Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

got BSOD


  • This topic is locked This topic is locked

#1
gismeu

gismeu

    Member

  • Member
  • PipPip
  • 47 posts

Hello,

 

got a BSOD for some weeks now. Have been using my laptop in safe mode, but

now I want to get rid of this problem.

 

It is a Lenovo Thinkpad laptop with Windows 7 and 64 bit operating system.

 

What please is the first step?

 

With much appreciation, Richard


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, why do you think it is a virus ?

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
gismeu

gismeu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Hello Essexboy,

 

thanks for taking on my case.

You say:  Hi there, why do you think it is a virus ?

 

I say, uups, did I post in the wrong section? Sorry for that.

 

Since my computer can't do certain things in safe mode,

I will copy the FBAR results here just in case and then try to attach them too.

Thanks again, Richard

P.S. Can't find where to attach them, so will post this now and then look again

for who to attach the files.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-04-2016
Ran by gismeu (administrator) on GIAMEU (01-05-2016 08:07:53)
Running from C:\Users\gismeu\Downloads
Loaded Profiles: gismeu (Available Profiles: gismeu)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63376 2012-09-07] (Lenovo)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [AvgRemover] => C:\Users\gismeu\Downloads\avg_remover_stf_x64_2015_5501.exe /run_number=2 /ndis_nextstep=4
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: D - D:\Setup.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {52d012e3-d5ad-11e1-b991-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851e3-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851ea-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a606-d4a6-11e1-a63d-e89a8f581443} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a654-d4a6-11e1-a63d-e89a8f581443} - F:\setup_vmb_lite.exe /checkApplicationPresence
Lsa: [Notification Packages] scecli ACGina

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{9263A1A0-B92C-4A32-87A0-3F9C7A675475}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{A31D1DA5-74DD-4E3C-9A96-BBE8F48E25EA}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {BB319545-1E2A-4CCE-B6B8-B88FFC6327EC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> DefaultScope {7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9} URL =
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> {7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9} URL =
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> {F50431DE-C870-49C9-B89B-3F6947D72D32} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140102,20028,0,85,0
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

FireFox:
========
FF ProfilePath: C:\Users\gismeu\AppData\Roaming\Mozilla\Firefox\Profiles\jtgxwkla.default-1436799463323
FF Homepage: hxxp://finance.yahoo.com/
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll [2013-04-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: @citrixonline.com/appdetectorplugin -> C:\Users\gismeu\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-06-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll [2016-04-29] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll [2016-04-29] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\gismeu\AppData\Roaming\mozilla\plugins\npatgpc.dll [2011-12-18] (Cisco WebEx LLC)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-04-15] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-04-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21] [not signed]

Chrome:
=======
CHR Profile: C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Google Docs) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]
CHR Extension: (Google Drive) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-13]
CHR Extension: (YouTube) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Google Search) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (Google Sheets) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Google Wallet) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13]
CHR Extension: (Gmail) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
S2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
S2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-05-07] (Alcatel-Lucent) [File not signed]
S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-05-07] (Alcatel-Lucent) [File not signed]
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-08-04] (IBM Corp.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-11-01] (REALiX™)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S1 RapportCerberus_1507065; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507065.sys [958744 2015-11-11] (IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-08-04] (IBM Corp.)
S0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-08-04] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-08-04] (IBM Corp.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489240 2015-08-04] (IBM Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33448 2015-11-01] (Synaptics Incorporated)
S1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-01 08:07 - 2016-05-01 08:09 - 00012382 _____ C:\Users\gismeu\Downloads\FRST.txt
2016-05-01 08:05 - 2016-05-01 08:05 - 02377216 _____ (Farbar) C:\Users\gismeu\Downloads\FRST64.exe
2016-04-30 17:25 - 2016-04-30 17:25 - 00070924 _____ C:\Users\gismeu\F4.DAT
2016-04-28 23:41 - 2016-04-28 23:41 - 00008649 _____ C:\Users\gismeu\Desktop\COMCAST.odt
2016-04-15 20:39 - 2016-04-22 17:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-01 08:07 - 2015-11-17 09:15 - 00000000 ____D C:\FRST
2016-05-01 08:03 - 2009-07-14 01:13 - 00863826 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-01 08:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-01 07:59 - 2014-12-31 09:44 - 30129250 _____ C:\Windows\ntbtlog.txt
2016-04-30 17:26 - 2012-10-12 13:00 - 00000265 _____ C:\Users\gismeu\MASTER
2016-04-30 17:26 - 2012-09-29 00:48 - 00000960 _____ C:\Users\gismeu\EMASTER
2016-04-30 17:26 - 2011-07-29 00:47 - 00000000 ____D C:\Users\gismeu
2016-04-30 17:25 - 2016-03-05 20:25 - 00080696 _____ C:\Users\gismeu\F3.DAT
2016-04-30 17:25 - 2016-01-29 18:37 - 00256060 _____ C:\Users\gismeu\F2.DAT
2016-04-30 17:25 - 2015-01-24 21:35 - 00096992 _____ C:\Users\gismeu\F1.DAT
2016-04-29 06:37 - 2013-04-14 21:45 - 00000000 ____D C:\Users\gismeu\.thinkorswim
2016-04-29 06:37 - 2011-07-29 01:31 - 00000000 ____D C:\Program Files (x86)\thinkorswim
2016-04-28 23:01 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-25 16:51 - 2014-05-09 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2011-08-04 14:21 - 2011-06-07 15:49 - 0004871 _____ () C:\Program Files (x86)\SLV 11.portfolio
2014-12-17 20:54 - 2014-12-17 20:54 - 0037607 _____ () C:\Program Files (x86)\Common Files\license.rtf
2014-12-17 20:54 - 2014-12-17 20:54 - 0008046 _____ () C:\Program Files (x86)\Common Files\setupBanner.jpg
2013-07-05 11:45 - 2013-07-07 20:50 - 0000960 _____ () C:\Users\gismeu\AppData\Roaming\.starmoon_kst.cfg
2013-02-12 09:56 - 2013-02-12 09:56 - 0007606 _____ () C:\Users\gismeu\AppData\Local\Resmon.ResmonCfg
2014-09-12 04:27 - 2014-09-12 04:27 - 0000000 _____ () C:\Users\gismeu\AppData\Local\{9A0E4B64-F871-4096-9115-58A4617EFA3B}
2013-09-05 14:30 - 2013-09-05 14:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-08-24 20:33 - 2013-08-24 20:33 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2012-09-27 21:35 - 2012-09-27 21:35 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Files to move or delete:
====================
C:\Users\gismeu\F1.DAT
C:\Users\gismeu\F2.DAT
C:\Users\gismeu\F3.DAT
C:\Users\gismeu\F4.DAT


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-07 12:22

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-04-2016
Ran by gismeu (2016-05-01 08:09:36)
Running from C:\Users\gismeu\Downloads
Windows 7 Professional Service Pack 1 (X64) (2011-07-29 04:47:41)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4102688973-2130496443-4087980055-500 - Administrator - Disabled)
gismeu (S-1-5-21-4102688973-2130496443-4087980055-1000 - Administrator - Enabled) => C:\Users\gismeu
Guest (S-1-5-21-4102688973-2130496443-4087980055-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4102688973-2130496443-4087980055-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Anvil Studio (HKLM-x32\...\{B2D2B7EF-2D0F-4E54-97DE-ED1445501B52}) (Version: 14.02.03 - Willow Software)
Anvil Studio 2012 (HKLM-x32\...\{29DFE555-55E2-48EC-BB5B-64E4B277674F}) (Version: 12.09.02 - Willow Software)
Anvil Studio 2015 (HKLM-x32\...\{CB7212EA-21F9-4EF4-B289-9D69E28EE68D}) (Version: 15.01.11 - Willow Software)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Gannalyst Professional 5.0 (HKLM-x32\...\Gannalyst Professional 5.0_is1) (Version:  - Gannalyst.com)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HQuote (HKLM-x32\...\HQuote) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\{986AB50A-A527-4F6D-8E8B-87FC3F0C2DBA}) (Version: 3.6.0006 - Lenovo)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
QTrader (HKLM-x32\...\{E8D0D1C4-2464-42B9-8B03-FCE421150C2C}) (Version: 15.9.826 - CQG)
Rapport (Version: 3.5.1205.12 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1507.63 - Trusteer) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(5/25/2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.49.0 - Samsung Electronics Co., Ltd.)
SE_Aspectarian v1.26 (HKLM-x32\...\SE_Aspectarian_is1) (Version:  - Allen Edwall/AstroWin)
Sonic Icons for Lenovo (HKLM-x32\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
StarFisher (HKLM-x32\...\{21C17FA8-28CA-4F00-80F1-1F96FACEC060}_is1) (Version: 0.8.5.4 - Tomas Kubec - OrionSoft)
thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.15 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.30 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.97 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.72 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.42 - Lenovo)
Trader Excel Add-In 3.3 (HKLM-x32\...\Trader Excel Add-In_is1) (Version:  - Open E Cry, LLC)
Trader Workstation (HKLM\...\5889-6375-8446-2021) (Version: latest (955.4k) 20160322 15:13:53 - Interactive Brokers LLC)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.63 - Trusteer)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.43.0 - )
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Driver Package - Intel (iaStor) hdc  (01/15/2010 9.5.7.1002) (HKLM\...\C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6) (Version: 01/15/2010 9.5.7.1002 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01BD4E26-55E1-4F64-A5B7-7BE8CCC58C7F} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {147478B3-293E-46BF-B3BA-F0E4624189FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {19E4F08B-6F45-4DA3-AFDC-82EBC3FB5FC9} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {1C11B708-2EAC-4C4C-BEB7-12E972593D0F} - System32\Tasks\{461E9536-DC2A-4586-B52E-AD3DC3ACDDEE} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsBing
Task: {1E5DA755-3AC4-4A80-AEDB-D66D899830A0} - System32\Tasks\{D48658BC-119B-4EE2-B4BC-3F743CE316F3} => Firefox.exe hxxp://ui.skype.com/ui/0/4.2.0.155.375/en/go/help.faq.installer?LastError=1603
Task: {2AAE27B3-8E01-4F5B-B1B3-539CC89318F3} - System32\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000 => C:\Users\gismeu\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe
Task: {349D0914-E27A-40E7-91EA-E41AEEBF1514} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {41555BD1-F810-401A-9588-CEF2DB8C2C6D} - System32\Tasks\{3FCE6A68-FD74-4753-B886-321A23DBD7A6} => pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {464FB591-1A29-443F-A4A6-0B274ED07034} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {490B67E5-A0C6-4D4B-8CF7-9C7F7A9CDB53} - System32\Tasks\RunSmartLeapServiceCenter => C:\Users\gismeu\Downloads\ServiceCenter.exe
Task: {4990BD4F-F494-4B0C-96B7-DFE0316D1920} - System32\Tasks\Driver Booster SkipUAC (gismeu) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {4B5395F2-9D60-4220-A05F-71D9038981DC} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
Task: {5BE35628-9A9E-4B25-A002-D4B0A6FD4E26} - System32\Tasks\TVT\LaunchRnR => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe [2009-08-28] (Lenovo Limited Group Corporation)
Task: {6283A799-2A08-42B1-8366-73F1C2ACECED} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {670BC3EA-8C7A-42B2-B6CF-C3908B9C662A} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-24] (Lenovo Group Limited)
Task: {695244D2-9FC2-4885-962A-B66039EF1556} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
Task: {6E860934-FD7A-4877-91B4-02C9A52ED227} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Task: {6FFD2AE0-FE74-41D7-A013-467AF8A55D12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7CAB3C1E-59F7-4D26-AC0E-56BC40E0E51F} - System32\Tasks\G2MUploadTask-S-1-5-21-4102688973-2130496443-4087980055-1000 => C:\Users\gismeu\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe
Task: {809CDCC8-01C7-48C5-A681-46F5668C3403} - System32\Tasks\Trader Workstation Update => C:\Jts\WiseUpdt.exe
Task: {9FB5B7AD-C22D-4BA1-9505-93776C4C9C54} - System32\Tasks\TVT\ChangePWD => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe [2009-08-28] (Lenovo Limited Group Corporation)
Task: {A6B698F0-4533-4944-80CF-E465149EEA4A} - System32\Tasks\{340124C1-FB07-4F34-A3AE-B6C9FA5F6778} => pcalua.exe -a "C:\Program Files (x86)\MetaTrader 4\Uninstall.exe"
Task: {B06A406B-B5CB-4592-85A8-EB2CA4A89803} - System32\Tasks\TVT\UpdateRnR => C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsetsched.exe [2009-08-28] ()
Task: {B0C5DA1D-700B-498D-B54A-F72C54B1FC7E} - System32\Tasks\Uninstaller_SkipUac_gismeu => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {B76104BB-182B-45BB-AA97-F0F5A96544EA} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {B85EA420-C03C-4DF3-81EA-B89DDEA6BAA3} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {BB937074-419E-4BFF-ADF5-99F7D6CF68AC} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {DCD9FD18-D5D5-46DC-9334-7A1A437D3098} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {DEF1B57B-E5CE-4801-8D9B-32B4E2664242} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {E9009AD7-5EC2-4ADA-ACFD-41BB62DE1F44} - System32\Tasks\Message Center plus => C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [2009-05-28] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\$talisma_url$ -> hxxps://$talisma_url$
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\100sexlinks.com -> 100sexlinks.com

There are 5317 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\gismeu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: RapportMgmtService => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SUService => 3
MSCONFIG\Services: ThinkVantage Registry Monitor Service => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: TVT Backup Service => 3
MSCONFIG\Services: vToolbarUpdater18.1.9 => 2
MSCONFIG\startupfolder: C:^Users^gismeu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk.Startup
MSCONFIG\startupfolder: C:^Users^gismeu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: HP Officejet 4620 series (NET) => "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN35T3403D05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: Launch Backup Service Once => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe -start
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{F64A3A59-5CEA-42BD-A205-2A168773BB3C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BEE10CAB-486B-46E0-81E4-B98E24C8D52A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9D1E3B47-5C39-4D4A-932D-18ACCDD7109F}C:\program files (x86)\lenovo\system update\uncserver.exe] => (Allow) C:\program files (x86)\lenovo\system update\uncserver.exe
FirewallRules: [UDP Query User{F5279ADD-C696-43FB-960C-C3DBAE58EA8A}C:\program files (x86)\lenovo\system update\uncserver.exe] => (Allow) C:\program files (x86)\lenovo\system update\uncserver.exe
FirewallRules: [TCP Query User{FDEE8C55-136F-44B5-8216-5B5766068BE8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{95A3E870-59EB-4125-8D20-36A40880FAD5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C953A675-ECF6-4374-BDCB-2F05627912D4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{73C9775A-CA9C-4973-A53D-8410E05BCE3E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{24671E6A-9460-4DB4-85F2-2105653E408A}C:\program files (x86)\cqg\qtrader t\bin\cqg.exe] => (Allow) C:\program files (x86)\cqg\qtrader t\bin\cqg.exe
FirewallRules: [UDP Query User{E6B36C72-8A83-4775-8927-EC4D41DA5D28}C:\program files (x86)\cqg\qtrader t\bin\cqg.exe] => (Allow) C:\program files (x86)\cqg\qtrader t\bin\cqg.exe
FirewallRules: [TCP Query User{9CBF3ED8-31B8-4D92-BE4D-414B3369889A}C:\program files (x86)\cqg\qtrader t\bin\cqgnetscore.exe] => (Allow) C:\program files (x86)\cqg\qtrader t\bin\cqgnetscore.exe
FirewallRules: [UDP Query User{BCBD1933-38CC-41E0-9DAD-BB12795CD980}C:\program files (x86)\cqg\qtrader t\bin\cqgnetscore.exe] => (Allow) C:\program files (x86)\cqg\qtrader t\bin\cqgnetscore.exe
FirewallRules: [{EDE06C99-4722-4C17-97B3-49EC10CE6F2F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{BD77F457-2846-4E2F-85B9-0F5BF7556F25}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{1ACCDDA9-C86E-44E7-AED6-93EB070FA944}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{413A360E-6B0E-4ED8-A5F1-8FAC21405136}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{0993D166-2039-47E8-84D3-ACBC91B91C86}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{8CD3EF02-2ACE-443B-9061-94F8B65F0C9F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{1EFFF901-ADA2-49DC-8B7E-C1FA03348E54}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe

==================== Restore Points =========================

07-04-2015 14:58:54 Installed Rapport
07-04-2015 18:44:13 Windows Update
01-05-2015 22:38:32 Windows Live Essentials
01-05-2015 22:40:07 WLSetup
01-05-2015 22:46:47 Windows Update
04-05-2015 12:59:46 Windows Update
13-07-2015 10:09:03 Installed Rapport
13-07-2015 12:15:16 Installed Rapport
01-11-2015 16:21:46 Removed Rapport
01-11-2015 16:47:25 Driver Booster : Base System Device
10-11-2015 23:20:46 Installed Rapport
10-11-2015 23:20:46 IObit Uninstaller restore point
11-11-2015 10:46:13 Installed Rapport
11-11-2015 10:51:38 Removed AVG 2013
11-11-2015 11:17:14 Removed AVG 2013
11-11-2015 14:05:37 Installed QTrader
11-11-2015 15:09:59 Windows Update

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: RapportHades64
Description: RapportHades64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RapportHades64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/01/2016 08:00:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2016 09:18:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2016 04:53:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2016 06:48:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (04/29/2016 05:40:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2016 11:06:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2016 11:03:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/26/2016 06:24:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/25/2016 04:53:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2016 05:48:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/01/2016 08:08:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/01/2016 08:08:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/01/2016 08:08:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/01/2016 08:06:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/01/2016 08:06:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/01/2016 08:06:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/01/2016 08:02:09 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/01/2016 08:02:02 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/01/2016 08:01:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/01/2016 08:01:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6670 @ 2.20GHz
Percentage of memory in use: 49%
Total physical RAM: 1912.86 MB
Available physical RAM: 958.25 MB
Total Virtual: 3825.72 MB
Available Virtual: 2939.54 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:221.95 GB) (Free:146.73 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 6D47215F)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#4
gismeu

gismeu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Hi again,

 

just a typo, should read .... how to attach them. (not who to attach them)

 

Here you go,

 

thanks, Richard

Attached Files


  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK looks clean so first I will just do a quick tidy up and then see if we can locate the driver causing your problems

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\RunOnce: [AvgRemover] => C:\Users\gismeu\Downloads\avg_remover_stf_x64_2015_5501.exe /run_number=2 /ndis_nextstep=4
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: D - D:\Setup.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {52d012e3-d5ad-11e1-b991-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851e3-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851ea-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a606-d4a6-11e1-a63d-e89a8f581443} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a654-d4a6-11e1-a63d-e89a8f581443} - F:\setup_vmb_lite.exe /checkApplicationPresence
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2016-04-30 17:25 - 2016-03-05 20:25 - 00080696 _____ C:\Users\gismeu\F3.DAT
2016-04-30 17:25 - 2016-01-29 18:37 - 00256060 _____ C:\Users\gismeu\F2.DAT
2016-04-30 17:25 - 2015-01-24 21:35 - 00096992 _____ C:\Users\gismeu\F1.DAT
2016-04-30 17:25 - 2016-04-30 17:25 - 00070924 _____ C:\Users\gismeu\F4.DAT
2014-09-12 04:27 - 2014-09-12 04:27 - 0000000 _____ () C:\Users\gismeu\AppData\Local\{9A0E4B64-F871-4096-9115-58A4617EFA3B}
Task: {41555BD1-F810-401A-9588-CEF2DB8C2C6D} - System32\Tasks\{3FCE6A68-FD74-4753-B886-321A23DBD7A6} => pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {4B5395F2-9D60-4220-A05F-71D9038981DC} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.
Cleanboot1.JPG
2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.
cleanboot2.JPG
5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.
7.Let me know of any problems in normal boot
  • 0

#6
gismeu

gismeu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Hello Essexboy,

 

here is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:30-04-2016
Ran by gismeu (2016-05-01 09:37:19) Run:1
Running from C:\Users\gismeu\Downloads
Loaded Profiles: gismeu (Available Profiles: gismeu)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\RunOnce: [AvgRemover] => C:\Users\gismeu\Downloads\avg_remover_stf_x64_2015_5501.exe /run_number=2 /ndis_nextstep=4
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: D - D:\Setup.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {52d012e3-d5ad-11e1-b991-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851e3-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851ea-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a606-d4a6-11e1-a63d-e89a8f581443} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a654-d4a6-11e1-a63d-e89a8f581443} - F:\setup_vmb_lite.exe /checkApplicationPresence
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2016-04-30 17:25 - 2016-03-05 20:25 - 00080696 _____ C:\Users\gismeu\F3.DAT
2016-04-30 17:25 - 2016-01-29 18:37 - 00256060 _____ C:\Users\gismeu\F2.DAT
2016-04-30 17:25 - 2015-01-24 21:35 - 00096992 _____ C:\Users\gismeu\F1.DAT
2016-04-30 17:25 - 2016-04-30 17:25 - 00070924 _____ C:\Users\gismeu\F4.DAT
2014-09-12 04:27 - 2014-09-12 04:27 - 0000000 _____ () C:\Users\gismeu\AppData\Local\{9A0E4B64-F871-4096-9115-58A4617EFA3B}
Task: {41555BD1-F810-401A-9588-CEF2DB8C2C6D} - System32\Tasks\{3FCE6A68-FD74-4753-B886-321A23DBD7A6} => pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {4B5395F2-9D60-4220-A05F-71D9038981DC} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Error: Restore point can only be created in normal mode.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AvgRemover => value removed successfully
"HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D" => key removed successfully
"HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52d012e3-d5ad-11e1-b991-e89a8f581443}" => key removed successfully
HKCR\CLSID\{52d012e3-d5ad-11e1-b991-e89a8f581443} => key not found.
"HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64e851e3-d31e-11e1-b5fa-e89a8f581443}" => key removed successfully
HKCR\CLSID\{64e851e3-d31e-11e1-b5fa-e89a8f581443} => key not found.
"HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64e851ea-d31e-11e1-b5fa-e89a8f581443}" => key removed successfully
HKCR\CLSID\{64e851ea-d31e-11e1-b5fa-e89a8f581443} => key not found.
"HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84b1a606-d4a6-11e1-a63d-e89a8f581443}" => key removed successfully
HKCR\CLSID\{84b1a606-d4a6-11e1-a63d-e89a8f581443} => key not found.
"HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84b1a654-d4a6-11e1-a63d-e89a8f581443}" => key removed successfully
HKCR\CLSID\{84b1a654-d4a6-11e1-a63d-e89a8f581443} => key not found.
avgtp => Service stopped successfully.
avgtp => service removed successfully
esgiguard => service removed successfully
C:\Users\gismeu\F3.DAT => moved successfully
C:\Users\gismeu\F2.DAT => moved successfully
C:\Users\gismeu\F1.DAT => moved successfully
C:\Users\gismeu\F4.DAT => moved successfully
C:\Users\gismeu\AppData\Local\{9A0E4B64-F871-4096-9115-58A4617EFA3B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41555BD1-F810-401A-9588-CEF2DB8C2C6D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41555BD1-F810-401A-9588-CEF2DB8C2C6D}" => key removed successfully
C:\Windows\System32\Tasks\{3FCE6A68-FD74-4753-B886-321A23DBD7A6} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3FCE6A68-FD74-4753-B886-321A23DBD7A6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4B5395F2-9D60-4220-A05F-71D9038981DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B5395F2-9D60-4220-A05F-71D9038981DC}" => key removed successfully
C:\Windows\System32\Tasks\Driver Booster Scheduler => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler" => key removed successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
The dependency service or group failed to start.



========= End of CMD: =========

EmptyTemp: => 1.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:39:43 ====

 

Thanks, Richard


  • 0

#7
gismeu

gismeu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

WONDERFUL  :)

 

Restart was successful, I do have sound again, seems all working fine now!

Can you say if there is something that one better does not do with the computer

in order to prevent that from happening again?

 

Thanks, Richard


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
At the moment you are running in a semi safe mode

So the option that you are facing now is, is the computer functioning properly and all programmes working ?

If so then there is no need to do anything else, if not then we will need to determine which driver was causing the problems
  • 0

#9
gismeu

gismeu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Hi Essexboy,

 

last November I ran the PC Doctor of my Lenovo laptop whilst already having the BSOD and

some tests failed. I posted that in the Lenovo forum and got this suggestion:

 

As per the test you have performed, it clearly states that it is a hardware issue,

might be hard disk should be replaced. Hence, kindly request you to take the system

to the nearest service centre for the further assistance.

 

I never took it so a service center since my needs changed and I now predominantly

use a desk top.

 

I basically only need that laptop when I am traveling so I can do some of my work.

 

So just got the idea I redo those tests that failed and see if they still fail or

were due to being on safe mode.

What do you think?

 

Thanks, Richard


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes it may be worth doing that although the symptoms are not indicative of a drive failure
  • 0

Advertisements


#11
gismeu

gismeu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Well, can't open PC doctor,

 

so here the first program that does not seem to work.

I am now going to uninstall a few things I don't need and run Malwarebites

and see if I find anything else not working.

 

Best, Richard


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK, as I say I could see no malware but there is no harm in checking :)
  • 0

#13
gismeu

gismeu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Hello Essexboy,

 

we are back to square one  :(

 

Last night and this morning when I started the computer, I got the BSOD again.

 

The last few things I did yesterday were uninstalling a few programs I no longer needed, including Microsoft Silverlight.

I ran Malware bytes again since the first time the computer shut down during the scan, but it was fine.

I run Junk Removal Tool and it found one thing that got removed.

 

Now why is BSOD re-apprearing, i wonder?

 

Any ideas as to what to do next?

 

Thanks, Richard


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have any dmp file in C:\windows\minidumps ?

If so could you copy three or four to the desktop, zip them up and attach them to your post
  • 0

#15
gismeu

gismeu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Hi Essexboy,

 

I got two files in there:  010716-48968-01.dmp

                                    091914-47408-01.dmp

 

but when uploading or trying to, I get the message:

 

Error You aren't permitted to upload this kind of file

 

Thanks, Richard


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP