Hello Essexboy,
thanks for taking on my case.
You say: Hi there, why do you think it is a virus ?
I say, uups, did I post in the wrong section? Sorry for that.
Since my computer can't do certain things in safe mode,
I will copy the FBAR results here just in case and then try to attach them too.
Thanks again, Richard
P.S. Can't find where to attach them, so will post this now and then look again
for who to attach the files.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-04-2016
Ran by gismeu (administrator) on GIAMEU (01-05-2016 08:07:53)
Running from C:\Users\gismeu\Downloads
Loaded Profiles: gismeu (Available Profiles: gismeu)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63376 2012-09-07] (Lenovo)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [AvgRemover] => C:\Users\gismeu\Downloads\avg_remover_stf_x64_2015_5501.exe /run_number=2 /ndis_nextstep=4
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: D - D:\Setup.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {52d012e3-d5ad-11e1-b991-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851e3-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {64e851ea-d31e-11e1-b5fa-e89a8f581443} - E:\AutoRun.exe
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a606-d4a6-11e1-a63d-e89a8f581443} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\MountPoints2: {84b1a654-d4a6-11e1-a63d-e89a8f581443} - F:\setup_vmb_lite.exe /checkApplicationPresence
Lsa: [Notification Packages] scecli ACGina
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{9263A1A0-B92C-4A32-87A0-3F9C7A675475}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{A31D1DA5-74DD-4E3C-9A96-BBE8F48E25EA}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {BB319545-1E2A-4CCE-B6B8-B88FFC6327EC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> DefaultScope {7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9} URL =
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> {7509B7B2-6F1B-4301-A12D-B8FA3B44D1C9} URL =
SearchScopes: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000 -> {F50431DE-C870-49C9-B89B-3F6947D72D32} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140102,20028,0,85,0
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FireFox:
========
FF ProfilePath: C:\Users\gismeu\AppData\Roaming\Mozilla\Firefox\Profiles\jtgxwkla.default-1436799463323
FF Homepage: hxxp://finance.yahoo.com/
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll [2013-04-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: @citrixonline.com/appdetectorplugin -> C:\Users\gismeu\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-06-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll [2016-04-29] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-4102688973-2130496443-4087980055-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll [2016-04-29] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\gismeu\AppData\Roaming\mozilla\plugins\npatgpc.dll [2011-12-18] (Cisco WebEx LLC)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-04-15] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-04-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21] [not signed]
Chrome:
=======
CHR Profile: C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Google Docs) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]
CHR Extension: (Google Drive) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-13]
CHR Extension: (YouTube) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Google Search) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (Google Sheets) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Google Wallet) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13]
CHR Extension: (Gmail) - C:\Users\gismeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
S2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
S2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-05-07] (Alcatel-Lucent) [File not signed]
S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-05-07] (Alcatel-Lucent) [File not signed]
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-08-04] (IBM Corp.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-11-01] (REALiX)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S1 RapportCerberus_1507065; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507065.sys [958744 2015-11-11] (IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-08-04] (IBM Corp.)
S0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-08-04] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-08-04] (IBM Corp.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489240 2015-08-04] (IBM Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33448 2015-11-01] (Synaptics Incorporated)
S1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-01 08:07 - 2016-05-01 08:09 - 00012382 _____ C:\Users\gismeu\Downloads\FRST.txt
2016-05-01 08:05 - 2016-05-01 08:05 - 02377216 _____ (Farbar) C:\Users\gismeu\Downloads\FRST64.exe
2016-04-30 17:25 - 2016-04-30 17:25 - 00070924 _____ C:\Users\gismeu\F4.DAT
2016-04-28 23:41 - 2016-04-28 23:41 - 00008649 _____ C:\Users\gismeu\Desktop\COMCAST.odt
2016-04-15 20:39 - 2016-04-22 17:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-01 08:07 - 2015-11-17 09:15 - 00000000 ____D C:\FRST
2016-05-01 08:03 - 2009-07-14 01:13 - 00863826 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-01 08:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-01 07:59 - 2014-12-31 09:44 - 30129250 _____ C:\Windows\ntbtlog.txt
2016-04-30 17:26 - 2012-10-12 13:00 - 00000265 _____ C:\Users\gismeu\MASTER
2016-04-30 17:26 - 2012-09-29 00:48 - 00000960 _____ C:\Users\gismeu\EMASTER
2016-04-30 17:26 - 2011-07-29 00:47 - 00000000 ____D C:\Users\gismeu
2016-04-30 17:25 - 2016-03-05 20:25 - 00080696 _____ C:\Users\gismeu\F3.DAT
2016-04-30 17:25 - 2016-01-29 18:37 - 00256060 _____ C:\Users\gismeu\F2.DAT
2016-04-30 17:25 - 2015-01-24 21:35 - 00096992 _____ C:\Users\gismeu\F1.DAT
2016-04-29 06:37 - 2013-04-14 21:45 - 00000000 ____D C:\Users\gismeu\.thinkorswim
2016-04-29 06:37 - 2011-07-29 01:31 - 00000000 ____D C:\Program Files (x86)\thinkorswim
2016-04-28 23:01 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-25 16:51 - 2014-05-09 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
==================== Files in the root of some directories =======
2011-08-04 14:21 - 2011-06-07 15:49 - 0004871 _____ () C:\Program Files (x86)\SLV 11.portfolio
2014-12-17 20:54 - 2014-12-17 20:54 - 0037607 _____ () C:\Program Files (x86)\Common Files\license.rtf
2014-12-17 20:54 - 2014-12-17 20:54 - 0008046 _____ () C:\Program Files (x86)\Common Files\setupBanner.jpg
2013-07-05 11:45 - 2013-07-07 20:50 - 0000960 _____ () C:\Users\gismeu\AppData\Roaming\.starmoon_kst.cfg
2013-02-12 09:56 - 2013-02-12 09:56 - 0007606 _____ () C:\Users\gismeu\AppData\Local\Resmon.ResmonCfg
2014-09-12 04:27 - 2014-09-12 04:27 - 0000000 _____ () C:\Users\gismeu\AppData\Local\{9A0E4B64-F871-4096-9115-58A4617EFA3B}
2013-09-05 14:30 - 2013-09-05 14:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-08-24 20:33 - 2013-08-24 20:33 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2012-09-27 21:35 - 2012-09-27 21:35 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
Files to move or delete:
====================
C:\Users\gismeu\F1.DAT
C:\Users\gismeu\F2.DAT
C:\Users\gismeu\F3.DAT
C:\Users\gismeu\F4.DAT
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-07 12:22
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-04-2016
Ran by gismeu (2016-05-01 08:09:36)
Running from C:\Users\gismeu\Downloads
Windows 7 Professional Service Pack 1 (X64) (2011-07-29 04:47:41)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4102688973-2130496443-4087980055-500 - Administrator - Disabled)
gismeu (S-1-5-21-4102688973-2130496443-4087980055-1000 - Administrator - Enabled) => C:\Users\gismeu
Guest (S-1-5-21-4102688973-2130496443-4087980055-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4102688973-2130496443-4087980055-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Anvil Studio (HKLM-x32\...\{B2D2B7EF-2D0F-4E54-97DE-ED1445501B52}) (Version: 14.02.03 - Willow Software)
Anvil Studio 2012 (HKLM-x32\...\{29DFE555-55E2-48EC-BB5B-64E4B277674F}) (Version: 12.09.02 - Willow Software)
Anvil Studio 2015 (HKLM-x32\...\{CB7212EA-21F9-4EF4-B289-9D69E28EE68D}) (Version: 15.01.11 - Willow Software)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - )
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Gannalyst Professional 5.0 (HKLM-x32\...\Gannalyst Professional 5.0_is1) (Version: - Gannalyst.com)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HQuote (HKLM-x32\...\HQuote) (Version: - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\{986AB50A-A527-4F6D-8E8B-87FC3F0C2DBA}) (Version: 3.6.0006 - Lenovo)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
QTrader (HKLM-x32\...\{E8D0D1C4-2464-42B9-8B03-FCE421150C2C}) (Version: 15.9.826 - CQG)
Rapport (Version: 3.5.1205.12 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1507.63 - Trusteer) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(5/25/2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.49.0 - Samsung Electronics Co., Ltd.)
SE_Aspectarian v1.26 (HKLM-x32\...\SE_Aspectarian_is1) (Version: - Allen Edwall/AstroWin)
Sonic Icons for Lenovo (HKLM-x32\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
StarFisher (HKLM-x32\...\{21C17FA8-28CA-4F00-80F1-1F96FACEC060}_is1) (Version: 0.8.5.4 - Tomas Kubec - OrionSoft)
thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.15 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.30 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.97 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.72 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.42 - Lenovo)
Trader Excel Add-In 3.3 (HKLM-x32\...\Trader Excel Add-In_is1) (Version: - Open E Cry, LLC)
Trader Workstation (HKLM\...\5889-6375-8446-2021) (Version: latest (955.4k) 20160322 15:13:53 - Interactive Brokers LLC)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.63 - Trusteer)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.43.0 - )
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Driver Package - Intel (iaStor) hdc (01/15/2010 9.5.7.1002) (HKLM\...\C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6) (Version: 01/15/2010 9.5.7.1002 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01BD4E26-55E1-4F64-A5B7-7BE8CCC58C7F} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {147478B3-293E-46BF-B3BA-F0E4624189FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {19E4F08B-6F45-4DA3-AFDC-82EBC3FB5FC9} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {1C11B708-2EAC-4C4C-BEB7-12E972593D0F} - System32\Tasks\{461E9536-DC2A-4586-B52E-AD3DC3ACDDEE} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsBing
Task: {1E5DA755-3AC4-4A80-AEDB-D66D899830A0} - System32\Tasks\{D48658BC-119B-4EE2-B4BC-3F743CE316F3} => Firefox.exe hxxp://ui.skype.com/ui/0/4.2.0.155.375/en/go/help.faq.installer?LastError=1603
Task: {2AAE27B3-8E01-4F5B-B1B3-539CC89318F3} - System32\Tasks\G2MUpdateTask-S-1-5-21-4102688973-2130496443-4087980055-1000 => C:\Users\gismeu\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe
Task: {349D0914-E27A-40E7-91EA-E41AEEBF1514} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {41555BD1-F810-401A-9588-CEF2DB8C2C6D} - System32\Tasks\{3FCE6A68-FD74-4753-B886-321A23DBD7A6} => pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {464FB591-1A29-443F-A4A6-0B274ED07034} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {490B67E5-A0C6-4D4B-8CF7-9C7F7A9CDB53} - System32\Tasks\RunSmartLeapServiceCenter => C:\Users\gismeu\Downloads\ServiceCenter.exe
Task: {4990BD4F-F494-4B0C-96B7-DFE0316D1920} - System32\Tasks\Driver Booster SkipUAC (gismeu) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {4B5395F2-9D60-4220-A05F-71D9038981DC} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
Task: {5BE35628-9A9E-4B25-A002-D4B0A6FD4E26} - System32\Tasks\TVT\LaunchRnR => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe [2009-08-28] (Lenovo Limited Group Corporation)
Task: {6283A799-2A08-42B1-8366-73F1C2ACECED} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {670BC3EA-8C7A-42B2-B6CF-C3908B9C662A} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-24] (Lenovo Group Limited)
Task: {695244D2-9FC2-4885-962A-B66039EF1556} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
Task: {6E860934-FD7A-4877-91B4-02C9A52ED227} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Task: {6FFD2AE0-FE74-41D7-A013-467AF8A55D12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7CAB3C1E-59F7-4D26-AC0E-56BC40E0E51F} - System32\Tasks\G2MUploadTask-S-1-5-21-4102688973-2130496443-4087980055-1000 => C:\Users\gismeu\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe
Task: {809CDCC8-01C7-48C5-A681-46F5668C3403} - System32\Tasks\Trader Workstation Update => C:\Jts\WiseUpdt.exe
Task: {9FB5B7AD-C22D-4BA1-9505-93776C4C9C54} - System32\Tasks\TVT\ChangePWD => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe [2009-08-28] (Lenovo Limited Group Corporation)
Task: {A6B698F0-4533-4944-80CF-E465149EEA4A} - System32\Tasks\{340124C1-FB07-4F34-A3AE-B6C9FA5F6778} => pcalua.exe -a "C:\Program Files (x86)\MetaTrader 4\Uninstall.exe"
Task: {B06A406B-B5CB-4592-85A8-EB2CA4A89803} - System32\Tasks\TVT\UpdateRnR => C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsetsched.exe [2009-08-28] ()
Task: {B0C5DA1D-700B-498D-B54A-F72C54B1FC7E} - System32\Tasks\Uninstaller_SkipUac_gismeu => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {B76104BB-182B-45BB-AA97-F0F5A96544EA} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {B85EA420-C03C-4DF3-81EA-B89DDEA6BAA3} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {BB937074-419E-4BFF-ADF5-99F7D6CF68AC} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {DCD9FD18-D5D5-46DC-9334-7A1A437D3098} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {DEF1B57B-E5CE-4801-8D9B-32B4E2664242} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {E9009AD7-5EC2-4ADA-ACFD-41BB62DE1F44} - System32\Tasks\Message Center plus => C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\$talisma_url$ -> hxxps://$talisma_url$
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\...\100sexlinks.com -> 100sexlinks.com
There are 5317 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4102688973-2130496443-4087980055-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\gismeu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: RapportMgmtService => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SUService => 3
MSCONFIG\Services: ThinkVantage Registry Monitor Service => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: TVT Backup Service => 3
MSCONFIG\Services: vToolbarUpdater18.1.9 => 2
MSCONFIG\startupfolder: C:^Users^gismeu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk.Startup
MSCONFIG\startupfolder: C:^Users^gismeu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: HP Officejet 4620 series (NET) => "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN35T3403D05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: Launch Backup Service Once => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe -start
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{F64A3A59-5CEA-42BD-A205-2A168773BB3C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BEE10CAB-486B-46E0-81E4-B98E24C8D52A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9D1E3B47-5C39-4D4A-932D-18ACCDD7109F}C:\program files (x86)\lenovo\system update\uncserver.exe] => (Allow) C:\program files (x86)\lenovo\system update\uncserver.exe
FirewallRules: [UDP Query User{F5279ADD-C696-43FB-960C-C3DBAE58EA8A}C:\program files (x86)\lenovo\system update\uncserver.exe] => (Allow) C:\program files (x86)\lenovo\system update\uncserver.exe
FirewallRules: [TCP Query User{FDEE8C55-136F-44B5-8216-5B5766068BE8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{95A3E870-59EB-4125-8D20-36A40880FAD5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C953A675-ECF6-4374-BDCB-2F05627912D4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{73C9775A-CA9C-4973-A53D-8410E05BCE3E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{24671E6A-9460-4DB4-85F2-2105653E408A}C:\program files (x86)\cqg\qtrader t\bin\cqg.exe] => (Allow) C:\program files (x86)\cqg\qtrader t\bin\cqg.exe
FirewallRules: [UDP Query User{E6B36C72-8A83-4775-8927-EC4D41DA5D28}C:\program files (x86)\cqg\qtrader t\bin\cqg.exe] => (Allow) C:\program files (x86)\cqg\qtrader t\bin\cqg.exe
FirewallRules: [TCP Query User{9CBF3ED8-31B8-4D92-BE4D-414B3369889A}C:\program files (x86)\cqg\qtrader t\bin\cqgnetscore.exe] => (Allow) C:\program files (x86)\cqg\qtrader t\bin\cqgnetscore.exe
FirewallRules: [UDP Query User{BCBD1933-38CC-41E0-9DAD-BB12795CD980}C:\program files (x86)\cqg\qtrader t\bin\cqgnetscore.exe] => (Allow) C:\program files (x86)\cqg\qtrader t\bin\cqgnetscore.exe
FirewallRules: [{EDE06C99-4722-4C17-97B3-49EC10CE6F2F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{BD77F457-2846-4E2F-85B9-0F5BF7556F25}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{1ACCDDA9-C86E-44E7-AED6-93EB070FA944}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{413A360E-6B0E-4ED8-A5F1-8FAC21405136}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{0993D166-2039-47E8-84D3-ACBC91B91C86}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{8CD3EF02-2ACE-443B-9061-94F8B65F0C9F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{1EFFF901-ADA2-49DC-8B7E-C1FA03348E54}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
==================== Restore Points =========================
07-04-2015 14:58:54 Installed Rapport
07-04-2015 18:44:13 Windows Update
01-05-2015 22:38:32 Windows Live Essentials
01-05-2015 22:40:07 WLSetup
01-05-2015 22:46:47 Windows Update
04-05-2015 12:59:46 Windows Update
13-07-2015 10:09:03 Installed Rapport
13-07-2015 12:15:16 Installed Rapport
01-11-2015 16:21:46 Removed Rapport
01-11-2015 16:47:25 Driver Booster : Base System Device
10-11-2015 23:20:46 Installed Rapport
10-11-2015 23:20:46 IObit Uninstaller restore point
11-11-2015 10:46:13 Installed Rapport
11-11-2015 10:51:38 Removed AVG 2013
11-11-2015 11:17:14 Removed AVG 2013
11-11-2015 14:05:37 Installed QTrader
11-11-2015 15:09:59 Windows Update
==================== Faulty Device Manager Devices =============
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: RapportHades64
Description: RapportHades64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RapportHades64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/01/2016 08:00:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/30/2016 09:18:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/30/2016 04:53:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/29/2016 06:48:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress.
.
Error: (04/29/2016 05:40:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/28/2016 11:06:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/28/2016 11:03:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/26/2016 06:24:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/25/2016 04:53:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/22/2016 05:48:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/01/2016 08:08:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/01/2016 08:08:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/01/2016 08:08:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/01/2016 08:06:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/01/2016 08:06:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/01/2016 08:06:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/01/2016 08:02:09 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (05/01/2016 08:02:02 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (05/01/2016 08:01:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/01/2016 08:01:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
==================== Memory info ===========================
Processor: Intel® Core2 Duo CPU T6670 @ 2.20GHz
Percentage of memory in use: 49%
Total physical RAM: 1912.86 MB
Available physical RAM: 958.25 MB
Total Virtual: 3825.72 MB
Available Virtual: 2939.54 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:221.95 GB) (Free:146.73 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.29 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 6D47215F)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================