Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Have a BLUE screen [Solved]


  • This topic is locked This topic is locked

#16
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hello Sven :)
Great work with the scans! :thumbsup:
A  window that is not open full screen can be moved anywhere on the screen by clicking on the very top of the window and dragging it where on the screen you'd like it to be.

It looked like the bottom of the Malwarebytes window was cut off behind the task bar ;)

Clearing temp files here, after that follows an online scan with ESET. 

 

Step 1
Clear Cache/Temp Files

 

Download TFC by OldTimer to your desktop.

  • Please right-click on the TFC.exe file and choose Run As Administrator).

     

  • It will close all programs when run, so make sure you have saved all your work before you begin.

     

  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.  Let it run uninterrupted to completion.

     

  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

 

Step 2
ESET Online Scanner

Please run a free online scan with the ESET

Note: You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here.

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

 

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
     
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

 

 

When you return please post:

 

1.  EsetOnlineScanner\log.txt

2.  How is the computer running?


  • 0

Advertisements


#17
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Hello TH,

 

started my computer in safe mode, since I had again blue screens yesterday and did the TFC step.

It removed more than 600MB of junk or old files, whatever it was.

Since it did not reboot, I did it myself and didn't go into safe mode, but it was not needed, so am very happy,

 

Now onto #2

 

you say "Click the green ESET Online Scanner box"

 

but it seems like things changed a bit, it is now a blue box saying 'Run ESET Online Scanner'

 

Anyway, will continue when scan has ended.

 

Thanks, Sven


  • 0

#18
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Hello,

 

scan took almost 3 hours, have not found the log yet, but here is my own copy, hopefully that is enough.

 

C:\Users\All Users\InstallMate\{999E09D9-E823-4E11-ACFA-A001427D2B2F}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    
C:\ProgramData\InstallMate\{999E09D9-E823-4E11-ACFA-A001427D2B2F}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    deleted - quarantined
C:\Users\gismeu\Downloads\iLividSetup-r706-n-bf.exe    Win32/iLivid.A potentially unwanted application    deleted - quarantined
C:\Users\gismeu\Downloads\InstallFreeRARExtractFrog.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\Users\gismeu\Downloads\InternationalPrimoPDF.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\Users\gismeu\Downloads\WPUSetup.exe    Win32/Spigot.A potentially unwanted application    deleted - quarantined
 

 

Why shouldn't I tick on the box to delete those files?

 

Will tell you how the computer is doing in a short while,

 

thanks, Sven


  • 0

#19
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Apart form the occasional ' a script has stopped' which is to do with Firefox, the computer works fine  :)

 

Thank you, Sven

P.S. Hope I didn't ruin it now!


  • 0

#20
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi Sven :)
 


Since it did not reboot, I did it myself and didn't go into safe mode, but it was not needed, so am very happy,

 

 

:thumbsup: Glad to hear it!

 

 

you say "Click the green ESET Online Scanner box" but it seems like things changed a bit, it is now a blue box saying 'Run ESET Online Scanner'

 

So it is!  Thank you for that, I'll adjust my instructions ;)

 

 

 

C:\Users\All Users\InstallMate\{999E09D9-E823-4E11-ACFA-A001427D2B2F}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application   
 C:\ProgramData\InstallMate\{999E09D9-E823-4E11-ACFA-A001427D2B2F}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    deleted - quarantined
 C:\Users\gismeu\Downloads\iLividSetup-r706-n-bf.exe    Win32/iLivid.A potentially unwanted application    deleted - quarantined
 C:\Users\gismeu\Downloads\InstallFreeRARExtractFrog.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
 C:\Users\gismeu\Downloads\InternationalPrimoPDF.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
 C:\Users\gismeu\Downloads\WPUSetup.exe    Win32/Spigot.A potentially unwanted application    deleted - quarantined


Why shouldn't I tick on the box to delete those files?

 

 

 

Often times false positives are found or items already in quarantine by another tool.  We request such as safety mechanism. That looks fine.  Those needed to go :)

 
Is Firefox still acting up?

 

Let's check for Security issues or possible vulnerabilities:

 

SecurityCheck by Screen317:

 

Please download Security Check by screen317.

 

•Save it to your Desktop.

•Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

•A Notepad document should open automatically called checkup.txt; please also post the contents of that document.

 

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!  Try rebooting the system and then run SecurityCheck again.

 

When you return, please post the checkup.txt and let me know how the computer is doing, and if Firefox still is having difficulties.

 

 

Thank you :)


  • 0

#21
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Hello TH,

 

here is the log:

 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG Internet Security 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Secunia PSI (3.0.0.9016)   
 AVG PC TuneUp 2014  
 AVG PC TuneUp 2014 (en-US)
 AVG PC TuneUp Language Pack (en-US)
 Java 8 Update 25  
 Java version 32-bit out of Date!
 Adobe Flash Player 16.0.0.257  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5)
 Google Chrome (39.0.2171.95)
 Google Chrome (39.0.2171.99)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

 

Firefox is doing fine  :)

 

Thank you, Sven


  • 0

#22
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hello Sven :)

 

Excellent work! That looks good. 

 

 

Firefox is doing fine  :)

 

 

Great! 

I'd like one last FRST scan to double check, please.  After this we'll clean up the tools:

 

Fresh FRST Scan


  • Right click to run as Administrator.  When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

 

 

When you return, please post the FRST.txt and let me know if you have any further issues.

 

Thank you :)

 


  • 0

#23
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Hello TH,

 

here are the two logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by gismeu (administrator) on GIAMEU on 19-01-2015 09:50:01
Running from C:\Users\gismeu\Desktop
Loaded Profiles: gismeu (Available profiles: gismeu & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
( ) C:\Windows\System32\lxducoms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63376 2012-09-07] (Lenovo)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {52d012e3-d5ad-11e1-b991-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851e3-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851ea-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a606-d4a6-11e1-a63d-e89a8f581443} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a654-d4a6-11e1-a63d-e89a8f581443} - F:\setup_vmb_lite.exe /checkApplicationPresence
IFEO\pcdlauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {BB319545-1E2A-4CCE-B6B8-B88FFC6327EC} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> {7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9} URL =
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> {BB319545-1E2A-4CCE-B6B8-B88FFC6327EC} URL =
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> {F50431DE-C870-49C9-B89B-3F6947D72D32} URL = http://search.yahoo....02,20028,0,85,0
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\gismeu\AppData\Roaming\Mozilla\Firefox\Profiles\apobfhff.default-1419554762374
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: @citrixonline.com/appdetectorplugin -> C:\Users\gismeu\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\gismeu\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Adblock Plus - C:\Users\gismeu\AppData\Roaming\Mozilla\Firefox\Profiles\apobfhff.default-1419554762374\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]

Chrome:
=======
CHR Profile: C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Google Docs) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-26]
CHR Extension: (Google Drive) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-24]
CHR Extension: (YouTube) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Google Search) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (Google Sheets) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Google Wallet) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-24]
CHR Extension: (Gmail) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-05-07] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-05-07] (Alcatel-Lucent) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2253112 2014-07-14] (AVG)
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-07-14] (AVG)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2014-07-14] (AVG)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies)
S3 JMCR; C:\Windows\System32\DRIVERS\jmcr.sys [143320 2009-05-18] (JMicron Technology Corporation) [File not signed]
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80120.sys [845464 2015-01-14] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2014-12-22] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2014-12-22] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2014-12-22] (IBM Corp.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-01-01] ()
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 09:50 - 2015-01-19 09:51 - 00019037 _____ () C:\Users\gismeu\Desktop\FRST.txt
2015-01-19 09:49 - 2015-01-19 09:49 - 02126848 _____ (Farbar) C:\Users\gismeu\Desktop\FRST64.exe
2015-01-19 09:49 - 2015-01-19 09:49 - 00000000 ____D () C:\Users\gismeu\Desktop\FRST-OlderVersion
2015-01-17 13:18 - 2015-01-17 13:19 - 00852504 _____ () C:\Users\gismeu\Desktop\SecurityCheck.exe
2015-01-15 12:45 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 12:45 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 12:45 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 12:45 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 12:45 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 18:55 - 2015-01-14 20:23 - 00087892 _____ () C:\Users\gismeu\F1.DAT
2015-01-14 18:39 - 2015-01-14 18:39 - 00000796 _____ () C:\Users\gismeu\Desktop\ESET.txt
2015-01-14 16:49 - 2015-01-14 16:49 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-14 15:16 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:16 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 15:16 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 15:15 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 15:15 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 15:15 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 15:15 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 15:15 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 15:12 - 2015-01-14 15:12 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-14 14:37 - 2015-01-14 14:37 - 00000000 __SHD () C:\Users\gismeu\AppData\Local\EmieBrowserModeList
2015-01-14 14:23 - 2015-01-14 14:23 - 00448512 _____ (OldTimer Tools) C:\Users\gismeu\Desktop\TFC.exe
2015-01-13 06:12 - 2015-01-13 06:12 - 00001691 _____ () C:\Users\gismeu\Desktop\TH malwarebits.txt
2015-01-12 17:20 - 2015-01-12 17:26 - 00000000 ____D () C:\Users\gismeu\Desktop\LINDA
2015-01-10 14:15 - 2015-01-10 14:15 - 00945937 _____ () C:\Users\gismeu\Downloads\TFTD_TF_sm_chunk_DH.wmv
2015-01-02 21:00 - 2015-01-02 21:00 - 00025988 _____ () C:\Users\gismeu\Desktop\AMEX Tax 2014.odt
2015-01-02 00:16 - 2015-01-02 00:16 - 00000000 ____D () C:\Windows\ERUNT
2015-01-01 23:42 - 2015-01-01 23:51 - 00000000 ____D () C:\AdwCleaner
2015-01-01 23:38 - 2015-01-01 23:38 - 02173952 _____ () C:\Users\gismeu\Desktop\adwcleaner_4.106.exe
2015-01-01 23:38 - 2015-01-01 23:38 - 01707939 _____ (Thisisu) C:\Users\gismeu\Desktop\JRT.exe
2015-01-01 23:23 - 2015-01-19 09:50 - 00000000 ____D () C:\FRST
2014-12-30 15:12 - 2014-12-30 15:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 15:11 - 2014-12-31 11:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-30 15:11 - 2014-12-30 15:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-29 10:47 - 2014-12-29 13:31 - 00000000 ____D () C:\Users\gismeu\Desktop\USA TAX 2
2014-12-29 07:42 - 2014-12-29 07:42 - 00007142 _____ () C:\Users\gismeu\Desktop\smile recent items.htm
2014-12-29 07:42 - 2014-12-29 07:42 - 00000000 ____D () C:\Users\gismeu\Desktop\smile recent items_files

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 09:50 - 2013-07-02 09:47 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-19 09:47 - 2014-02-20 12:30 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000.job
2015-01-19 09:18 - 2011-06-10 13:47 - 01713378 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 09:16 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 09:16 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 09:10 - 2014-05-28 22:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 09:08 - 2014-06-14 20:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 08:52 - 2014-11-21 17:46 - 00000000 ____D () C:\ProgramData\MCShield
2015-01-19 08:52 - 2014-06-14 20:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 08:51 - 2014-02-20 23:09 - 00076194 _____ () C:\Windows\setupact.log
2015-01-19 08:51 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 15:44 - 2011-07-29 14:03 - 00000000 ____D () C:\Users\gismeu\AppData\Roaming\Skype
2015-01-17 17:01 - 2013-08-06 01:31 - 00000000 ____D () C:\Users\gismeu\Desktop\EMIN
2015-01-15 22:38 - 2013-04-14 20:45 - 00000000 ____D () C:\Users\gismeu\.thinkorswim
2015-01-15 22:38 - 2011-07-29 00:31 - 00000000 ____D () C:\Program Files (x86)\thinkorswim
2015-01-15 10:49 - 2009-07-14 00:13 - 00868630 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 21:18 - 2013-08-03 02:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:03 - 2011-07-30 12:05 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 20:23 - 2012-10-12 12:00 - 00000106 _____ () C:\Users\gismeu\MASTER
2015-01-14 20:23 - 2012-09-28 23:48 - 00000384 _____ () C:\Users\gismeu\EMASTER
2015-01-14 20:23 - 2011-07-28 23:47 - 00000000 ____D () C:\Users\gismeu
2015-01-14 19:08 - 2011-07-29 00:48 - 00000000 ____D () C:\Jts
2015-01-14 16:17 - 2014-06-14 20:39 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-14 15:11 - 2014-05-28 22:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 15:11 - 2014-05-28 22:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 15:11 - 2014-05-28 22:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 14:49 - 2013-08-01 01:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-01-13 13:59 - 2011-06-10 14:00 - 00000000 ____D () C:\swshare
2015-01-13 13:22 - 2013-12-17 11:02 - 00000000 ____D () C:\Users\gismeu\Desktop\GLOBAL SSN_files
2015-01-13 13:22 - 2013-11-12 18:56 - 00000000 ____D () C:\Users\gismeu\Desktop\OpenOffice 4.0.1 (en-US) Installation Files
2015-01-13 13:22 - 2013-01-30 13:21 - 00000000 ____D () C:\Users\DefaultAppPool
2015-01-13 13:22 - 2011-07-30 19:08 - 00000000 ____D () C:\Users\gismeu\Matrix
2015-01-13 13:22 - 2011-06-10 14:14 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2015-01-13 13:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-13 13:21 - 2011-06-10 14:12 - 00000000 ____D () C:\ProgramData\PCDr
2015-01-13 13:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-13 13:19 - 2013-12-21 10:13 - 00000000 ____D () C:\Users\gismeu\Desktop\Old Firefox Data
2015-01-13 13:18 - 2011-08-02 00:22 - 00000000 ____D () C:\Users\gismeu\AppData\Roaming\SoftGrid Client
2015-01-12 19:36 - 2012-03-27 06:02 - 00000000 ____D () C:\Users\gismeu\AppData\Local\CrashDumps
2015-01-12 17:32 - 2014-06-11 07:20 - 00000000 ____D () C:\Users\gismeu\Desktop\GANN
2015-01-12 17:29 - 2012-08-17 11:06 - 00000000 ____D () C:\Users\gismeu\Desktop\USA TAX
2015-01-12 17:27 - 2013-08-28 15:09 - 00000000 ____D () C:\Users\gismeu\Desktop\MAYBE
2015-01-10 17:38 - 2013-11-01 07:46 - 00605257 _____ () C:\Users\gismeu\Desktop\AAA 2014.ods
2015-01-07 13:38 - 2012-10-15 08:25 - 00134656 ___SH () C:\Users\gismeu\Thumbs.db
2015-01-05 18:31 - 2012-07-24 04:14 - 00078493 _____ () C:\Users\gismeu\Desktop\FFO 2014.odt
2015-01-05 17:44 - 2011-07-30 03:16 - 00159680 _____ () C:\Users\gismeu\Desktop\REFERENCE 3-9-08 April 09.ods
2015-01-01 23:54 - 2014-02-20 23:09 - 00356904 _____ () C:\Windows\PFRO.log
2015-01-01 22:36 - 2014-09-14 07:13 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-12-31 11:31 - 2014-12-09 10:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-31 11:31 - 2011-08-07 11:10 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-31 11:31 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-31 11:30 - 2013-01-30 13:21 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-31 11:30 - 2013-01-30 13:21 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Trusteer
2014-12-31 11:28 - 2011-07-29 14:02 - 00000000 ____D () C:\ProgramData\Skype
2014-12-31 11:27 - 2014-11-30 21:53 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-31 11:27 - 2011-08-02 00:27 - 00000000 __RHD () C:\MSOCache
2014-12-30 23:07 - 2013-07-02 09:47 - 00000000 ____D () C:\Users\gismeu\AppData\Local\Avg2013
2014-12-25 21:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-25 19:11 - 2009-07-14 00:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-24 10:43 - 2014-02-20 12:30 - 00003592 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000
2014-12-22 17:52 - 2012-04-18 09:30 - 00535576 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys

==================== Files in the root of some directories =======
2013-07-02 09:58 - 2014-06-25 05:54 - 0003737 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2011-08-04 13:21 - 2011-06-07 14:49 - 0004871 _____ () C:\Program Files (x86)\SLV 11.portfolio
2014-12-17 19:54 - 2014-12-17 19:54 - 0037607 _____ () C:\Program Files (x86)\Common Files\license.rtf
2014-12-17 19:54 - 2014-12-17 19:54 - 0008046 _____ () C:\Program Files (x86)\Common Files\setupBanner.jpg
2013-07-05 10:45 - 2013-07-07 19:50 - 0000960 _____ () C:\Users\gismeu\AppData\Roaming\.starmoon_kst.cfg
2013-02-12 08:56 - 2013-02-12 08:56 - 0007606 _____ () C:\Users\gismeu\AppData\Local\Resmon.ResmonCfg
2014-09-12 03:27 - 2014-09-12 03:27 - 0000000 _____ () C:\Users\gismeu\AppData\Local\{9A0E4B64-F871-4096-9115-58A4617EFA3B}
2013-09-05 13:30 - 2013-09-05 13:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-08-24 19:33 - 2013-08-24 19:33 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2012-09-27 20:35 - 2012-09-27 20:35 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Files to move or delete:
====================
C:\Users\gismeu\F1.DAT


Some content of TEMP:
====================
C:\Users\gismeu\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-09 23:19

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by gismeu at 2015-01-19 09:52:08
Running from C:\Users\gismeu\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Anvil Studio (HKLM-x32\...\{B2D2B7EF-2D0F-4E54-97DE-ED1445501B52}) (Version: 14.02.03 - Willow Software)
Anvil Studio 2012 (HKLM-x32\...\{29DFE555-55E2-48EC-BB5B-64E4B277674F}) (Version: 12.09.02 - Willow Software)
Anvil Studio 2015 (HKLM-x32\...\{CB7212EA-21F9-4EF4-B289-9D69E28EE68D}) (Version: 15.01.11 - Willow Software)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4257 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.519 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.)
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DriverUpdate (HKLM-x32\...\{E2A3A216-9DFE-4EC1-AA69-162588FEF014}) (Version: 2.2.36929 - SlimWare Utilities, Inc.)
Gannalyst Professional 5.0 (HKLM-x32\...\Gannalyst Professional 5.0_is1) (Version:  - Gannalyst.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 6.4.9.2128 (HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\GoToMeeting) (Version: 6.4.9.2128 - CitrixOnline)
HQuote (HKLM-x32\...\HQuote) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\{986AB50A-A527-4F6D-8E8B-87FC3F0C2DBA}) (Version: 3.6.0006 - Lenovo)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QTrader (HKLM-x32\...\{41E28620-030B-4961-B4F5-8FB8E690582B}) (Version: 15.7.802 - CQG)
Rapport (Version: 3.5.1205.12 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1404.61 - Trusteer) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
SE_Aspectarian v1.26 (HKLM-x32\...\SE_Aspectarian_is1) (Version:  - Allen Edwall/AstroWin)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Sonic Icons for Lenovo (HKLM-x32\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StarFisher (HKLM-x32\...\{21C17FA8-28CA-4F00-80F1-1F96FACEC060}_is1) (Version: 0.8.5.4 - Tomas Kubec - OrionSoft)
thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.15 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.30 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.97 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.72 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.42 - Lenovo)
Timing Solution Demo Version (HKLM-x32\...\Timing Solution Demo Version) (Version:  - )
Trader Excel Add-In 3.3 (HKLM-x32\...\Trader Excel Add-In_is1) (Version:  - Open E Cry, LLC)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.61 - Trusteer)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Driver Package - Intel (iaStor) hdc  (01/15/2010 9.5.7.1002) (HKLM\...\C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6) (Version: 01/15/2010 9.5.7.1002 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wise Program Uninstaller 1.65 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.65 - WiseCleaner.com, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\gismeu\AppData\Local\Citrix\GoToMeeting\2031\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

26-12-2014 16:39:30 Installed Rapport
02-01-2015 00:14:19 Installed Rapport
12-01-2015 19:36:10 Restore Point Created by FRST
12-01-2015 20:02:01 Installed Rapport
14-01-2015 14:48:13 Installed Rapport
14-01-2015 21:01:46 Windows Update
15-01-2015 12:48:38 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01BD4E26-55E1-4F64-A5B7-7BE8CCC58C7F} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {147478B3-293E-46BF-B3BA-F0E4624189FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {19E4F08B-6F45-4DA3-AFDC-82EBC3FB5FC9} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {1C11B708-2EAC-4C4C-BEB7-12E972593D0F} - System32\Tasks\{461E9536-DC2A-4586-B52E-AD3DC3ACDDEE} => Firefox.exe http://ui.skype.com/...all?page=tsBing
Task: {1E5DA755-3AC4-4A80-AEDB-D66D899830A0} - System32\Tasks\{D48658BC-119B-4EE2-B4BC-3F743CE316F3} => Firefox.exe http://ui.skype.com/...?LastError=1603
Task: {2AAE27B3-8E01-4F5B-B1B3-539CC89318F3} - System32\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000 => C:\Users\gismeu\AppData\Local\Citrix\GoToMeeting\2128\g2mupdate.exe [2014-12-24] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {349D0914-E27A-40E7-91EA-E41AEEBF1514} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {41555BD1-F810-401A-9588-CEF2DB8C2C6D} - System32\Tasks\{3FCE6A68-FD74-4753-B886-321A23DBD7A6} => pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {464FB591-1A29-443F-A4A6-0B274ED07034} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {480EEA42-2AE7-40BD-9D0F-7BD98812C179} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {490B67E5-A0C6-4D4B-8CF7-9C7F7A9CDB53} - System32\Tasks\RunSmartLeapServiceCenter => C:\Users\gismeu\Downloads\ServiceCenter.exe
Task: {5BE35628-9A9E-4B25-A002-D4B0A6FD4E26} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {6283A799-2A08-42B1-8366-73F1C2ACECED} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {670BC3EA-8C7A-42B2-B6CF-C3908B9C662A} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-24] (Lenovo Group Limited)
Task: {695244D2-9FC2-4885-962A-B66039EF1556} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
Task: {6E860934-FD7A-4877-91B4-02C9A52ED227} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Task: {6FFD2AE0-FE74-41D7-A013-467AF8A55D12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {809CDCC8-01C7-48C5-A681-46F5668C3403} - System32\Tasks\Trader Workstation Update => C:\Jts\WiseUpdt.exe
Task: {9721A84D-BC35-41D5-92A1-329312F71F10} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9FB5B7AD-C22D-4BA1-9505-93776C4C9C54} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {A5169FF6-1BF6-4260-8019-B3B630965D19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {A6B698F0-4533-4944-80CF-E465149EEA4A} - System32\Tasks\{340124C1-FB07-4F34-A3AE-B6C9FA5F6778} => pcalua.exe -a "C:\Program Files (x86)\MetaTrader 4\Uninstall.exe"
Task: {B06A406B-B5CB-4592-85A8-EB2CA4A89803} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {B76104BB-182B-45BB-AA97-F0F5A96544EA} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {BB937074-419E-4BFF-ADF5-99F7D6CF68AC} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {CB1E2433-84A1-42FE-AE06-2BE2C33C5543} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-07-14] (AVG)
Task: {DCD9FD18-D5D5-46DC-9334-7A1A437D3098} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {DEF1B57B-E5CE-4801-8D9B-32B4E2664242} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {E9009AD7-5EC2-4ADA-ACFD-41BB62DE1F44} - System32\Tasks\Message Center plus => C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000.job => C:\Users\gismeu\AppData\Local\Citrix\GoToMeeting\2128\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2009-09-21 17:04 - 2009-09-21 17:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2008-08-25 05:02 - 2008-08-25 05:02 - 00027648 _____ () C:\Windows\System32\DELG1L6.DLL
2014-05-28 10:20 - 2011-02-28 17:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2012-09-28 21:59 - 2009-10-16 18:07 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll
2014-07-14 05:26 - 2014-07-14 05:26 - 00699704 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2014-07-14 05:26 - 2014-07-14 05:26 - 00407864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tuavga.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-05-14 11:45 - 2014-05-14 11:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2012-09-06 22:18 - 2012-09-06 22:18 - 00086016 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2014-12-09 10:00 - 2014-12-09 10:00 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: RapportMgmtService => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SUService => 3
MSCONFIG\Services: ThinkVantage Registry Monitor Service => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: TVT Backup Service => 3
MSCONFIG\Services: vToolbarUpdater18.1.9 => 2
MSCONFIG\startupfolder: C:^Users^gismeu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk.Startup
MSCONFIG\startupfolder: C:^Users^gismeu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: HP Officejet 4620 series (NET) => "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN35T3403D05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: Launch Backup Service Once => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe -start
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-4102688973-2130496443-4087980055-500 - Administrator - Disabled)
gismeu (S-1-5-21-4102688973-2130496443-4087980055-1000 - Administrator - Enabled) => C:\Users\gismeu
Guest (S-1-5-21-4102688973-2130496443-4087980055-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4102688973-2130496443-4087980055-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 08:52:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 03:00:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcSvc.exe, version: 5.9.7.95, time stamp: 0x50487c7e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e3be
Faulting process id: 0x10c8
Faulting application start time: 0xAcSvc.exe0
Faulting application path: AcSvc.exe1
Faulting module path: AcSvc.exe2
Report Id: AcSvc.exe3

Error: (01/18/2015 02:21:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 00:17:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 04:51:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 01:08:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 09:37:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 00:28:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcSvc.exe, version: 5.9.7.95, time stamp: 0x50487c7e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000326f1
Faulting process id: 0xe48
Faulting application start time: 0xAcSvc.exe0
Faulting application path: AcSvc.exe1
Faulting module path: AcSvc.exe2
Report Id: AcSvc.exe3

Error: (01/15/2015 10:44:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 07:56:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcSvc.exe, version: 5.9.7.95, time stamp: 0x50487c7e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000326f1
Faulting process id: 0xe6c
Faulting application start time: 0xAcSvc.exe0
Faulting application path: AcSvc.exe1
Faulting module path: AcSvc.exe2
Report Id: AcSvc.exe3


System errors:
=============
Error: (01/19/2015 09:11:02 AM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (01/19/2015 09:11:02 AM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (01/19/2015 09:10:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1070

Error: (01/19/2015 09:10:14 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Server service hung on starting.

Error: (01/19/2015 09:10:04 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/19/2015 09:07:58 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Server service hung on starting.

Error: (01/18/2015 03:48:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/18/2015 03:03:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AcSvc service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/18/2015 02:59:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioSrv service.

Error: (01/18/2015 02:39:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1070


Microsoft Office Sessions:
=========================
Error: (01/19/2015 08:52:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 03:00:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcSvc.exe5.9.7.9550487c7entdll.dll6.1.7601.18247521ea8e7c00000050002e3be10c801d03353ed3d7673C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exeC:\Windows\SysWOW64\ntdll.dllaa926725-9f4c-11e4-b714-e89a8f581443

Error: (01/18/2015 02:21:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 00:17:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 04:51:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 01:08:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 09:37:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 00:28:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcSvc.exe5.9.7.9550487c7entdll.dll6.1.7601.18247521ea8e7c0000005000326f1e4801d030da25b5ee34C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exeC:\Windows\SysWOW64\ntdll.dlle43f6723-9cdb-11e4-b660-e89a8f581443

Error: (01/15/2015 10:44:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 07:56:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcSvc.exe5.9.7.9550487c7entdll.dll6.1.7601.18247521ea8e7c0000005000326f1e6c01d0303081de9c96C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exeC:\Windows\SysWOW64\ntdll.dll5a12e872-9c51-11e4-b648-e89a8f581443


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6670 @ 2.20GHz
Percentage of memory in use: 68%
Total physical RAM: 1912.86 MB
Available physical RAM: 604.36 MB
Total Pagefile: 3825.72 MB
Available Pagefile: 2039.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:221.95 GB) (Free:152.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 6D47215F)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Computer works fine, very fine indeed!!!

 

Thanks heaps, Sven


  • 0

#24
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi Sven :)

 

 

Computer works fine, very fine indeed!!!

 

Great! :thumbsup: Very happy to hear that :D

 

There's a bit more remnants to remove,  but before I proceed there are a couple of things I'd like to advise you about that are on the computer, not necessary to have and will give you issues later if not sooner.

 

Obviously you can do what you wish, but it's my job to let you know:

 

First
There are some msconfig disabled items.  One of which is Vprot ~ AVG SafeGuard toolbar.  Known to be troublesome.  May you please re-enable it in Msconfig so that the toolbar can be removed completely. 

 

Second
About AVG PC TuneUp:

 See the information below about Registry Cleaning Tools. It may help you decide if you really want to keep AVG PC TuneUp. There are quite a few folks that came to the forum for help with borked computers after running it.  It's not safe.  It is not any part of  AVG AntiVirus itself. It just rides along with the install :(

Instructions have been included to uninstall it if you so choose:

 

Registry Cleaning Tools

GeeksToGo does not recommend the use of registry cleaners at all:
A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.  We strongly advise that people stay away from any of the registry cleaners out there.

 

Go HERE to get more information about why registry cleaners aren't needed.

 

Uninstall AVG PC TuneUp

 

1. Please click the Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

 

AVG PC TuneUp
AVG PC TuneUp Language Pack

 

NOTE: Uninstalling PC TuneUp may automatically uninstall the language pack. After you have uninstalled PC TuneUp if the language pack in still in the Programs list, click it and uninstall it.

 

3. Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

 

 

Third

When you return, please let me know if you:

 

1.  re-enabled Vprot ~ AVG SafeGuard toolbar in Msconfig
2.  successfully uninstalled AVG PC TuneUp or decided not to.

 

Thank you :)


  • 0

#25
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Hello TH,

 

re Vprot ~ AVG SafeGuard toolbar,

 

I went to msconfic and re-enabled it, but despite restarting the computer, it does not show up in

 

'Uninstall a Program', so not sure how to proceed further here!

 

I successfully uninstalled AVG PC Tune-up. There was no language package as far as I could see, however.

Even before uninstalling AVG PC Tune-up, I could not find it in the programs list.

 

Thanks very much, Sven


  • 0

Advertisements


#26
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi Sven :)

 

 

re Vprot ~ AVG SafeGuard toolbar,
I went to msconfic and re-enabled it, but despite restarting the computer, it does not show up in
'Uninstall a Program', so not sure how to proceed further here!

 

 

Nothing else to do.  It's been re-enabled, now the remnants can be removed.   :)

 

 

I successfully uninstalled AVG PC Tune-up. There was no language package as far as I could see, however.

 

 

Excellent and good to know, thank you! 

 

 

Thanks very much

 

 

You are very welcome :D

 

What I'm removing here are items that did not stay removed from the first fix and remnants of the two programs just removed.
I'd like a fresh FRST log afterward to check please :)

Step 1
FRST Fix

Download attached fixlist.txt file and save it to the Desktop. ~> Attached File  fixlist.txt   2.02KB   64 downloads

 

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Step 2
Fresh FRST Scan

 

Right click to run as administrator.  When the tool opens click Yes to disclaimer.

 

  • Make sure that Addition option is checked.
  • Press Scan button

  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.                                    

When you return, please post:

 

1.  Fixlog.txt
2.  FRST.txt and let me know if you have any further issues, please

 

Thank you :)

 

 


  • 0

#27
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Hello TH

 

here is the first log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by gismeu at 2015-01-23 13:10:36 Run:2
Running from C:\Users\gismeu\Desktop
Loaded Profiles: gismeu (Available profiles: gismeu & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
IFEO\pcdlauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> {7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9} URL =
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> {BB319545-1E2A-4CCE-B6B8-B88FFC6327EC} URL =
2013-07-02 09:58 - 2014-06-25 05:54 - 0003737 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2253112 2014-07-14] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-07-14] (AVG)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2014-07-14] (AVG)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
2015-01-14 18:55 - 2015-01-14 20:23 - 00087892 _____ () C:\Users\gismeu\F1.DAT
C:\Users\gismeu\F1.DAT
Task: {CB1E2433-84A1-42FE-AE06-2BE2C33C5543} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-07-14] (AVG)
C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
C:\Program Files (x86)\AVG\AVG PC TuneUp
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
EmptyTemp:
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns


*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe => No running process found
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe => No running process found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pcdlauncher.exe => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9}" => Key deleted successfully.
HKCR\CLSID\{7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9} => Key not found.
"HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB319545-1E2A-4CCE-B6B8-B88FFC6327EC}" => Key deleted successfully.
HKCR\CLSID\{BB319545-1E2A-4CCE-B6B8-B88FFC6327EC} => Key not found.
C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml => Moved successfully.
TuneUp.UtilitiesSvc => Service not found.
UxTuneUp => Service not found.
UxTuneUp => Service not found.
TuneUpUtilitiesDrv => Service not found.
C:\Users\gismeu\F1.DAT => Moved successfully.
"C:\Users\gismeu\F1.DAT" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB1E2433-84A1-42FE-AE06-2BE2C33C5543} => Key not found.
C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TuneUpUtilities_Task_BkGndMaintenance2013 => Key not found.
"C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013" => File/Directory not found.
"C:\Program Files (x86)\AVG\AVG PC TuneUp" => File/Directory not found.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 110.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:12:03 ====


  • 0

#28
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Here are FRST and Addition:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by gismeu (administrator) on GIAMEU on 23-01-2015 13:36:21
Running from C:\Users\gismeu\Desktop
Loaded Profiles: gismeu (Available profiles: gismeu & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
( ) C:\Windows\System32\lxducoms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_287.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_287.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft) C:\Program Files (x86)\Common Files\Lenovo\SUP\sup_wermonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63376 2012-09-07] (Lenovo)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {52d012e3-d5ad-11e1-b991-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851e3-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851ea-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a606-d4a6-11e1-a63d-e89a8f581443} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a654-d4a6-11e1-a63d-e89a8f581443} - F:\setup_vmb_lite.exe /checkApplicationPresence
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {BB319545-1E2A-4CCE-B6B8-B88FFC6327EC} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> {F50431DE-C870-49C9-B89B-3F6947D72D32} URL = http://search.yahoo....02,20028,0,85,0
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\gismeu\AppData\Roaming\Mozilla\Firefox\Profiles\apobfhff.default-1419554762374
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: @citrixonline.com/appdetectorplugin -> C:\Users\gismeu\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\gismeu\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Adblock Plus - C:\Users\gismeu\AppData\Roaming\Mozilla\Firefox\Profiles\apobfhff.default-1419554762374\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]

Chrome:
=======
CHR Profile: C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Google Docs) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-26]
CHR Extension: (Google Drive) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-24]
CHR Extension: (YouTube) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Google Search) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (Google Sheets) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Google Wallet) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-24]
CHR Extension: (Gmail) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2635552 2015-01-21] (IObit)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-05-07] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-05-07] (Alcatel-Lucent) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies)
S3 JMCR; C:\Windows\System32\DRIVERS\jmcr.sys [143320 2009-05-18] (JMicron Technology Corporation) [File not signed]
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80120.sys [845464 2015-01-14] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2014-12-22] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2014-12-22] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2014-12-22] (IBM Corp.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-01-01] ()
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 12:09 - 2015-01-23 12:09 - 00565252 _____ () C:\Users\gismeu\Downloads\10.mpg
2015-01-22 19:14 - 2015-01-22 19:14 - 03353776 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-21 19:46 - 2015-01-21 19:46 - 00000000 ____D () C:\Users\gismeu\AppData\Roaming\PCDr
2015-01-21 18:53 - 2015-01-21 18:53 - 00002888 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_gismeu
2015-01-21 18:53 - 2015-01-21 18:53 - 00000000 ____D () C:\Users\gismeu\AppData\Roaming\ProductData
2015-01-21 18:52 - 2015-01-21 18:53 - 00000000 ____D () C:\Users\gismeu\AppData\Roaming\IObit
2015-01-21 18:52 - 2015-01-21 18:53 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-21 18:52 - 2015-01-21 18:53 - 00000000 ____D () C:\ProgramData\IObit
2015-01-21 18:52 - 2015-01-21 18:53 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-21 18:52 - 2015-01-21 18:52 - 00001227 _____ () C:\Users\gismeu\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-01-21 18:52 - 2015-01-21 18:52 - 00001203 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-01-21 18:40 - 2015-01-21 18:41 - 15971616 _____ (IObit) C:\Users\gismeu\Downloads\iobituninstaller.exe
2015-01-19 09:52 - 2015-01-19 09:53 - 00031978 _____ () C:\Users\gismeu\Desktop\Addition.txt
2015-01-19 09:50 - 2015-01-23 13:41 - 00018600 _____ () C:\Users\gismeu\Desktop\FRST.txt
2015-01-19 09:49 - 2015-01-19 09:49 - 02126848 _____ (Farbar) C:\Users\gismeu\Desktop\FRST64.exe
2015-01-19 09:49 - 2015-01-19 09:49 - 00000000 ____D () C:\Users\gismeu\Desktop\FRST-OlderVersion
2015-01-17 13:18 - 2015-01-17 13:19 - 00852504 _____ () C:\Users\gismeu\Desktop\SecurityCheck.exe
2015-01-15 12:45 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 12:45 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 12:45 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 12:45 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 12:45 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 18:39 - 2015-01-14 18:39 - 00000796 _____ () C:\Users\gismeu\Desktop\ESET.txt
2015-01-14 16:49 - 2015-01-14 16:49 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-14 15:16 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:16 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 15:16 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 15:15 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 15:15 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 15:15 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 15:15 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 15:15 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 15:12 - 2015-01-14 15:12 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-14 14:37 - 2015-01-14 14:37 - 00000000 __SHD () C:\Users\gismeu\AppData\Local\EmieBrowserModeList
2015-01-14 14:23 - 2015-01-14 14:23 - 00448512 _____ (OldTimer Tools) C:\Users\gismeu\Desktop\TFC.exe
2015-01-12 17:20 - 2015-01-12 17:26 - 00000000 ____D () C:\Users\gismeu\Desktop\LINDA
2015-01-10 14:15 - 2015-01-10 14:15 - 00945937 _____ () C:\Users\gismeu\Downloads\TFTD_TF_sm_chunk_DH.wmv
2015-01-02 21:00 - 2015-01-02 21:00 - 00025988 _____ () C:\Users\gismeu\Desktop\AMEX Tax 2014.odt
2015-01-02 00:16 - 2015-01-02 00:16 - 00000000 ____D () C:\Windows\ERUNT
2015-01-01 23:42 - 2015-01-01 23:51 - 00000000 ____D () C:\AdwCleaner
2015-01-01 23:38 - 2015-01-01 23:38 - 02173952 _____ () C:\Users\gismeu\Desktop\adwcleaner_4.106.exe
2015-01-01 23:38 - 2015-01-01 23:38 - 01707939 _____ (Thisisu) C:\Users\gismeu\Desktop\JRT.exe
2015-01-01 23:23 - 2015-01-23 13:36 - 00000000 ____D () C:\FRST
2014-12-30 15:12 - 2014-12-30 15:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 15:11 - 2014-12-31 11:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-30 15:11 - 2014-12-30 15:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-29 10:47 - 2014-12-29 13:31 - 00000000 ____D () C:\Users\gismeu\Desktop\USA TAX 2
2014-12-29 07:42 - 2014-12-29 07:42 - 00007142 _____ () C:\Users\gismeu\Desktop\smile recent items.htm
2014-12-29 07:42 - 2014-12-29 07:42 - 00000000 ____D () C:\Users\gismeu\Desktop\smile recent items_files

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 13:39 - 2011-06-10 13:47 - 01913289 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 13:33 - 2014-02-20 12:30 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000.job
2015-01-23 13:18 - 2014-11-21 17:46 - 00000000 ____D () C:\ProgramData\MCShield
2015-01-23 13:17 - 2014-06-14 20:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-23 13:16 - 2014-02-20 23:09 - 00077426 _____ () C:\Windows\setupact.log
2015-01-23 13:16 - 2011-11-30 22:25 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-01-23 13:16 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 13:11 - 2011-07-28 23:47 - 00000000 ____D () C:\Users\gismeu
2015-01-23 13:10 - 2014-05-28 22:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-23 13:10 - 2012-03-27 06:02 - 00000000 ____D () C:\Users\gismeu\AppData\Local\CrashDumps
2015-01-23 13:05 - 2014-06-14 20:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 13:00 - 2011-11-30 22:25 - 00003490 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-01-23 13:00 - 2011-11-30 22:25 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2015-01-23 12:14 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-23 12:14 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-23 11:55 - 2013-07-02 09:47 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-22 22:26 - 2009-07-14 00:13 - 00868630 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-22 21:27 - 2011-07-29 14:03 - 00000000 ____D () C:\Users\gismeu\AppData\Roaming\Skype
2015-01-22 19:27 - 2014-06-14 20:39 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-22 19:15 - 2014-05-28 22:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-22 19:15 - 2014-05-28 22:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-22 19:15 - 2014-05-28 22:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 19:02 - 2012-10-12 12:00 - 00000106 _____ () C:\Users\gismeu\MASTER
2015-01-22 19:02 - 2012-09-28 23:48 - 00000384 _____ () C:\Users\gismeu\EMASTER
2015-01-22 15:10 - 2014-02-20 23:09 - 00358038 _____ () C:\Windows\PFRO.log
2015-01-22 15:10 - 2011-11-30 22:25 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-01-21 19:27 - 2011-11-30 22:25 - 00004230 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-01-21 19:27 - 2011-11-07 02:05 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-21 19:27 - 2011-06-10 14:12 - 00000000 ____D () C:\ProgramData\PCDr
2015-01-21 18:49 - 2014-12-09 10:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-20 14:16 - 2011-08-07 11:10 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-20 14:16 - 2011-07-29 14:02 - 00000000 ____D () C:\ProgramData\Skype
2015-01-19 22:20 - 2013-04-14 20:45 - 00000000 ____D () C:\Users\gismeu\.thinkorswim
2015-01-19 22:20 - 2011-07-29 00:31 - 00000000 ____D () C:\Program Files (x86)\thinkorswim
2015-01-19 19:14 - 2013-08-06 01:31 - 00000000 ____D () C:\Users\gismeu\Desktop\EMIN
2015-01-19 14:49 - 2014-02-20 12:30 - 00003592 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000
2015-01-14 21:18 - 2013-08-03 02:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:03 - 2011-07-30 12:05 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 19:08 - 2011-07-29 00:48 - 00000000 ____D () C:\Jts
2015-01-14 14:49 - 2013-08-01 01:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-01-13 13:59 - 2011-06-10 14:00 - 00000000 ____D () C:\swshare
2015-01-13 13:22 - 2013-12-17 11:02 - 00000000 ____D () C:\Users\gismeu\Desktop\GLOBAL SSN_files
2015-01-13 13:22 - 2013-11-12 18:56 - 00000000 ____D () C:\Users\gismeu\Desktop\OpenOffice 4.0.1 (en-US) Installation Files
2015-01-13 13:22 - 2013-01-30 13:21 - 00000000 ____D () C:\Users\DefaultAppPool
2015-01-13 13:22 - 2011-07-30 19:08 - 00000000 ____D () C:\Users\gismeu\Matrix
2015-01-13 13:22 - 2011-06-10 14:14 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2015-01-13 13:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-13 13:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-13 13:19 - 2013-12-21 10:13 - 00000000 ____D () C:\Users\gismeu\Desktop\Old Firefox Data
2015-01-13 13:18 - 2011-08-02 00:22 - 00000000 ____D () C:\Users\gismeu\AppData\Roaming\SoftGrid Client
2015-01-12 17:32 - 2014-06-11 07:20 - 00000000 ____D () C:\Users\gismeu\Desktop\GANN
2015-01-12 17:29 - 2012-08-17 11:06 - 00000000 ____D () C:\Users\gismeu\Desktop\USA TAX
2015-01-12 17:27 - 2013-08-28 15:09 - 00000000 ____D () C:\Users\gismeu\Desktop\MAYBE
2015-01-10 17:38 - 2013-11-01 07:46 - 00605257 _____ () C:\Users\gismeu\Desktop\AAA 2014.ods
2015-01-07 13:38 - 2012-10-15 08:25 - 00134656 ___SH () C:\Users\gismeu\Thumbs.db
2015-01-05 18:31 - 2012-07-24 04:14 - 00078493 _____ () C:\Users\gismeu\Desktop\FFO 2014.odt
2015-01-05 17:44 - 2011-07-30 03:16 - 00159680 _____ () C:\Users\gismeu\Desktop\REFERENCE 3-9-08 April 09.ods
2015-01-01 22:36 - 2014-09-14 07:13 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-12-31 11:31 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-31 11:30 - 2013-01-30 13:21 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-31 11:30 - 2013-01-30 13:21 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Trusteer
2014-12-31 11:27 - 2014-11-30 21:53 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-31 11:27 - 2011-08-02 00:27 - 00000000 __RHD () C:\MSOCache
2014-12-30 23:07 - 2013-07-02 09:47 - 00000000 ____D () C:\Users\gismeu\AppData\Local\Avg2013
2014-12-25 21:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-25 19:11 - 2009-07-14 00:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======
2011-08-04 13:21 - 2011-06-07 14:49 - 0004871 _____ () C:\Program Files (x86)\SLV 11.portfolio
2014-12-17 19:54 - 2014-12-17 19:54 - 0037607 _____ () C:\Program Files (x86)\Common Files\license.rtf
2014-12-17 19:54 - 2014-12-17 19:54 - 0008046 _____ () C:\Program Files (x86)\Common Files\setupBanner.jpg
2013-07-05 10:45 - 2013-07-07 19:50 - 0000960 _____ () C:\Users\gismeu\AppData\Roaming\.starmoon_kst.cfg
2013-02-12 08:56 - 2013-02-12 08:56 - 0007606 _____ () C:\Users\gismeu\AppData\Local\Resmon.ResmonCfg
2014-09-12 03:27 - 2014-09-12 03:27 - 0000000 _____ () C:\Users\gismeu\AppData\Local\{9A0E4B64-F871-4096-9115-58A4617EFA3B}
2013-09-05 13:30 - 2013-09-05 13:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-08-24 19:33 - 2013-08-24 19:33 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2012-09-27 20:35 - 2012-09-27 20:35 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-21 19:22

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by gismeu at 2015-01-23 13:42:47
Running from C:\Users\gismeu\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Anvil Studio (HKLM-x32\...\{B2D2B7EF-2D0F-4E54-97DE-ED1445501B52}) (Version: 14.02.03 - Willow Software)
Anvil Studio 2012 (HKLM-x32\...\{29DFE555-55E2-48EC-BB5B-64E4B277674F}) (Version: 12.09.02 - Willow Software)
Anvil Studio 2015 (HKLM-x32\...\{CB7212EA-21F9-4EF4-B289-9D69E28EE68D}) (Version: 15.01.11 - Willow Software)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4257 - AVG Technologies) Hidden
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.)
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DriverUpdate (HKLM-x32\...\{E2A3A216-9DFE-4EC1-AA69-162588FEF014}) (Version: 2.2.36929 - SlimWare Utilities, Inc.)
Gannalyst Professional 5.0 (HKLM-x32\...\Gannalyst Professional 5.0_is1) (Version:  - Gannalyst.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 6.4.10.2185 (HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\GoToMeeting) (Version: 6.4.10.2185 - CitrixOnline)
HQuote (HKLM-x32\...\HQuote) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.1 - IObit)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\{986AB50A-A527-4F6D-8E8B-87FC3F0C2DBA}) (Version: 3.6.0006 - Lenovo)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QTrader (HKLM-x32\...\{41E28620-030B-4961-B4F5-8FB8E690582B}) (Version: 15.7.802 - CQG)
Rapport (Version: 3.5.1205.12 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1404.61 - Trusteer) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
SE_Aspectarian v1.26 (HKLM-x32\...\SE_Aspectarian_is1) (Version:  - Allen Edwall/AstroWin)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic Icons for Lenovo (HKLM-x32\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StarFisher (HKLM-x32\...\{21C17FA8-28CA-4F00-80F1-1F96FACEC060}_is1) (Version: 0.8.5.4 - Tomas Kubec - OrionSoft)
thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.15 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.30 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.97 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.72 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.42 - Lenovo)
Timing Solution Demo Version (HKLM-x32\...\Timing Solution Demo Version) (Version:  - )
Trader Excel Add-In 3.3 (HKLM-x32\...\Trader Excel Add-In_is1) (Version:  - Open E Cry, LLC)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.61 - Trusteer)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Driver Package - Intel (iaStor) hdc  (01/15/2010 9.5.7.1002) (HKLM\...\C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6) (Version: 01/15/2010 9.5.7.1002 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wise Program Uninstaller 1.65 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.65 - WiseCleaner.com, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\gismeu\AppData\Local\Citrix\GoToMeeting\2031\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

02-01-2015 00:14:19 Installed Rapport
12-01-2015 19:36:10 Restore Point Created by FRST
12-01-2015 20:02:01 Installed Rapport
14-01-2015 14:48:13 Installed Rapport
14-01-2015 21:01:46 Windows Update
15-01-2015 12:48:38 Windows Update
21-01-2015 19:25:38 Removed AVG PC TuneUp 2014
21-01-2015 19:27:11 Removed AVG PC TuneUp 2014 (en-US)
23-01-2015 13:10:40 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01BD4E26-55E1-4F64-A5B7-7BE8CCC58C7F} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {147478B3-293E-46BF-B3BA-F0E4624189FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {19E4F08B-6F45-4DA3-AFDC-82EBC3FB5FC9} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {1C11B708-2EAC-4C4C-BEB7-12E972593D0F} - System32\Tasks\{461E9536-DC2A-4586-B52E-AD3DC3ACDDEE} => Firefox.exe http://ui.skype.com/...all?page=tsBing
Task: {1E5DA755-3AC4-4A80-AEDB-D66D899830A0} - System32\Tasks\{D48658BC-119B-4EE2-B4BC-3F743CE316F3} => Firefox.exe http://ui.skype.com/...?LastError=1603
Task: {2AAE27B3-8E01-4F5B-B1B3-539CC89318F3} - System32\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000 => C:\Users\gismeu\AppData\Local\Citrix\GoToMeeting\2185\g2mupdate.exe [2015-01-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {349D0914-E27A-40E7-91EA-E41AEEBF1514} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {41555BD1-F810-401A-9588-CEF2DB8C2C6D} - System32\Tasks\{3FCE6A68-FD74-4753-B886-321A23DBD7A6} => pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {464FB591-1A29-443F-A4A6-0B274ED07034} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {480EEA42-2AE7-40BD-9D0F-7BD98812C179} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {490B67E5-A0C6-4D4B-8CF7-9C7F7A9CDB53} - System32\Tasks\RunSmartLeapServiceCenter => C:\Users\gismeu\Downloads\ServiceCenter.exe
Task: {5BE35628-9A9E-4B25-A002-D4B0A6FD4E26} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {6283A799-2A08-42B1-8366-73F1C2ACECED} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {670BC3EA-8C7A-42B2-B6CF-C3908B9C662A} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-24] (Lenovo Group Limited)
Task: {695244D2-9FC2-4885-962A-B66039EF1556} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
Task: {6E860934-FD7A-4877-91B4-02C9A52ED227} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Task: {6FFD2AE0-FE74-41D7-A013-467AF8A55D12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {809CDCC8-01C7-48C5-A681-46F5668C3403} - System32\Tasks\Trader Workstation Update => C:\Jts\WiseUpdt.exe
Task: {9721A84D-BC35-41D5-92A1-329312F71F10} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9FB5B7AD-C22D-4BA1-9505-93776C4C9C54} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {A5169FF6-1BF6-4260-8019-B3B630965D19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-22] (Adobe Systems Incorporated)
Task: {A6B698F0-4533-4944-80CF-E465149EEA4A} - System32\Tasks\{340124C1-FB07-4F34-A3AE-B6C9FA5F6778} => pcalua.exe -a "C:\Program Files (x86)\MetaTrader 4\Uninstall.exe"
Task: {B06A406B-B5CB-4592-85A8-EB2CA4A89803} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {B76104BB-182B-45BB-AA97-F0F5A96544EA} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {BB937074-419E-4BFF-ADF5-99F7D6CF68AC} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {DCD9FD18-D5D5-46DC-9334-7A1A437D3098} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {DEF1B57B-E5CE-4801-8D9B-32B4E2664242} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {E9009AD7-5EC2-4ADA-ACFD-41BB62DE1F44} - System32\Tasks\Message Center plus => C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {EAD8C249-30C2-4330-ACF0-EA73FC4DE603} - System32\Tasks\Uninstaller_SkipUac_gismeu => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-21] (IObit)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000.job => C:\Users\gismeu\AppData\Local\Citrix\GoToMeeting\2185\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2009-09-21 17:04 - 2009-09-21 17:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-05-14 11:45 - 2014-05-14 11:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2012-09-06 22:18 - 2012-09-06 22:18 - 00086016 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2014-12-09 10:00 - 2014-12-09 10:00 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-22 19:15 - 2015-01-22 19:15 - 16844464 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: RapportMgmtService => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SUService => 3
MSCONFIG\Services: ThinkVantage Registry Monitor Service => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: TVT Backup Service => 3
MSCONFIG\Services: vToolbarUpdater18.1.9 => 2
MSCONFIG\startupfolder: C:^Users^gismeu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk.Startup
MSCONFIG\startupfolder: C:^Users^gismeu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: HP Officejet 4620 series (NET) => "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN35T3403D05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: Launch Backup Service Once => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe -start
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-4102688973-2130496443-4087980055-500 - Administrator - Disabled)
gismeu (S-1-5-21-4102688973-2130496443-4087980055-1000 - Administrator - Enabled) => C:\Users\gismeu
Guest (S-1-5-21-4102688973-2130496443-4087980055-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4102688973-2130496443-4087980055-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2015 01:17:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 01:10:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0c0bdbb7-01fc-4481-8930-0e813f9a2f58}

Error: (01/23/2015 01:10:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.5.5443, time stamp: 0x5475dd5d
Faulting module name: mozalloc.dll, version: 34.0.5.5443, time stamp: 0x5475d664
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1234
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/23/2015 01:01:13 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7028) Asapi: (13:01:13:5410)(7028) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (01/23/2015 01:01:05 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7028) Asapi: (13:01:05:8350)(7028) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>4D1635C2E15364B9</RequestId><HostId>W/baTE0kzHJ+VwhLWGwvL2rzQFudrIvnYEbL3gIyG4baiypU3NWZJofdHq6szQOpZYosVAeIDLg=</HostId></Error>

Error: (01/23/2015 00:54:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcSvc.exe, version: 5.9.7.95, time stamp: 0x50487c7e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000326f1
Faulting process id: 0xc78
Faulting application start time: 0xAcSvc.exe0
Faulting application path: AcSvc.exe1
Faulting module path: AcSvc.exe2
Report Id: AcSvc.exe3

Error: (01/23/2015 11:50:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 06:20:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 11:12:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcSvc.exe, version: 5.9.7.95, time stamp: 0x50487c7e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000326f1
Faulting process id: 0xe48
Faulting application start time: 0xAcSvc.exe0
Faulting application path: AcSvc.exe1
Faulting module path: AcSvc.exe2
Report Id: AcSvc.exe3

Error: (01/22/2015 10:22:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/23/2015 01:36:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1070

Error: (01/23/2015 01:36:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Server service hung on starting.

Error: (01/23/2015 01:35:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/23/2015 01:34:08 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (01/23/2015 01:34:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error:
%%1053

Error: (01/23/2015 01:33:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.

Error: (01/23/2015 01:33:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Server service hung on starting.

Error: (01/23/2015 01:15:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (01/23/2015 01:15:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (01/23/2015 01:15:15 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (01/23/2015 01:17:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 01:10:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0c0bdbb7-01fc-4481-8930-0e813f9a2f58}

Error: (01/23/2015 01:10:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425123401d037374824c97cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll21c251f1-a32b-11e4-b51b-e89a8f581443

Error: (01/23/2015 01:01:13 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7028) Asapi: (13:01:13:5410)(7028) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (01/23/2015 01:01:05 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7028) Asapi: (13:01:05:8350)(7028) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>4D1635C2E15364B9</RequestId><HostId>W/baTE0kzHJ+VwhLWGwvL2rzQFudrIvnYEbL3gIyG4baiypU3NWZJofdHq6szQOpZYosVAeIDLg=</HostId></Error>

Error: (01/23/2015 00:54:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcSvc.exe5.9.7.9550487c7entdll.dll6.1.7601.18247521ea8e7c0000005000326f1c7801d0372cadb18f34C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exeC:\Windows\SysWOW64\ntdll.dlle7a31358-a328-11e4-b51b-e89a8f581443

Error: (01/23/2015 11:50:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 06:20:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 11:12:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcSvc.exe5.9.7.9550487c7entdll.dll6.1.7601.18247521ea8e7c0000005000326f1e4801d036bbbfcb2bd4C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exeC:\Windows\SysWOW64\ntdll.dll04718fbc-a2b6-11e4-a11c-e89a8f581443

Error: (01/22/2015 10:22:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6670 @ 2.20GHz
Percentage of memory in use: 64%
Total physical RAM: 1912.86 MB
Available physical RAM: 671.02 MB
Total Pagefile: 3825.72 MB
Available Pagefile: 1887.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:221.95 GB) (Free:152.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 6D47215F)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Thanks Sven


  • 0

#29
SvenT

SvenT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

oh, and no issues with the computer.

 

Thanks Sven


  • 0

#30
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hello Sven :)

 

oh, and no issues with the computer.

 

 

Great!  Excellent work on your part :yes:

 

Congratulations!  Your logs look clean! :thumbsup:

I noticed you've installed iobit.  Keep an eye on it. It's had a tendancy to make trouble in the past.  Personnally?  I like Malwarebytes way better. That is up to you.

 

We need to remove the tools we've used during the cleaning of your machine.  All the tools, logs and Delfix itself will be removed. 
 If you ever get infected again, a helper will use fresh tools as they are constantly being updated.

 

Delfix
 

 

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg

     

     

  • Click Run

 

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

 

Thank you :)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP