000 ____D () C:\Windows\ERUNT
2015-01-01 23:42 - 2015-01-01 23:51 - 00000000 ____D () C:\AdwCleaner
2015-01-01 23:38 - 2015-01-01 23:38 - 02173952 _____ () C:\Users\gismeu\Desktop\adwcleaner_4.106.exe
2015-01-01 23:38 - 2015-01-01 23:38 - 01707939 _____ (Thisisu) C:\Users\gismeu\Desktop\JRT.exe
2015-01-01 23:29 - 2015-01-01 23:31 - 00031294 _____ () C:\Users\gismeu\Desktop\Addition.txt
2015-01-01 23:24 - 2015-01-09 21:48 - 00018836 _____ () C:\Users\gismeu\Desktop\FRST.txt
2015-01-01 23:23 - 2015-01-09 21:46 - 00000000 ____D () C:\FRST
2014-12-30 15:12 - 2014-12-30 15:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 15:11 - 2014-12-31 11:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-30 15:11 - 2014-12-30 15:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-29 10:47 - 2014-12-29 13:31 - 00000000 ____D () C:\Users\gismeu\Desktop\USA TAX 2
2014-12-29 09:24 - 2014-12-29 10:17 - 00019884 _____ () C:\Users\gismeu\Desktop\LINDA SWISS CH.ods
2014-12-29 07:42 - 2014-12-29 07:42 - 00007142 _____ () C:\Users\gismeu\Desktop\smile recent items.htm
2014-12-29 07:42 - 2014-12-29 07:42 - 00000000 ____D () C:\Users\gismeu\Desktop\smile recent items_files
2014-12-28 15:26 - 2014-12-28 15:26 - 00024353 _____ () C:\Users\gismeu\Desktop\LINDA EURO final 2015.ods
2014-12-28 09:19 - 2014-12-28 15:25 - 00024353 _____ () C:\Users\gismeu\Desktop\LINDA EURO 12-28.ods
2014-12-24 16:05 - 2014-12-28 13:58 - 00023917 _____ () C:\Users\gismeu\Desktop\LINDA EURO 12-25.ods
2014-12-22 11:37 - 2014-12-24 16:02 - 00023845 _____ () C:\Users\gismeu\Desktop\LINDA EURO 12-23.ods
2014-12-19 22:38 - 2014-12-19 22:38 - 00000000 _____ () C:\Windows\SysWOW64\sho6C6A.tmp
2014-12-19 20:24 - 2014-12-19 20:24 - 00000000 _____ () C:\Windows\SysWOW64\sho1881.tmp
2014-12-19 19:46 - 2014-12-19 19:46 - 00002609 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvil Studio 2015.lnk
2014-12-19 19:46 - 2014-12-19 19:46 - 00000000 ____D () C:\Program Files (x86)\Anvil Studio 2015
2014-12-19 19:43 - 2014-12-19 19:46 - 00000000 ____D () C:\Users\gismeu\AppData\Local\Anvil Studio
2014-12-18 23:46 - 2014-12-18 23:46 - 00000000 _____ () C:\Windows\SysWOW64\sho7149.tmp
2014-12-18 09:05 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 09:05 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 16:03 - 2014-12-16 16:03 - 00011368 _____ () C:\Users\gismeu\Desktop\TOS.odt
2014-12-15 22:16 - 2014-12-15 22:16 - 00000000 _____ () C:\Windows\SysWOW64\shoD809.tmp
2014-12-15 17:06 - 2014-12-15 17:41 - 00022713 _____ () C:\Users\gismeu\Desktop\LINDA EURO 12-15.ods
2014-12-14 13:52 - 2014-12-14 13:52 - 00080384 _____ () C:\Users\gismeu\Desktop\LINDA 12-14 final.xls
2014-12-14 13:50 - 2014-12-14 13:50 - 00047616 _____ () C:\Users\gismeu\Desktop\LINDA test 12-14.xls
2014-12-14 13:28 - 2014-12-14 13:47 - 00022860 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 12-14 version 2.ods
2014-12-14 11:29 - 2014-12-14 13:27 - 00022946 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 12-14.ods
2014-12-13 14:02 - 2014-12-13 14:02 - 00009459 _____ () C:\Users\gismeu\Desktop\LINDA SWISS final.xlsx
2014-12-13 13:06 - 2014-12-13 13:06 - 00014348 _____ () C:\Users\gismeu\Desktop\LINDA new 12-13.xlsx
2014-12-13 12:52 - 2014-12-13 13:47 - 00011472 _____ () C:\Users\gismeu\Desktop\SWISS  12-13.ods
2014-12-13 11:28 - 2014-12-13 11:28 - 00049664 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 1 update.xls
2014-12-13 11:27 - 2014-12-14 11:29 - 00022956 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 1 12-13-2.ods
2014-12-13 10:52 - 2014-12-13 10:52 - 00049664 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 1 12-13 MS.xls
2014-12-13 08:15 - 2014-12-13 08:50 - 00022125 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 1 12-13 reserve.ods
2014-12-13 07:53 - 2014-12-13 11:25 - 00022494 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 1 12-13.ods
2014-12-12 20:34 - 2014-12-12 22:18 - 00021880 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 1 reserve reserve.ods
2014-12-12 20:30 - 2014-12-13 07:45 - 00021994 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 1 reserve.ods
2014-12-12 17:59 - 2014-12-12 20:07 - 00094208 _____ () C:\Users\gismeu\Desktop\LINDA SWISS 1.xls
2014-12-12 10:12 - 2014-12-12 12:57 - 00049664 _____ () C:\Users\gismeu\Desktop\LINDA 2 MS.xls
2014-12-12 10:10 - 2014-12-12 10:10 - 00021037 _____ () C:\Users\gismeu\Desktop\LINDA 2.ods
2014-12-10 17:11 - 2014-12-10 17:11 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 16:06 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 16:06 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 11:33 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 11:33 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 11:33 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 11:33 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 11:33 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 11:33 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 11:33 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 11:33 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 11:33 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 11:33 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 11:33 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 11:32 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 11:32 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 11:32 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 11:32 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 11:32 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 11:32 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 11:32 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 11:32 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 11:32 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 11:32 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 11:32 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 11:32 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 11:32 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 11:32 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 11:32 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 11:32 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 11:32 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 11:32 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 11:32 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 11:32 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 11:32 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 11:32 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 11:32 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 11:32 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 11:32 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 11:32 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 11:32 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 11:32 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 11:32 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 11:32 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 11:32 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 11:32 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 11:32 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 11:32 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 11:32 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 11:32 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 11:32 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 11:32 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 11:32 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 11:32 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 11:32 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 11:32 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 11:32 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 11:32 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 11:32 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 11:32 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 11:32 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 11:32 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 11:32 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 11:32 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 11:32 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 11:32 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 11:32 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 11:32 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 11:32 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 11:32 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 11:32 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 11:32 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 11:32 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 11:32 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 11:32 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 11:32 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 11:32 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 11:32 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 11:32 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 11:32 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 11:32 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 11:32 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 21:38 - 2014-02-20 12:30 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000.job
2015-01-09 21:10 - 2014-05-28 22:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 21:05 - 2014-06-14 20:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-09 21:02 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 21:02 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 20:56 - 2012-10-12 12:00 - 00000106 _____ () C:\Users\gismeu\MASTER
2015-01-09 20:56 - 2012-09-28 23:48 - 00000384 _____ () C:\Users\gismeu\EMASTER
2015-01-09 20:56 - 2011-07-28 23:47 - 00000000 ____D () C:\Users\gismeu
2015-01-09 20:46 - 2011-06-10 13:47 - 01218787 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 20:26 - 2013-07-02 09:47 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-09 20:17 - 2014-11-21 17:46 - 00000000 ____D () C:\ProgramData\MCShield
2015-01-09 20:17 - 2014-06-14 20:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 20:16 - 2014-02-20 23:09 - 00076586 _____ () C:\Windows\setupact.log
2015-01-09 20:16 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-08 12:23 - 2014-08-29 21:10 - 00087780 _____ () C:\Users\gismeu\F23.DAT
2015-01-08 12:23 - 2014-04-19 18:49 - 00071456 _____ () C:\Users\gismeu\F17.DAT
2015-01-08 12:23 - 2014-03-26 11:40 - 00120764 _____ () C:\Users\gismeu\F16.DAT
2015-01-08 12:23 - 2013-11-27 06:49 - 00170968 _____ () C:\Users\gismeu\F14.DAT
2015-01-08 12:22 - 2013-10-11 19:21 - 00119672 _____ () C:\Users\gismeu\F13.DAT
2015-01-08 12:22 - 2013-06-10 08:33 - 00141820 _____ () C:\Users\gismeu\F11.DAT
2015-01-08 12:22 - 2011-08-05 11:30 - 00306796 _____ () C:\Users\gismeu\F3.DAT
2015-01-08 11:21 - 2009-07-14 00:13 - 00868630 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 13:38 - 2012-10-15 08:25 - 00134656 ___SH () C:\Users\gismeu\Thumbs.db
2015-01-06 23:16 - 2013-04-14 20:45 - 00000000 ____D () C:\Users\gismeu\.thinkorswim
2015-01-06 23:16 - 2011-07-29 00:31 - 00000000 ____D () C:\Program Files (x86)\thinkorswim
2015-01-05 19:03 - 2013-08-06 01:31 - 00000000 ____D () C:\Users\gismeu\Desktop\EMIN
2015-01-05 19:03 - 2011-07-29 14:03 - 00000000 ____D () C:\Users\gismeu\AppData\Roaming\Skype
2015-01-05 18:31 - 2012-07-24 04:14 - 00078493 _____ () C:\Users\gismeu\Desktop\FFO 2014.odt
2015-01-05 17:59 - 2013-11-01 07:46 - 00605376 _____ () C:\Users\gismeu\Desktop\AAA 2014.ods
2015-01-05 17:44 - 2011-07-30 03:16 - 00159680 _____ () C:\Users\gismeu\Desktop\REFERENCE 3-9-08 April 09.ods
2015-01-05 14:47 - 2014-02-20 12:30 - 00003592 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000
2015-01-02 11:37 - 2011-07-29 00:48 - 00000000 ____D () C:\Jts
2015-01-02 09:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-02 00:15 - 2013-08-01 01:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-01-01 23:54 - 2014-02-20 23:09 - 00356904 _____ () C:\Windows\PFRO.log
2015-01-01 23:54 - 2013-07-02 09:58 - 00000000 ____D () C:\Users\gismeu\AppData\Local\AVG SafeGuard toolbar
2015-01-01 22:36 - 2014-09-14 07:13 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-12-31 11:42 - 2011-06-10 14:00 - 00000000 ____D () C:\swshare
2014-12-31 11:32 - 2013-01-30 13:21 - 00000000 ____D () C:\Users\DefaultAppPool
2014-12-31 11:32 - 2011-06-10 14:14 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-12-31 11:31 - 2014-12-09 10:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-31 11:31 - 2011-08-07 11:10 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-31 11:31 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-31 11:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-31 11:30 - 2013-01-30 13:21 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-31 11:30 - 2013-01-30 13:21 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Trusteer
2014-12-31 11:30 - 2011-08-02 00:22 - 00000000 ____D () C:\Users\gismeu\AppData\Roaming\SoftGrid Client
2014-12-31 11:28 - 2011-07-29 14:02 - 00000000 ____D () C:\ProgramData\Skype
2014-12-31 11:27 - 2014-11-30 21:53 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-31 11:27 - 2011-08-02 00:27 - 00000000 __RHD () C:\MSOCache
2014-12-30 23:07 - 2013-07-02 09:47 - 00000000 ____D () C:\Users\gismeu\AppData\Local\Avg2013
2014-12-25 21:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-25 19:46 - 2013-12-21 10:13 - 00000000 ____D () C:\Users\gismeu\Desktop\Old Firefox Data
2014-12-25 19:11 - 2009-07-14 00:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-19 19:46 - 2014-03-01 09:32 - 00002597 _____ () C:\Users\Public\Desktop\Anvil Studio.lnk
2014-12-19 18:18 - 2014-05-28 22:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-19 18:18 - 2014-05-28 22:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-19 18:18 - 2014-05-28 22:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-19 18:18 - 2014-05-28 10:51 - 00000000 ____D () C:\Users\gismeu\AppData\Local\Adobe
2014-12-15 23:03 - 2012-04-18 09:30 - 00534104 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-12-15 22:14 - 2012-10-17 09:12 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-12-14 14:55 - 2012-03-27 06:02 - 00000000 ____D () C:\Users\gismeu\AppData\Local\CrashDumps
2014-12-14 12:30 - 2012-07-10 10:43 - 00066188 _____ () C:\Users\gismeu\Desktop\ABRAHAM.odt
2014-12-14 11:28 - 2012-08-17 11:06 - 00000000 ____D () C:\Users\gismeu\Desktop\USA TAX
2014-12-12 11:16 - 2014-05-28 10:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 17:11 - 2014-05-06 11:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 17:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 17:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 16:20 - 2013-08-03 02:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 16:08 - 2011-07-30 12:05 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 11:43 - 2014-12-09 23:17 - 00018917 _____ () C:\Users\gismeu\Desktop\MEET AND MIX.odt
2014-12-10 09:34 - 2014-05-09 17:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Files to move or delete:
====================
C:\Users\gismeu\F1.DAT
C:\Users\gismeu\F11.DAT
C:\Users\gismeu\F13.DAT
C:\Users\gismeu\F14.DAT
C:\Users\gismeu\F16.DAT
C:\Users\gismeu\F17.DAT
C:\Users\gismeu\F23.DAT
C:\Users\gismeu\F3.DAT


Some content of TEMP:
====================
C:\Users\gismeu\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 21:25

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by gismeu at 2015-01-09 21:49:28
Running from C:\Users\gismeu\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Anvil Studio (HKLM-x32\...\{B2D2B7EF-2D0F-4E54-97DE-ED1445501B52}) (Version: 14.02.03 - Willow Software)
Anvil Studio 2012 (HKLM-x32\...\{29DFE555-55E2-48EC-BB5B-64E4B277674F}) (Version: 12.09.02 - Willow Software)
Anvil Studio 2015 (HKLM-x32\...\{CB7212EA-21F9-4EF4-B289-9D69E28EE68D}) (Version: 15.01.11 - Willow Software)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4257 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.519 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.)
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DriverUpdate (HKLM-x32\...\{E2A3A216-9DFE-4EC1-AA69-162588FEF014}) (Version: 2.2.36929 - SlimWare Utilities, Inc.)
Gannalyst Professional 5.0 (HKLM-x32\...\Gannalyst Professional 5.0_is1) (Version:  - Gannalyst.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.0.5.2152 (HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\GoToMeeting) (Version: 7.0.5.2152 - CitrixOnline)
HQuote (HKLM-x32\...\HQuote) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\{986AB50A-A527-4F6D-8E8B-87FC3F0C2DBA}) (Version: 3.6.0006 - Lenovo)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QTrader (HKLM-x32\...\{41E28620-030B-4961-B4F5-8FB8E690582B}) (Version: 15.7.802 - CQG)
Rapport (Version: 3.5.1205.12 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1404.37 - Trusteer) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
SE_Aspectarian v1.26 (HKLM-x32\...\SE_Aspectarian_is1) (Version:  - Allen Edwall/AstroWin)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Sonic Icons for Lenovo (HKLM-x32\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StarFisher (HKLM-x32\...\{21C17FA8-28CA-4F00-80F1-1F96FACEC060}_is1) (Version: 0.8.5.4 - Tomas Kubec - OrionSoft)
thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.15 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.30 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.97 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.72 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.42 - Lenovo)
Timing Solution Demo Version (HKLM-x32\...\Timing Solution Demo Version) (Version:  - )
Trader Excel Add-In 3.3 (HKLM-x32\...\Trader Excel Add-In_is1) (Version:  - Open E Cry, LLC)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.37 - Trusteer)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Driver Package - Intel (iaStor) hdc  (01/15/2010 9.5.7.1002) (HKLM\...\C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6) (Version: 01/15/2010 9.5.7.1002 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wise Program Uninstaller 1.65 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.65 - WiseCleaner.com, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\gismeu\AppData\Local\Citrix\GoToMeeting\2031\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

10-12-2014 16:04:59 Windows Update
12-12-2014 16:09:43 Windows Update
18-12-2014 16:10:17 Windows Update
19-12-2014 19:45:04 Installed Anvil Studio 2015
26-12-2014 16:39:30 Installed Rapport
02-01-2015 00:14:19 Installed Rapport

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01BD4E26-55E1-4F64-A5B7-7BE8CCC58C7F} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {147478B3-293E-46BF-B3BA-F0E4624189FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {19E4F08B-6F45-4DA3-AFDC-82EBC3FB5FC9} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {1C11B708-2EAC-4C4C-BEB7-12E972593D0F} - System32\Tasks\{461E9536-DC2A-4586-B52E-AD3DC3ACDDEE} => Firefox.exe http://ui.skype.com/...all?page=tsBing
Task: {1E5DA755-3AC4-4A80-AEDB-D66D899830A0} - System32\Tasks\{D48658BC-119B-4EE2-B4BC-3F743CE316F3} => Firefox.exe http://ui.skype.com/...?LastError=1603
Task: {2AAE27B3-8E01-4F5B-B1B3-539CC89318F3} - System32\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000 => C:\Users\gismeu\AppData\Local\Citrix\GoToMeeting\2152\g2mupdate.exe [2015-01-05] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {349D0914-E27A-40E7-91EA-E41AEEBF1514} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {41555BD1-F810-401A-9588-CEF2DB8C2C6D} - System32\Tasks\{3FCE6A68-FD74-4753-B886-321A23DBD7A6} => pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {464FB591-1A29-443F-A4A6-0B274ED07034} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {480EEA42-2AE7-40BD-9D0F-7BD98812C179} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {490B67E5-A0C6-4D4B-8CF7-9C7F7A9CDB53} - System32\Tasks\RunSmartLeapServiceCenter => C:\Users\gismeu\Downloads\ServiceCenter.exe
Task: {5BE35628-9A9E-4B25-A002-D4B0A6FD4E26} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {6283A799-2A08-42B1-8366-73F1C2ACECED} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {670BC3EA-8C7A-42B2-B6CF-C3908B9C662A} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-24] (Lenovo Group Limited)
Task: {695244D2-9FC2-4885-962A-B66039EF1556} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
Task: {6E860934-FD7A-4877-91B4-02C9A52ED227} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Task: {6FFD2AE0-FE74-41D7-A013-467AF8A55D12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {809CDCC8-01C7-48C5-A681-46F5668C3403} - System32\Tasks\Trader Workstation Update => C:\Jts\WiseUpdt.exe
Task: {9FB5B7AD-C22D-4BA1-9505-93776C4C9C54} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {A5169FF6-1BF6-4260-8019-B3B630965D19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A6B698F0-4533-4944-80CF-E465149EEA4A} - System32\Tasks\{340124C1-FB07-4F34-A3AE-B6C9FA5F6778} => pcalua.exe -a "C:\Program Files (x86)\MetaTrader 4\Uninstall.exe"
Task: {B06A406B-B5CB-4592-85A8-EB2CA4A89803} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {B76104BB-182B-45BB-AA97-F0F5A96544EA} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {BB937074-419E-4BFF-ADF5-99F7D6CF68AC} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {CB1E2433-84A1-42FE-AE06-2BE2C33C5543} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-07-14] (AVG)
Task: {DCD9FD18-D5D5-46DC-9334-7A1A437D3098} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {DEF1B57B-E5CE-4801-8D9B-32B4E2664242} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {E9009AD7-5EC2-4ADA-ACFD-41BB62DE1F44} - System32\Tasks\Message Center plus => C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000.job => C:\Users\gismeu\AppData\Local\Citrix\GoToMeeting\2152\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2009-09-21 17:04 - 2009-09-21 17:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2008-08-25 05:02 - 2008-08-25 05:02 - 00027648 _____ () C:\Windows\System32\DELG1L6.DLL
2014-05-28 10:20 - 2011-02-28 17:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2012-09-28 21:59 - 2009-10-16 18:07 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll
2014-07-14 05:26 - 2014-07-14 05:26 - 00699704 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2014-07-14 05:26 - 2014-07-14 05:26 - 00407864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tuavga.dll
2014-05-14 11:45 - 2014-05-14 11:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-12-09 10:00 - 2014-12-09 10:00 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-19 18:18 - 2014-12-19 18:18 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: RapportMgmtService => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SUService => 3
MSCONFIG\Services: ThinkVantage Registry Monitor Service => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: TVT Backup Service => 3
MSCONFIG\Services: vToolbarUpdater18.1.9 => 2
MSCONFIG\startupfolder: C:^Users^gismeu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk.Startup
MSCONFIG\startupfolder: C:^Users^gismeu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: HP Officejet 4620 series (NET) => "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN35T3403D05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: Launch Backup Service Once => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe -start
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-4102688973-2130496443-4087980055-500 - Administrator - Disabled)
gismeu (S-1-5-21-4102688973-2130496443-4087980055-1000 - Administrator - Enabled) => C:\Users\gismeu
Guest (S-1-5-21-4102688973-2130496443-4087980055-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4102688973-2130496443-4087980055-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2015 09:24:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcSvc.exe, version: 5.9.7.95, time stamp: 0x50487c7e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000326f1
Faulting process id: 0x11e8
Faulting application start time: 0xAcSvc.exe0
Faulting application path: AcSvc.exe1
Faulting module path: AcSvc.exe2
Report Id: AcSvc.exe3

Error: (01/09/2015 08:18:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 11:05:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2015 08:03:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.9016, time stamp: 0x52a1d50f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00525530
Faulting process id: 0xd40
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (01/07/2015 07:47:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2015 01:06:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 10:51:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcSvc.exe, version: 5.9.7.95, time stamp: 0x50487c7e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000326f1
Faulting process id: 0x103c
Faulting application start time: 0xAcSvc.exe0
Faulting application path: AcSvc.exe1
Faulting module path: AcSvc.exe2
Report Id: AcSvc.exe3

Error: (01/06/2015 08:38:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 05:33:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 08:20:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/09/2015 09:24:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AcSvc service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/09/2015 08:35:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/09/2015 08:35:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1070

Error: (01/09/2015 08:35:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Server service hung on starting.

Error: (01/09/2015 08:33:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Server service hung on starting.

Error: (01/09/2015 08:16:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:22:35 PM on ‎1/‎8/‎2015 was unexpected.

Error: (01/08/2015 11:22:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1070

Error: (01/08/2015 11:22:32 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Server service hung on starting.

Error: (01/08/2015 11:22:32 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/08/2015 11:20:27 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Server service hung on starting.


Microsoft Office Sessions:
=========================
Error: (01/09/2015 09:24:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcSvc.exe5.9.7.9550487c7entdll.dll6.1.7601.18247521ea8e7c0000005000326f111e801d02c7334128cc4C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exeC:\Windows\SysWOW64\ntdll.dllbfe012be-986f-11e4-8e06-e89a8f581443

Error: (01/09/2015 08:18:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 11:05:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2015 08:03:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.901652a1d50funknown0.0.0.000000000c000000500525530d4001d02adc8a87fc83C:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown1ed8fd5c-96d2-11e4-9351-e89a8f581443

Error: (01/07/2015 07:47:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2015 01:06:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 10:51:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcSvc.exe5.9.7.9550487c7entdll.dll6.1.7601.18247521ea8e7c0000005000326f1103c01d02a1aac95f15fC:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exeC:\Windows\SysWOW64\ntdll.dll6c10ffad-9620-11e4-a89f-e89a8f581443

Error: (01/06/2015 08:38:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 05:33:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 08:20:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6670 @ 2.20GHz
Percentage of memory in use: 83%
Total physical RAM: 1912.86 MB
Available physical RAM: 310.59 MB
Total Pagefile: 3825.72 MB
Available Pagefile: 1591.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:221.95 GB) (Free:148.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 6D47215F)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Thanks heaps, Sven


  • 0

#7
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi SvenT :)

 

Thank you for the logs :)    To move us forward easier,  I'd be grateful if you would note the following:

 

•  Please make sure to carefully read every post completely before doing anything.
 
•  If you're not sure, or if something unexpected happens do not continue!  It is not a problem if you stop and ask! 
 
•  Please do not run any other scans or other download other software on your computer unless asked as it may make this repair more difficult.
 
•  Please stick with me until all malware is gone from your system.  Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear.

 

•  Please copy/paste to Notepad and save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.

 

Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.

 

•  I do my best to respond as quick as I can.  I, like everyone else here am also a volunteer and sometimes life keeps me busy  xwink.png.pagespeed.ic.HJgPQ3U3SA_oBmP6G  If you feel I've missed you, please send me a PM!

 

•  Posts not replied to in 4 days will be closed.  Please PM myself or a Mod if you would like it reopened.  

 

I'm going to take a close look at all of the logs.  I'll post back with further instructions as soon as possible :)

 

Quick note:  If you click on the Follow this topic button at the top of this page, you'll get an email notification when a post is made for you here.

 

Thank you :)


  • 0

#8
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hello Sven :)
 
Please let me know how the computer is doing after these steps:

Step 1
FRST Fix

Download attached fixlist.txt file and save it to the Desktop. ~> Attached File  fixlist.txt   2.27KB   130 downloads
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2
Malwarebytes
 
You have Malwarebytes installed, please right click to run as Administrator, let it check for updates.

  • If an update is found, it will download and install the latest updates automatically:
    MBAM2_zps52e3211b.png
  • Now select the Settings tab, and check the box next to Scan for rootkits:
    MBAM3_zps83324155.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM4_zpse3cd4a79.png
  • The scan may take some time to finish, so please be patient.
    MBAM5_zps36d7537b.png
  • When the scan is complete, it will show you the results.  (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.  (See Extra Note below)  If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt).  Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.

When you return please post:

1.  FRST fix log.txt
2.  Malwarebytes log
3.  How is the computer running?
 
Thank you :)


  • 0

#9
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Hello TH,

 

here comes the first log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by gismeu at 2015-01-12 19:36:03 Run:1
Running from C:\Users\gismeu\Desktop
Loaded Profile: gismeu (Available profiles: gismeu & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {52d012e3-d5ad-11e1-b991-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851e3-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851ea-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a606-d4a6-11e1-a63d-e89a8f581443} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a654-d4a6-11e1-a63d-e89a8f581443} - F:\setup_vmb_lite.exe /checkApplicationPresence
IFEO\pcdlauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2015-01-06 23:28 - 2015-01-06 23:28 - 00000000 _____ () C:\Windows\SysWOW64\shoB03E.tmp
2015-01-04 23:21 - 2015-01-04 23:21 - 00000000 _____ () C:\Windows\SysWOW64\sho7B28.tmp
2014-12-19 22:38 - 2014-12-19 22:38 - 00000000 _____ () C:\Windows\SysWOW64\sho6C6A.tmp
2014-12-19 20:24 - 2014-12-19 20:24 - 00000000 _____ () C:\Windows\SysWOW64\sho1881.tmp
2014-12-18 23:46 - 2014-12-18 23:46 - 00000000 _____ () C:\Windows\SysWOW64\sho7149.tmp
2014-12-15 22:16 - 2014-12-15 22:16 - 00000000 _____ () C:\Windows\SysWOW64\shoD809.tmp
2015-01-08 12:23 - 2014-08-29 21:10 - 00087780 _____ () C:\Users\gismeu\F23.DAT
2015-01-08 12:23 - 2014-04-19 18:49 - 00071456 _____ () C:\Users\gismeu\F17.DAT
2015-01-08 12:23 - 2014-03-26 11:40 - 00120764 _____ () C:\Users\gismeu\F16.DAT
2015-01-08 12:23 - 2013-11-27 06:49 - 00170968 _____ () C:\Users\gismeu\F14.DAT
2015-01-08 12:22 - 2013-10-11 19:21 - 00119672 _____ () C:\Users\gismeu\F13.DAT
2015-01-08 12:22 - 2013-06-10 08:33 - 00141820 _____ () C:\Users\gismeu\F11.DAT
2015-01-08 12:22 - 2011-08-05 11:30 - 00306796 _____ () C:\Users\gismeu\F3.DAT
2015-01-01 23:54 - 2013-07-02 09:58 - 00000000 ____D () C:\Users\gismeu\AppData\Local\AVG SafeGuard toolbar
C:\Users\gismeu\F1.DAT
C:\Users\gismeu\F11.DAT
C:\Users\gismeu\F13.DAT
C:\Users\gismeu\F14.DAT
C:\Users\gismeu\F16.DAT
C:\Users\gismeu\F17.DAT
C:\Users\gismeu\F23.DAT
C:\Users\gismeu\F3.DAT
EmptyTemp:
End
*****************

Restore point was successfully created.
"HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52d012e3-d5ad-11e1-b991-e89a8f581443}" => Key deleted successfully.
HKCR\CLSID\{52d012e3-d5ad-11e1-b991-e89a8f581443} => Key not found.
"HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64e851e3-d31e-11e1-b5fa-e89a8f581443}" => Key deleted successfully.
HKCR\CLSID\{64e851e3-d31e-11e1-b5fa-e89a8f581443} => Key not found.
"HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64e851ea-d31e-11e1-b5fa-e89a8f581443}" => Key deleted successfully.
HKCR\CLSID\{64e851ea-d31e-11e1-b5fa-e89a8f581443} => Key not found.
"HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84b1a606-d4a6-11e1-a63d-e89a8f581443}" => Key deleted successfully.
HKCR\CLSID\{84b1a606-d4a6-11e1-a63d-e89a8f581443} => Key not found.
"HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84b1a654-d4a6-11e1-a63d-e89a8f581443}" => Key deleted successfully.
HKCR\CLSID\{84b1a654-d4a6-11e1-a63d-e89a8f581443} => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pcdlauncher.exe" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Windows\SysWOW64\shoB03E.tmp => Moved successfully.
C:\Windows\SysWOW64\sho7B28.tmp => Moved successfully.
C:\Windows\SysWOW64\sho6C6A.tmp => Moved successfully.
C:\Windows\SysWOW64\sho1881.tmp => Moved successfully.
C:\Windows\SysWOW64\sho7149.tmp => Moved successfully.
C:\Windows\SysWOW64\shoD809.tmp => Moved successfully.
C:\Users\gismeu\F23.DAT => Moved successfully.
C:\Users\gismeu\F17.DAT => Moved successfully.
C:\Users\gismeu\F16.DAT => Moved successfully.
C:\Users\gismeu\F14.DAT => Moved successfully.
C:\Users\gismeu\F13.DAT => Moved successfully.
C:\Users\gismeu\F11.DAT => Moved successfully.
C:\Users\gismeu\F3.DAT => Moved successfully.
C:\Users\gismeu\AppData\Local\AVG SafeGuard toolbar => Moved successfully.
C:\Users\gismeu\F1.DAT => Moved successfully.
"C:\Users\gismeu\F11.DAT" => File/Directory not found.
"C:\Users\gismeu\F13.DAT" => File/Directory not found.
"C:\Users\gismeu\F14.DAT" => File/Directory not found.
"C:\Users\gismeu\F16.DAT" => File/Directory not found.
"C:\Users\gismeu\F17.DAT" => File/Directory not found.
"C:\Users\gismeu\F23.DAT" => File/Directory not found.
"C:\Users\gismeu\F3.DAT" => File/Directory not found.
EmptyTemp: => Removed 2.8 GB temporary data.


The system needed a reboot.

==== End of Fixlog 19:39:15 ====

 

The other should follow shortly.

 

Thanks, Sven


  • 0

#10
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Well, it will follow but not shortly  :(

 

Running the second scan now and somehow every time I click on the MBAM link it opens and already starts to scan, which takes a while, but I need to click on

rootkits, so hopefully the next scan will include that.

 

Sorry, Sven


  • 0

Advertisements


#11
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Hello TH,

 

I run Malwarebites and then let it restart the computer. What happened? Well, I got a blue screen - LOL

So I restarted in 'safe mode' and got to the log, but since I was in safe mode, the screen size and letter size

were off, so I could not get to 'export' in the end. That box (Export) was below the computer screen.

 

It found 5 items that I deleted, one was labled under 'Type' as Registry Key(in case that helps)

 

Since it is late, I stop now. Tomorrow I could try to play around with font size etc to see if I could get

to the 'Export' button or just try again to start the computer normal.

What is also interesting is that when the blue screen problem appeared, it could be that

shortly before that I did download and run Malwarebites, because on some other sites it

was recommended

.

Today I could not find it, so I downloaded it again and maybe because the blue screen appeared

after I downloaded it, I later deleted it, since that often helps.

 

Hope that is not too confusing. thanks Sven


  • 0

#12
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

P.S. Just learned to move the task bar, but still can't get to the export button  :(


  • 0

#13
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

well, not stopping...

I took a screen shot of the log and put it into photobucket.

I know this is not the preferred way of doing that, but right now the best I can do.

So if you want to, click this link:

 

http://i931.photobuc...zps8d601b5a.jpg

 

Thanks, Sven


  • 0

#14
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi Sven :)

From the look of the picture you need to click on the gray bar on the top of the Malwarebytes screen and pull it up so you can see the bottom of the screen.  Or click on the square between the minus and the X to close the screen in the top right hand corner to make the window full screen, then you can also see the button. 

 

Hope this helps, if it is what was needed.

Let me know how you get on.


  • 0

#15
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Hello TH,

 

I only have an 'X' in the top right corner and clicking the grey bar didn't help either,

but somehow I managed, so here it is:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/12/2015
Scan Time: 9:13:17 PM
Logfile: TH malwarebits.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.13.01
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: gismeu

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 406612
Time Elapsed: 23 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.MediaPlayerEnhance.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerEnhance, Quarantined, [7b1d93617910df57848b8c1fa55e40c0],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.Bandoo, C:\Users\gismeu\Downloads\iLividSetup-r706-n-bf.exe, Quarantined, [e7b1995b9bee5adc046cf13a728f6898],
PUP.Optional.OpenCandy, C:\Users\gismeu\Downloads\InstallFreeRARExtractFrog.exe, Quarantined, [3f5925cfe3a6d75f936dab0dd0357789],
PUP.Optional.OpenCandy, C:\Users\gismeu\Downloads\InternationalPrimoPDF.exe, Quarantined, [c8d0bd371f6afa3c1ce421973bca4eb2],
PUP.BundleInstaller.IWT, C:\Users\gismeu\Downloads\setup.exe, Quarantined, [5840cf25d8b1f93d53f7931906fafd03],

Physical Sectors: 0
(No malicious items detected)


(end)Will now uninstall Malwarebites, since I believe it is the reason for the blue screen.

 

Thanks Sven


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP