Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multiple viruses

base device uninstall malware virus offline printer lenovo thinkpad

  • Please log in to reply

#1
tink03

tink03

    Member

  • Member
  • PipPip
  • 16 posts

Hi,

 

I have a Lenovo ThinkPad T520 that runs Windows 7 64 bit Service Pack 1. This computer was given to me by a friend after my ex stole mine, so I'm not sure how long it has been infected.

 

Here are some of the problems I've seen: Devices & Printers shows my computer as Base System Device, with type listed as Other Devices. It will not allow me to update the drivers and says Windows could not find driver software for your device. When I try updating through Lenovo, I get the error "Exception Not Expected". I have tried several times to delete 3 printers off of Devices & Printers and they keep coming back. When I try uninstalling programs, the computer freezes, printer always shows as offline, and there are multiple Application Data folders in "All Users" and no matter how many times I've taken ownership, it automatically changes back to the folder and file permissions it had before.

 

The computer is a hot mess and I need it for work. I've tried Malwarebytes and am running Avira, but they keep getting disabled. I've run sfc\scannow, chkdsk, etc. and they can't fix it. Can someone please help me?

 

Thanks,

 

Kelly

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Administrator (administrator) on MA0001 on 07-07-2015 11:51:02
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Browser Safety\ABSIE_BG.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2011-02-28] (Lenovo Group Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [TpShocks] => C:\Windows\SYSTEM32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SpeetItUpFree] => "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
HKLM-x32\...\Run: [SMessaging] => C:\Users\Matt Fenby\AppData\Local\Strongvault Online Backup\SMessaging.exe
HKLM-x32\...\Run: [RegTask] => C:\Program Files (x86)\RegTask\RegTask.exe
HKLM-x32\...\Run: [IMSS] => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
HKLM-x32\...\Run: [(default)] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect"
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-06-26]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2117517907-3340486329-3977940743-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENP&bmod=LENP
HKU\S-1-5-21-2117517907-3340486329-3977940743-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2117517907-3340486329-3977940743-500 -> DefaultScope {D397887C-8386-47FF-B6B8-2B93834437C8} URL = https://search.yahoo...rtPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-2117517907-3340486329-3977940743-500 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7LENP
SearchScopes: HKU\S-1-5-21-2117517907-3340486329-3977940743-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2117517907-3340486329-3977940743-500 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.c...fr&d=2015-07-04 23:07:32&v=18.5.0.909&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2117517907-3340486329-3977940743-500 -> {D397887C-8386-47FF-B6B8-2B93834437C8} URL = https://search.yahoo...rtPage?}&fr=ie8
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-04-10] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-29] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Fast Free Converter 4.1 -> {9CB6EBC2-8B90-411E-83D2-C98D377DE661} -> C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-04-10] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-29] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-04-10] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-04-10] (Google Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll No File
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E99DCA36-A5BE-4DC3-8CBF-9324CA2D5620}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\Y8WR069i.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\Y8WR069i.default\Extensions\[email protected] [2015-07-02]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gapaljgenmgcbkfoclinmbpfjlbegfph] - C:\Users\Matt Fenby\AppData\Local\CRE\gapaljgenmgcbkfoclinmbpfjlbegfph.crx [2013-10-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827184 2015-06-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1188360 2015-06-16] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.)
R2 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-12-14] (Lenovo Group Limited) [File not signed]
S4 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [X]
S4 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [X]
S2 vToolbarUpdater18.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-08-01] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 C771BUS; C:\Windows\System32\DRIVERS\C771BUS.sys [71752 2010-08-26] (DEVGURU Co., LTD.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-10-26] ()
S2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [101888 2011-05-25] (REDC) [File not signed]
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S4 AVGIDSDriver; system32\DRIVERS\avgidsdrivera.sys [X]
S4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
S4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
S4 Avgtdia; system32\DRIVERS\avgtdia.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-07 11:49 - 2015-07-07 11:49 - 02112512 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-07-07 10:15 - 2015-07-07 10:15 - 00003408 ____N C:\bootsqm.dat
2015-07-05 23:06 - 2015-07-05 23:06 - 00041912 _____ C:\Users\Administrator\AppData\Local\recently-used.xbel
2015-07-04 23:07 - 2015-07-05 03:07 - 00000000 ____D C:\Users\Administrator\AppData\Local\AVG Secure Search
2015-07-04 23:06 - 2015-07-04 23:06 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TuneUp Software
2015-07-04 23:06 - 2015-07-04 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-04 23:04 - 2015-07-04 23:04 - 00001778 _____ C:\Windows\DPINST.LOG
2015-07-04 20:23 - 2015-07-07 11:51 - 00018594 _____ C:\Users\Administrator\Desktop\FRST.txt
2015-07-04 19:30 - 2015-07-04 19:30 - 00000000 ____D C:\Users\Administrator\AppData\Local\HP
2015-07-04 17:18 - 2015-07-04 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel
2015-07-04 17:17 - 2015-07-06 19:51 - 00000000 ____D C:\ProgramData\Corel
2015-07-04 16:42 - 2015-07-04 16:50 - 00000000 ____D C:\Users\Administrator\Desktop\AccessEnum
2015-07-04 16:42 - 2015-07-04 16:42 - 00051139 _____ C:\Users\Administrator\Desktop\AccessEnum.zip
2015-07-04 16:24 - 2015-07-04 16:24 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2015-07-04 16:05 - 2015-07-04 16:05 - 00000483 _____ C:\Users\Administrator\Desktop\reset.cmd
2015-07-04 16:02 - 2015-07-04 16:02 - 00379392 _____ C:\Users\Administrator\Desktop\subinacl.msi
2015-07-03 23:49 - 2015-07-03 23:49 - 00000000 ___SD C:\32788R22FWJFW
2015-07-03 23:49 - 2015-07-03 23:49 - 00000000 ____D C:\Windows\erdnt
2015-07-03 23:49 - 2015-07-03 23:49 - 00000000 ____D C:\Qoobox
2015-07-03 23:33 - 2015-07-03 23:36 - 00000000 ____D C:\AdwCleaner
2015-07-03 23:02 - 2015-07-03 23:02 - 00973485 _____ C:\Users\Administrator\Documents\CBS.log
2015-07-03 23:02 - 2015-07-03 23:02 - 00067689 _____ C:\Users\Administrator\Documents\FRST.txt
2015-07-03 22:54 - 2015-07-04 22:26 - 00040968 _____ C:\Users\Administrator\Desktop\Addition.txt
2015-07-03 22:47 - 2015-07-02 12:47 - 149537949 _____ C:\Users\Administrator\Documents\CbsPersist_20150704000011.log
2015-07-03 21:52 - 2015-07-03 21:52 - 00000000 ____D C:\Users\Administrator\AppData\Local\MFAData
2015-07-02 11:53 - 2015-07-02 11:53 - 00003432 _____ C:\Windows\System32\Tasks\Avira Browser Safety Updater Task
2015-07-02 11:52 - 2015-07-02 11:52 - 00001210 _____ C:\Users\Administrator\Desktop\Any Video Converter.lnk
2015-07-02 11:52 - 2015-07-02 11:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2015-07-02 11:52 - 2015-07-02 11:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Avira
2015-07-02 11:52 - 2015-07-02 11:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Anvsoft
2015-07-02 11:52 - 2015-07-02 11:52 - 00000000 ____D C:\Program Files (x86)\Anvsoft
2015-07-02 11:51 - 2015-06-16 09:36 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-07-02 11:51 - 2015-06-16 09:36 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-02 11:51 - 2015-06-16 09:36 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-07-02 11:51 - 2015-06-16 09:36 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-07-02 11:36 - 2015-07-02 11:53 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-02 11:36 - 2015-07-02 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-02 11:36 - 2015-07-02 11:50 - 00000000 ____D C:\ProgramData\Avira
2015-07-02 11:36 - 2015-07-02 11:36 - 00001199 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-02 11:36 - 2015-07-02 11:36 - 00001199 _____ C:\ProgramData\Desktop\Avira.lnk
2015-07-02 11:36 - 2015-07-02 11:36 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-02 11:09 - 2015-07-02 11:09 - 00002002 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2015-07-02 11:09 - 2015-07-02 11:09 - 00002002 _____ C:\ProgramData\Desktop\HP Photo Creations.lnk
2015-07-02 11:09 - 2015-07-02 11:09 - 00000000 ____D C:\ProgramData\Visan
2015-07-02 11:09 - 2015-07-02 11:09 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-07-02 11:09 - 2015-07-02 11:09 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2015-07-02 11:05 - 2015-07-02 11:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HpUpdate
2015-07-01 20:26 - 2015-07-01 20:26 - 00001097 _____ C:\Users\Administrator\Desktop\Lenovo - Shortcut.lnk
2015-06-30 19:33 - 2015-06-30 19:33 - 00014009 _____ C:\Users\Administrator\Documents\firewall rules.txt
2015-06-30 13:22 - 2015-07-04 18:25 - 00099288 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-29 16:55 - 2015-06-29 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage
2015-06-29 16:07 - 2015-06-29 16:07 - 00000000 ____D C:\Windows\Sun
2015-06-29 16:06 - 2015-06-29 16:07 - 00000000 ____D C:\ProgramData\Oracle
2015-06-29 16:06 - 2015-06-29 16:06 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-29 16:06 - 2015-06-29 16:06 - 00000000 ____D C:\ProgramData\Sun
2015-06-29 16:06 - 2015-06-29 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-29 16:06 - 2015-06-29 16:06 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-29 15:32 - 2015-07-05 23:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\gtk-2.0
2015-06-29 15:32 - 2015-06-30 14:30 - 00000000 ____D C:\Users\Administrator\.thumbnails
2015-06-29 15:31 - 2015-07-05 23:07 - 00000000 ____D C:\Users\Administrator\.gimp-2.8
2015-06-29 15:31 - 2015-07-03 13:01 - 00001115 _____ C:\Users\Public\Desktop\GIMP 2.lnk
2015-06-29 15:31 - 2015-07-03 13:01 - 00001115 _____ C:\ProgramData\Desktop\GIMP 2.lnk
2015-06-29 15:31 - 2015-06-29 15:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\gegl-0.2
2015-06-29 12:13 - 2015-06-29 15:31 - 00000905 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-06-29 12:12 - 2015-06-29 12:13 - 00000000 ____D C:\Program Files\GIMP 2
2015-06-29 12:07 - 2015-06-29 12:11 - 91931728 _____ (The GIMP Team ) C:\Users\Administrator\Desktop\gimp-2.8.14-setup-1.exe
2015-06-29 00:25 - 2015-07-01 12:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2015-06-29 00:07 - 2015-06-29 00:07 - 00000000 ____D C:\Users\Administrator\AppData\Local\GWX
2015-06-28 23:48 - 2015-06-28 23:48 - 00001316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-06-28 23:48 - 2015-06-28 23:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-06-28 23:48 - 2015-06-28 23:48 - 00000000 ____D C:\Windows\en
2015-06-28 23:47 - 2015-06-28 23:47 - 00001385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-06-28 23:46 - 2015-06-28 23:46 - 00000000 ____D C:\Program Files\Windows Live
2015-06-28 23:45 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-06-28 23:45 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-06-28 23:45 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-06-28 23:45 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-06-28 23:45 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-06-28 23:45 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-06-28 23:45 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-06-28 23:45 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-06-28 23:44 - 2015-06-28 23:44 - 00002208 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-06-28 23:44 - 2015-06-28 23:44 - 00002111 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-06-28 23:44 - 2015-06-28 23:44 - 00002111 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-06-28 23:44 - 2015-06-28 23:44 - 00000383 _____ C:\Windows\DirectX.log
2015-06-28 23:44 - 2015-06-28 23:44 - 00000000 ___RD C:\Users\Administrator\OneDrive
2015-06-28 23:44 - 2015-06-28 23:44 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-06-28 23:44 - 2015-06-28 23:44 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2015-06-28 23:42 - 2015-07-05 22:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\Windows Live
2015-06-26 23:29 - 2015-07-01 11:28 - 00000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-06-26 22:22 - 2015-06-26 22:23 - 00000000 ____D C:\Windows\pss
2015-06-26 20:29 - 2015-06-26 20:29 - 00000000 ____D C:\Windows\CheckSur
2015-06-26 19:40 - 2015-06-30 16:56 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PwrMgr
2015-06-26 19:36 - 2015-06-26 19:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2015-06-26 19:35 - 2015-06-26 19:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2015-06-26 19:04 - 2015-07-05 13:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2015-06-26 19:04 - 2015-06-30 13:22 - 00001062 __RSH C:\Users\Administrator\ntuser.pol
2015-06-26 19:04 - 2015-06-30 13:22 - 00000000 ____D C:\Users\Administrator
2015-06-26 19:04 - 2015-06-26 19:04 - 00001424 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-26 19:04 - 2015-06-26 19:04 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2015-06-26 19:04 - 2015-06-26 19:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG2013
2015-06-26 19:04 - 2015-06-26 19:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Lenovo
2015-06-26 19:04 - 2015-06-26 19:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2013
2015-06-26 19:04 - 2011-11-15 11:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2015-06-26 19:04 - 2011-11-09 17:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2015-06-26 19:04 - 2009-07-14 00:54 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-26 19:04 - 2009-07-14 00:49 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-26 17:43 - 2004-06-11 15:33 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2015-06-26 17:28 - 2015-06-26 17:28 - 00000489 _____ C:\Users\Matt Fenby\Documents\reset.cmd
2015-06-26 15:08 - 2015-06-26 15:07 - 00000622 _____ C:\Users\Matt Fenby\Desktop\TakeOwnership.zip
2015-06-26 13:20 - 2015-06-26 13:22 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-26 13:19 - 2015-06-26 13:19 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-06-26 13:19 - 2015-06-26 13:19 - 00002058 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-06-26 13:19 - 2015-06-26 13:19 - 00002058 _____ C:\ProgramData\Desktop\Acrobat Reader DC.lnk
2015-06-26 13:18 - 2015-06-26 13:18 - 00000000 ____D C:\Users\Matt Fenby\AppData\Local\Apps\2.0
2015-06-26 03:14 - 2015-06-26 03:14 - 00131312 _____ (Lenovo.) C:\Windows\system32\ibmpmsvc.exe
2015-06-26 03:14 - 2015-06-26 03:14 - 00081136 _____ (Lenovo.) C:\Windows\system32\ibmpmctl.exe
2015-06-26 03:14 - 2015-06-26 03:14 - 00072400 _____ (Lenovo.) C:\Windows\system32\Drivers\ibmpmdrv.sys
2015-06-26 03:14 - 2015-06-26 03:14 - 00050928 _____ (Lenovo.) C:\Windows\system32\tpinspm.dll
2015-06-25 14:15 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-06-25 14:15 - 2015-05-08 23:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-25 14:15 - 2015-05-08 23:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-25 14:15 - 2015-05-08 23:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-25 14:15 - 2015-05-08 23:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-25 14:15 - 2015-05-08 23:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-25 14:15 - 2015-05-08 23:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-25 14:15 - 2015-05-08 23:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-25 14:15 - 2015-05-08 23:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-25 14:15 - 2015-05-08 23:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-25 14:15 - 2015-05-08 23:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-25 14:15 - 2015-05-08 23:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-25 14:15 - 2015-05-08 23:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-25 14:15 - 2015-05-08 23:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-25 14:15 - 2015-05-08 23:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-25 14:15 - 2015-05-08 23:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-25 14:15 - 2015-05-08 23:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-25 14:15 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-25 14:15 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-25 14:15 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-25 14:15 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-25 14:15 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-06-25 14:15 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-06-25 14:15 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-06-25 14:15 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-06-25 14:15 - 2015-03-13 23:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-25 14:15 - 2015-03-13 23:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-06-25 14:15 - 2015-03-13 23:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-06-25 14:15 - 2015-03-13 23:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-06-25 12:18 - 2015-06-25 12:18 - 00002223 _____ C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
2015-06-25 12:18 - 2015-06-25 12:18 - 00002223 _____ C:\ProgramData\Desktop\HP Deskjet 2540 series.lnk
2015-06-25 12:18 - 2015-06-25 12:18 - 00001170 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk
2015-06-25 12:18 - 2015-06-25 12:18 - 00001170 _____ C:\ProgramData\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk
2015-06-25 12:18 - 2015-06-25 12:18 - 00000000 ____D C:\ProgramData\HP
2015-06-25 12:18 - 2015-06-25 12:18 - 00000000 ____D C:\Program Files\HP
2015-06-25 12:18 - 2015-06-25 12:18 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-06-25 12:18 - 2013-08-13 13:42 - 00762400 _____ (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC211.dll
2015-06-25 12:13 - 2015-06-25 12:13 - 00000000 ____D C:\Users\Matt Fenby\AppData\Local\HP
2015-06-25 11:34 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-25 11:34 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-25 11:34 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-25 11:34 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-25 11:34 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-25 11:34 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-25 11:34 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-25 11:34 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-25 11:34 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-25 11:34 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-25 11:34 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-25 11:34 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-25 11:34 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-25 11:34 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-25 11:34 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-25 11:34 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-25 11:34 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-25 11:34 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-25 11:34 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-25 11:34 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-25 11:34 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-25 11:34 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-25 11:34 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-25 11:34 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-25 11:34 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-25 11:34 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-25 11:34 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-25 11:34 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-25 11:34 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-25 11:34 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-25 11:34 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-25 11:34 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-25 11:34 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-25 11:34 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-25 11:34 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-25 11:34 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-25 11:34 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-25 11:34 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-25 11:34 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-25 11:34 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-25 11:34 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-25 11:34 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-25 11:34 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-25 11:34 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-25 11:34 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-25 11:34 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-25 11:34 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-25 11:34 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-25 11:34 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-25 11:34 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-25 11:34 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-25 11:34 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-25 11:34 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-25 11:34 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-25 11:34 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-25 11:34 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-25 11:34 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-25 11:34 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-25 11:33 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-25 11:33 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-25 11:31 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-25 11:31 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-25 11:31 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-25 11:31 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-25 11:31 - 2015-05-25 14:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-25 11:31 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-25 11:31 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-25 11:31 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-25 11:31 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-25 11:31 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-25 11:31 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-25 11:31 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-25 11:31 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-25 11:31 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-25 11:31 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-25 11:31 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-25 11:31 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-25 11:31 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-25 11:31 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-25 11:31 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-25 11:31 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-25 11:31 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-25 11:31 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-25 11:31 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-25 11:31 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-25 11:31 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-25 11:31 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-25 11:31 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-25 11:31 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-25 11:30 - 2015-05-25 14:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-25 11:30 - 2015-05-25 14:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-25 11:30 - 2015-05-25 14:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-25 11:30 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-25 11:30 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-25 11:30 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-25 11:30 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-25 11:30 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-25 11:30 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-25 11:30 - 2015-05-25 14:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-25 11:30 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-25 11:30 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-25 11:30 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-25 11:30 - 2015-05-25 14:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-25 11:30 - 2015-05-25 14:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-25 11:30 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-25 11:30 - 2015-05-25 14:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-25 11:30 - 2015-05-25 14:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-25 11:30 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-25 11:30 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-25 11:30 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-25 11:30 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-25 11:30 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-25 11:30 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-25 11:30 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-25 11:30 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-25 11:30 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-25 11:30 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-25 11:30 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-25 11:30 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-25 11:30 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-25 11:30 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-25 11:30 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-25 11:30 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-25 11:30 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-25 11:30 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-25 11:30 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-25 11:30 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-25 11:30 - 2015-05-25 13:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-25 11:30 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-25 11:30 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-25 11:30 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-25 11:30 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-25 11:30 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-25 11:30 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-25 11:30 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-25 11:30 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-25 11:30 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-25 11:30 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-07 11:51 - 2015-04-14 17:35 - 00000000 ____D C:\FRST
2015-07-07 11:48 - 2011-10-26 07:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-07 11:25 - 2012-04-04 10:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-07 10:31 - 2009-07-14 00:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-07 10:31 - 2009-07-14 00:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-07 10:24 - 2013-02-08 10:00 - 01095991 _____ C:\Windows\WindowsUpdate.log
2015-07-07 10:21 - 2011-10-26 07:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-07 10:21 - 2011-10-26 06:38 - 00000000 ____D C:\ProgramData\Lenovo
2015-07-07 10:16 - 2013-03-08 13:50 - 00059010 _____ C:\Windows\setupact.log
2015-07-07 10:16 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-06 20:16 - 2011-10-26 07:21 - 00000000 ____D C:\ProgramData\Google
2015-07-06 15:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-05 13:44 - 2011-10-26 07:01 - 00000000 ____D C:\Program Files\Lenovo
2015-07-04 23:03 - 2012-09-12 11:50 - 00000000 ____D C:\Windows\system32\appmgmt
2015-07-04 22:30 - 2009-07-14 00:45 - 00366792 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-04 17:17 - 2011-10-26 07:13 - 00000000 ____D C:\Program Files (x86)\Corel
2015-07-02 22:11 - 2009-07-13 23:20 - 00000000 ___RD C:\Users\Public\Libraries
2015-07-02 21:58 - 2012-04-18 08:58 - 00000000 ____D C:\Users\Matt Fenby\Documents\RFQ
2015-07-02 21:00 - 2012-04-11 08:51 - 00000354 _____ C:\Windows\Tasks\RegTask.job
2015-07-02 11:59 - 2014-06-13 16:34 - 00000000 ____D C:\Program Files\pcmax
2015-07-02 11:59 - 2013-06-06 20:34 - 01243638 _____ C:\Windows\PFRO.log
2015-07-02 11:09 - 2012-02-03 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-07-01 12:17 - 2012-04-04 10:08 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-01 12:17 - 2012-04-04 10:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-01 12:17 - 2012-01-09 09:34 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-30 19:57 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-29 21:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-06-29 16:55 - 2011-10-26 07:06 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-06-29 16:55 - 2011-10-26 07:05 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-06-28 23:47 - 2011-10-26 07:23 - 00002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-06-28 23:47 - 2011-10-26 07:23 - 00001469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-06-28 23:46 - 2011-10-26 07:23 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-06-28 23:46 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-06-27 08:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-06-26 23:38 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-26 19:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-26 19:23 - 2012-09-12 10:32 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-26 15:28 - 2012-09-12 10:04 - 00000000 ____D C:\ProgramData\Yahoo!
2015-06-26 13:21 - 2011-11-09 12:34 - 00000000 ____D C:\Users\Matt Fenby\AppData\Local\Adobe
2015-06-26 13:19 - 2011-10-26 07:14 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-26 12:32 - 2013-07-06 01:23 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{780486D0-5390-487E-99A7-64E396549425}
2015-06-26 11:30 - 2015-04-13 15:56 - 00000000 __SHD C:\Users\Matt Fenby\AppData\Local\EmieUserList
2015-06-26 11:30 - 2015-04-13 15:56 - 00000000 __SHD C:\Users\Matt Fenby\AppData\Local\EmieSiteList
2015-06-26 11:30 - 2015-04-13 15:56 - 00000000 __SHD C:\Users\Matt Fenby\AppData\Local\EmieBrowserModeList
2015-06-26 03:32 - 2015-04-17 03:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-26 03:32 - 2015-04-17 03:30 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-26 03:15 - 2015-04-14 12:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-26 03:13 - 2013-07-14 10:00 - 00000000 ____D C:\Windows\system32\MRT
2015-06-26 03:09 - 2011-11-12 09:14 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-25 19:59 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-25 14:43 - 2011-11-04 17:50 - 00000000 ____D C:\Users\Matt Fenby
2015-06-25 13:03 - 2015-04-14 13:58 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-25 13:03 - 2015-04-14 13:58 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-25 13:03 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-25 13:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-25 12:18 - 2012-02-03 13:18 - 00000000 ____D C:\Program Files (x86)\HP

==================== Files in the root of some directories =======

2015-07-05 23:06 - 2015-07-05 23:06 - 0041912 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\oi_{5A659A8C-582B-4E92-AA6B-132ACA8C1778}.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
C:\Users\Administrator\AppData\Local\Temp\YSPCUNLR.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-25 19:54

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Administrator at 2015-07-07 11:51:50
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2117517907-3340486329-3977940743-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2117517907-3340486329-3977940743-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2117517907-3340486329-3977940743-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
7400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Any Video Converter 5.8.1 (HKLM-x32\...\Any Video Converter) (Version: 5.8.1 - Anvsoft)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3392 - AVG Technologies)
AVG 2013 (Version: 13.0.3211 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3392 - AVG Technologies) Hidden
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
C771 USB Driver V1.0.11.0 (HKLM-x32\...\{FC8BC9C6-7A6F-475E-848B-3FC3CA0BFE19}) (Version: 1.0.11.0 - CASIO)
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.392 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
EASY-MARK (HKLM-x32\...\{B2769DC3-649A-43E7-BF73-9CACFBA4AAB1}) (Version: 3.7.10 - Panduit, Corp.)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version:  - FlashPlayerPro.com)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{D5510D28-D0E4-433E-A0F3-EE3FCECA60D2}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 6520 series Product Improvement Study (HKLM\...\{F144E07C-4019-4092-BE25-B57819C97D2F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2117517907-3340486329-3977940743-500\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.65.1 - Lenovo Group Limited)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.10 - Lenovo)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0042 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.01 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.06 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows Driver Package - Intel (MEIx64) System  (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)
Windows Driver Package - Intel USB  (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) (HKLM\...\5DF942712DC7660AE4A1B04809A1C3F67B0CA27C) (Version: 03/24/2011 15.2.19.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2117517907-3340486329-3977940743-500_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2117517907-3340486329-3977940743-500_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2117517907-3340486329-3977940743-500_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2117517907-3340486329-3977940743-500_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2117517907-3340486329-3977940743-500_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

01-07-2015 11:29:40 Windows Update
02-07-2015 03:00:22 Windows Update
03-07-2015 03:00:23 Windows Update
03-07-2015 23:11:20 Windows Update
04-07-2015 03:00:31 Windows Update
04-07-2015 09:29:55 Restore Operation
04-07-2015 16:00:53 independence day
04-07-2015 17:15:41 Removed Corel WinDVD.
04-07-2015 23:05:52 Removed AVG 2013
05-07-2015 03:00:20 Windows Update
06-07-2015 03:00:17 Windows Update
07-07-2015 10:20:02 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18385DE7-A3D5-4034-AF49-208E5EA75464} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
Task: {18C24ED5-CEAF-4B41-8324-81C2109C0730} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {21F2809A-684B-4664-BC3B-1C437A379D06} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {3C55B58C-4902-48E5-A916-B95D0113FA3E} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {4046EAAE-A70B-45DE-8E91-8BE8F48BB419} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {4C17361D-253A-4E2A-9901-42260F5454C3} - System32\Tasks\RegTask => C:\Program Files (x86)\RegTask\RegTask.exe
Task: {60ABC361-3C84-42F0-8FFD-DE34E2B4E3C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
Task: {6364E397-4A10-4FB7-8DE4-4CF48DD0AD4E} - System32\Tasks\{C57C6DAD-6719-4141-84DA-321C922E91D8} => pcalua.exe -a D:\EMC.exe -d D:\
Task: {6EE9862D-BFC0-4FA1-A329-B9EAD160BE8A} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {88760D6B-88E1-4FD0-963D-73E04D39894A} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe
Task: {8E9916BE-92EF-4B64-9239-D23F2D686E9C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-01] (Adobe Systems Incorporated)
Task: {8EF745A6-C3F1-48BA-9439-FBF9569B0907} - System32\Tasks\4805 => Wscript.exe C:\Users\MATTFE~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {9604645E-B7B4-49F9-B520-8B1CABE832AB} - System32\Tasks\{A77A1838-6852-41C8-A837-1E43C013F25A} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{FE041B02-234C-4AAA-9511-80DF6482A458}\setup.exe" -c -runfromtemp -l0x0009 anything -removeonly
Task: {C04E0E2A-78C3-41C9-81E5-722B4926EE66} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe
Task: {C1B3E418-3ECA-404C-AD94-62B5EC2A868A} - System32\Tasks\{5AF4A14A-DFD7-4C95-9652-067033A5D5AE} => pcalua.exe -a C:\6c114f4e1a8b017494b895799b\SetupUtility.exe -d C:\6c114f4e1a8b017494b895799b
Task: {CC5A30F3-7AE3-4B51-B25D-F4474CB54360} - System32\Tasks\{7E4F1E25-A752-4C7A-A747-540D650DB0AA} => pcalua.exe -a "C:\Users\Matt Fenby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLXWTCX1\converter.exe" -d "C:\Users\Matt Fenby\Desktop"
Task: {CD686DE5-3757-4410-92E2-39E7D5F1350A} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {D79DAA97-E177-4997-A8AC-8AF36A815217} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {E12DBA60-974D-4CD4-8228-627A1A5BF696} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-20] (Lenovo Group Limited)
Task: {EF40044D-3D23-4148-B12A-2F5871DDCC94} - System32\Tasks\{AA57595C-F610-459F-84A7-44A3506BB52E} => pcalua.exe -a "C:\Program Files (x86)\YTDownloader\YTDUninstall.exe"
Task: {FA0F3775-BAD4-4AFE-9A48-4E7FF6342FDA} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegTask.job => C:\Program Files (x86)\RegTask\RegTask.exe-shed C:\Program Files (x86)\RegTask\RegTask.exe

==================== Loaded Modules (Whitelisted) ==============

2011-10-26 07:12 - 2014-03-20 06:05 - 00104960 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2011-10-26 07:10 - 2011-03-10 23:10 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-12-18 18:50 - 2010-12-18 18:50 - 00173856 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2009-05-28 01:09 - 2009-05-28 01:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2011-10-26 07:13 - 2010-04-06 12:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-10-26 07:13 - 2010-04-06 12:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2117517907-3340486329-3977940743-500\...\facebook.com -> hxxps://www.facebook.com
IE trusted site: HKU\S-1-5-21-2117517907-3340486329-3977940743-500\...\youtube.com -> hxxp://youtube.com
IE trusted site: HKU\S-1-5-21-2117517907-3340486329-3977940743-500\...\youtube.com -> hxxps://youtube.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2117517907-3340486329-3977940743-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{57851196-B36C-48EE-89D6-58F98CE9B1B4}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{B919EE45-F904-457B-9C82-2C3DE1BC0CCB}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{E547AF9E-1B89-43A4-AF54-16CC37D802E9}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{576A3E53-AF64-49B6-B8DF-E19D9144ECC6}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{3654532F-4917-46EC-8DEC-00444AEF64C3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{88F28B08-F30A-42EF-B3F3-27F3683A44A6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{4F322F96-3F06-4E59-8F31-4E80D25D4159}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{C8DB8739-059B-4C45-9050-B5755AA936C2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{3DC925F7-E099-4C83-94C9-047C56FFE46B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{7CF710C0-1F81-42A2-ABE6-E8E55BD135E6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{046B19D2-3A80-4EAE-9B65-7E3B17E41109}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{93ED1007-AF0B-48D0-8239-964707EFCEB2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{0DA815D4-8D8A-40E7-BFE8-04C156E81534}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{DC5FF5DA-A96A-4519-8546-14D6A2CE16DD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{F793CECB-F68D-4FCD-A482-B3C82E0763DB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{0D746F81-D0B7-4FAF-94DC-430966522D0F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{96BFF070-87F9-4D81-83F7-1FD69A4C1DD7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{93CE620A-D597-4533-A4D1-8F9999CEBE88}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{9C6817D5-4757-4B3E-B84C-7FBE14CB78BB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{749A2C59-D101-4676-B0B3-275F77A4292C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{A4CF3459-FCD4-4B7A-8200-46DEF12FF054}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{0009E0D2-0A7B-4370-B60F-2CD974552CC7}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{AAAD2163-C88F-4F3D-8DF9-5D62C0F7E55A}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [TCP Query User{C34E642F-42DE-4C47-9EA6-E37962828668}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{457B8EF6-A647-428B-8F4D-1AC855F218AF}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{3AD79CAC-416A-4D71-8D8C-D36BA1369019}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{37369C10-F5FA-47DA-B636-B46C949A0732}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{073A97D2-D738-4325-AA8E-BC6FFE6FFADE}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{9E4071AE-F903-470E-8860-E51132253B49}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{BA828B50-F7BE-4E28-A6FC-225EFFD2DAAC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7AF7EA92-8CCC-4DA3-B127-C9CF51717067}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ACBC6789-BF8D-4FC6-AB3C-E9FC24A2C189}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E2EC50CE-7A99-4386-A92E-C79BB13232A3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7EB9BCB7-BD30-48AD-B640-F758B2EAFC23}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{227B64D4-CE0F-465B-8AA6-769F64CF8C8A}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{E82F6826-44F6-46C7-99C4-EC1348BB4935}] => (Allow) C:\Program Files (x86)\Iminent\Iminent.exe
FirewallRules: [{DBF474AE-E828-466C-A06D-91AE5F1D67F8}] => (Allow) C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
FirewallRules: [{DA52C1B8-2C0A-499F-B0FA-B2F2415ED01D}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe
FirewallRules: [{2C2DE7AE-1A5F-4F07-A060-DE81BD4D9DEA}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{0B80617A-A2E4-4CF7-8EB7-43D2B688ED97}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BE81F48F-737B-4494-9409-6B91CA30CA41}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{B67C1EF6-A478-44D9-8661-DDBFBC24429C}] => (Allow) LPort=5357
FirewallRules: [{EE2BF980-EED3-47DA-A82A-7DB2274A9D3C}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E393311D-F490-4D7F-85D1-606CF8C727B4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8AABFD70-F0C9-46B8-AFE4-30922D4367F4}] => (Allow) LPort=2869
FirewallRules: [{8F3074F1-2B75-46B8-8EBE-44DBFD220D68}] => (Allow) LPort=1900
FirewallRules: [{51FE6FB9-58A4-405E-9F7D-C421AEAF23B6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C426A4EB-0690-462B-8368-73EA5437513F}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{8845DAC4-F7BD-4557-AC1F-3A1B3DBF8EB5}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{A91E859B-1CB3-4526-926B-9C7277FEA1B7}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{DEB07E4E-2551-47D5-8981-0D0C7D84AAF5}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe
FirewallRules: [{4247960A-40A9-4CB2-AF66-C1A96067A299}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe
FirewallRules: [{4139D87D-8D30-4736-8F73-744C9FA2427F}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{5E975A35-A71D-4FA1-8979-30F639849910}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{50DDDE58-C44A-499C-9CA5-2DBC6576CAB3}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{47119CE7-E489-4E37-9BF3-C04FD7C1BF89}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3A38B1E1-631E-4555-82DE-A78943607510}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{27B62FF0-9402-410E-B156-E80F6823C839}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{A3D27067-DF1E-4E1B-A242-C72B1DF69D07}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{2976290C-AEF3-4B48-9945-F52A5F9EC796}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{5136C8B5-8B85-48AB-93EF-48A79ECCC0CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{0586CAA2-3A0E-445F-AA6A-2EBC6B791224}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{03EF9FAA-2238-4304-9294-1356C385BCEF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{472496F2-082A-440F-AD53-990F8DA8C2A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{FEEDE517-673C-45AD-BCCF-48026474E94A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{CB48F3FE-CD37-46A1-B2F3-2FF344684806}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{E7716270-5AE6-4239-B89D-13EBC88C969B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{F78E2DCE-9194-4E73-B8F2-F9D270711EC6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{1696B403-A669-42DF-9EF2-D1083B911A18}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{6484676C-6E21-4931-AF91-E498E76D6367}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{2C979C09-5F14-4C5D-B84A-F5328078089E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{A44CBB1E-0093-4F5C-8D34-B073EB58D939}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{5CC70357-64C1-4430-A38E-A4800A22CFA7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{3EF08142-F475-4004-87A5-5C575FBB2FA8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{199B83B0-6255-4B12-A3BA-45601A82C78C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{BE53ADEF-ECB3-4DB8-93E9-8BEA06BA28CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{538BC5F2-D18F-4596-BEFE-CA7DAD93E2CD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4E5B4037-4F00-4BE5-A7CA-E1CC3D96A996}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{356FDC26-6CEF-4424-854B-C1ADBCFC1CBD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{65B696DD-3C0E-4010-A02E-47536D180021}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{3FDC628F-6FB1-4FC9-833D-D0654DDE8499}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{94B2D178-E4B8-4E4D-85F1-E6E34E2823D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{730818F5-53B7-4E83-A918-55FB7B8FFA8B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{C934BA10-851A-4FBF-AA60-DC3625BB2BCB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{B695B4B3-0078-4F40-96C3-38314386EB2E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{4AD61EBA-4D76-4299-B73F-E944F0A31AF9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{A1A320C4-22BF-41F9-BC18-98C05B9C3235}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{65E78877-458A-44CD-AFF1-7FF47C3DCA8D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{160A3489-88D1-4C47-8CE0-C1C4CCB38919}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{A01F58EE-1218-41B9-91CD-EB867A5ECF34}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{4755F17C-9DC7-4FA9-9CA2-F11AEBDBD9AA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{9B7F915E-8ADE-4183-8A10-0E65210C5F38}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{ED6027FD-CB7E-442B-B2C7-6B77545B5B73}] => (Allow) C:\Program Files (x86)\Iminent\Iminent.exe
FirewallRules: [{7EB3017C-0222-4E13-905A-DBAF0C744F28}] => (Allow) C:\Program Files (x86)\Iminent\Iminent.exe
FirewallRules: [{C859B377-350A-4001-BC06-A9872FA25C2C}] => (Allow) C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
FirewallRules: [{2519F838-6738-4239-8A08-23E0C9EE0E3C}] => (Allow) C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
FirewallRules: [{77739169-146C-4139-B588-4CB5F62AFB37}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EC1F68FE-EBBF-4C81-B5C0-C362F4E91CB0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{383AC280-5ED8-4B4C-A7A9-2D547AEA414C}] => (Allow) LPort=1900
FirewallRules: [{36FA7BBE-BCB7-485A-925F-0FEE6D0B8994}] => (Allow) LPort=1900
FirewallRules: [{EADA7597-4E63-4BE3-84C0-0D19BEC79A8C}] => (Allow) LPort=2869
FirewallRules: [{C94FA62A-2E44-49DF-9B22-0E165BE843E1}] => (Allow) LPort=2869
FirewallRules: [{B6D0A0DA-8239-49E3-AED6-691A23883E3A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2869F92D-A6BA-4F55-8496-E06E1ED12BFB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C320F1B3-E7D4-400A-8031-2ECF1B924433}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{A134FCDC-8ED1-4D81-A9DE-8C2AAD07230D}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{60C5D657-721E-492C-AF69-746DCE9D8DDD}] => (Allow) C:\Program Files\Lenovo
FirewallRules: [{4E6F6132-F556-4909-ACCE-382026D835EF}] => (Allow) C:\Program Files\Lenovo

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP Officejet 6500 E710n-z (NET)
Description: HP Officejet 6500 E710n-z (NET)
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

The system cannot find message text for message number 0x1069 in the message file for (null).

More help is available by typing NET HELPMSG 4201.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 51%
Total physical RAM: 3979.23 MB
Available physical RAM: 1930.06 MB
Total Virtual: 7956.68 MB
Available Virtual: 5538.76 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:464.59 GB) (Free:415.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5A91ED2D)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.6 GB) - (Type=07 NTFS)

==================== End of log ============================


Edited by tink03, 07 July 2015 - 10:27 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP

Too many anti-viruses,  Get rid of either AVG or Avira.  Running both will cause problems.

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.
 

 

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

 

 

Get the free version of Speccy:

http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  

Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.

 

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.



 

 

 

 

 


  • 0

#3
tink03

tink03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Too many anti-viruses,  Get rid of either AVG or Avira.  Running both will cause problems.

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.
 

 

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

 

 

Get the free version of Speccy:

http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  

Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.

 

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.



 

 

 

 

 

# AdwCleaner v4.208 - Logfile created 16/07/2015 at 20:51:36
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Administrator - MA0001
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Administrator\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Administrator\AppData\LocalLow\AVG Secure Search

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Mozilla Firefox v

-\\ Google Chrome v43.0.2357.134

[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R1].txt - [2257 bytes] - [03/07/2015 23:33:10]
AdwCleaner[R2].txt - [4577 bytes] - [16/07/2015 20:51:36]
AdwCleaner[S1].txt - [2300 bytes] - [03/07/2015 23:36:09]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [4695 bytes] ##########

 

I tried running sfc /scannow, but it just sat there and finally gave me an error that said Windows Resource Protection could not perform the requested operation.


  • 0

#4
tink03

tink03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

 

Too many anti-viruses,  Get rid of either AVG or Avira.  Running both will cause problems.

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.
 

 

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

 

 

Get the free version of Speccy:

http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  

Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.

 

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.



 

 

 

 

 

# AdwCleaner v4.208 - Logfile created 16/07/2015 at 20:51:36
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Administrator - MA0001
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Administrator\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Administrator\AppData\LocalLow\AVG Secure Search

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Mozilla Firefox v

-\\ Google Chrome v43.0.2357.134

[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R1].txt - [2257 bytes] - [03/07/2015 23:33:10]
AdwCleaner[R2].txt - [4577 bytes] - [16/07/2015 20:51:36]
AdwCleaner[S1].txt - [2300 bytes] - [03/07/2015 23:36:09]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [4695 bytes] ##########

 

I tried running sfc /scannow, but it just sat there and finally gave me an error that said Windows Resource Protection could not perform the requested operation.

 

Another thing I have noticed is that this computer's name and the owner is MA0001. Yesterday I was checking permissions on some folders and I saw that some of them had inherited permissions from c:Ma0001. It showed a small c and the a in MA0001 was also lowercase.


  • 0

#5
tink03

tink03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

 

 

Too many anti-viruses,  Get rid of either AVG or Avira.  Running both will cause problems.

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.
 

 

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

 

 

Get the free version of Speccy:

http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  

Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.

 

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.



 

 

 

 

 

# AdwCleaner v4.208 - Logfile created 16/07/2015 at 20:51:36
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Administrator - MA0001
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Administrator\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Administrator\AppData\LocalLow\AVG Secure Search

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Mozilla Firefox v

-\\ Google Chrome v43.0.2357.134

[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R1].txt - [2257 bytes] - [03/07/2015 23:33:10]
AdwCleaner[R2].txt - [4577 bytes] - [16/07/2015 20:51:36]
AdwCleaner[S1].txt - [2300 bytes] - [03/07/2015 23:36:09]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [4695 bytes] ##########

 

I tried running sfc /scannow, but it just sat there and finally gave me an error that said Windows Resource Protection could not perform the requested operation.

 

Another thing I have noticed is that this computer's name and the owner is MA0001. Yesterday I was checking permissions on some folders and I saw that some of them had inherited permissions from c:Ma0001. It showed a small c and the a in MA0001 was also lowercase.

 

I'm not sure if I'm supposed to stop here because the sfc scan wouldn't run, or continue on with the other directions.


  • 0






Similar Topics


Also tagged with one or more of these keywords: base device, uninstall, malware, virus, offline printer, lenovo, thinkpad

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP