Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Kuluoz or related infection


  • This topic is locked This topic is locked
20 replies to this topic

#1 Lebowitz IT Services

Lebowitz IT Services

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 30 May 2014 - 09:34 AM

I'm trying to clean a computer whose owner opened the attachment on one of those "Notice to Appear in Court" scam e-mails. According to my research, opening the attachment runs a program that tries to install a variant of the Kuluoz virus. For better or for worse, the computer runs AVG 2014 (free version), which partially blocked the malware, so the computer hasn't been exhibiting all the symptoms associated with Kuluoz infections. In particular, web browsers don't appear to be hijacked, and no scareware has popped up. However, there are obvious signs that there's something running that shouldn't be: Scheduled AVG scans keep finding new threats in locations typically used by malware to propagate (temp folder, Windows folder, Windows\System32, etc.) and every so often, a rogue process, a .exe file with a randomly-generated, 8-character name, runs and tries to launch a phony Flash update. There is also evidence that the malware at least initially stole the owner's e-mail password and sent out spam. It's not clear if the password-stealing piece is still active and capable of stealing the user's new e-mail password. Unfortunately, AVG blocked or removed enough of the infection that identifying what's left is proving extremely difficult. My initial attempts to clean the system with rkill and MalwareBytes and with System Restore were not completely successful. (System Restore does not report any errors, but doesn't appear to actually restore the system to the chosen date.)

 

So, I am in need of your expert assistance. My DDS logs are attached.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 AM

Posted 04 June 2014 - 09:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/536022 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Lebowitz IT Services

Lebowitz IT Services
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 05 June 2014 - 09:47 PM

I do still need help with this computer. However, there is no new information to post, as the computer has been turned off since I opened the topic.



#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:06:52 AM

Posted 11 June 2014 - 08:24 PM

Hello Lebowitz, and   :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts.  :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note
: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Best Regards,
oneof4.


#5 Lebowitz IT Services

Lebowitz IT Services
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 11 June 2014 - 09:30 PM

Many thanks for answering, oneof4 - I know from past experience that this is where the very best malware removal experts are found, and I greatly appreciate your assistance.

 

Here are the attached logs. I am standing by for further instructions.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 01
Ran by Renee (administrator) on THINKPAD on 11-06-2014 21:22:43
Running from C:\Users\Renee\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_comm_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_system_customer.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\loggingserver.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_user_customer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
() C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
() C:\Program Files (x86)\Roxio 2010\Roxio Burn\Roxio Burn.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2881336 2012-06-19] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (CANON INC.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-31] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-13] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel® Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4243168 2012-04-23] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2561560 2014-05-09] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [240112 2009-07-24] (Sonic Solutions)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe [84464 2009-07-21] ()
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-23] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-308344010-1766348682-2937439011-1000\...\Run: [SugarSync] => C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.)
HKU\S-1-5-21-308344010-1766348682-2937439011-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-16] (Google Inc.)
HKU\S-1-5-21-308344010-1766348682-2937439011-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-308344010-1766348682-2937439011-1000\...\MountPoints2: {3721a0a6-17cf-11e2-9afa-806e6f6e6963} - Q:\LenovoQDrive.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\The Print Shop 23\Remind.exe (Broderbund Properties LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS523
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS523
BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.5.514\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.5.514\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\o7j7z9sk.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://mysearch.avg.com/?cid={49123CB9-2523-4B1D-A2F0-0FEF7F5D9388}&mid=4d83e82faea547d3a7ea69c1a53b1920-a87ad5e630e544137763b51fa947ba7d028a8fbd&lang=en&ds=AVG&pr=fr&d=2013-09-21 22:26:06&v=15.4.0.5&pid=safeguard&sg=0&sap=hp
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5\\npsitesafety.dll No File
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.514
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.514 [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
CHR Extension: (Google Docs) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-14]
CHR Extension: (Google Drive) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-14]
CHR Extension: (YouTube) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-14]
CHR Extension: (Website Logon) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj [2013-02-14]
CHR Extension: (Google Search) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-14]
CHR Extension: (Norton Identity Protection) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-02-14]
CHR Extension: (Gmail) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-14]
CHR HKLM-x32\...\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-03-14]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-06-07] (AuthenTec, Inc)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_service.exe [610888 2014-05-30] (Citrix Online, a division of Citrix Systems, Inc.)
S3 ICDSPTSV; C:\Windows\SysWOW64\IcdSptSv.exe [69632 2003-04-01] (Sony Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-05-31] (Intel Corporation)
S2 Intel® Small Business Advantage; C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [46816 2012-04-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-09-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2007-05-24] (Intuit Inc.) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 vToolbarUpdater18.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [1801752 2014-05-09] (AVG Secure Search)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-09] (AVG Technologies)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-26] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-19] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [957184 2011-11-24] (Vimicro Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-11 21:22 - 2014-06-11 21:23 - 00026932 _____ () C:\Users\Renee\Downloads\FRST.txt
2014-06-11 21:22 - 2014-06-11 21:22 - 02081792 _____ (Farbar) C:\Users\Renee\Downloads\FRST64.exe
2014-06-11 21:22 - 2014-06-11 21:22 - 00000000 ____D () C:\FRST
2014-06-11 21:20 - 2014-06-11 21:20 - 00000000 ____D () C:\Users\Renee\AppData\Local\Macromedia
2014-06-11 21:15 - 2014-06-11 21:15 - 00254490 _____ () C:\Users\Renee\Desktop\MGlogs.zip
2014-06-11 21:02 - 2014-06-11 21:15 - 00254490 _____ () C:\MGlogs.zip
2014-06-11 21:02 - 2014-06-11 21:15 - 00000000 ____D () C:\MGtools
2014-06-11 14:05 - 2014-06-11 14:05 - 00001834 _____ () C:\Users\Renee\Documents\HitmanPro_20140611_1404.log
2014-06-11 12:58 - 2014-06-11 12:58 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-11 12:56 - 2014-06-11 13:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-11 11:25 - 2014-06-11 09:55 - 00003685 _____ () C:\Users\Renee\Documents\RKreport_SCN_06112014_095528.log
2014-06-11 11:10 - 2014-06-11 11:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-11 11:10 - 2014-06-11 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-11 11:10 - 2014-06-11 11:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-11 11:10 - 2014-05-12 07:55 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-11 11:10 - 2014-05-12 07:55 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-11 11:10 - 2014-05-12 07:54 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-11 09:52 - 2014-06-11 09:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-06-11 09:42 - 2014-06-11 09:43 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-11 09:36 - 2014-06-11 09:31 - 01990574 _____ () C:\MGtools.exe
2014-06-11 09:35 - 2014-06-11 09:35 - 00015812 _____ () C:\Windows\system32\results.xml
2014-06-11 09:35 - 2014-06-11 09:35 - 00000000 ____D () C:\Users\Renee\AppData\Roaming\Roxio
2014-06-11 09:31 - 2014-06-11 09:32 - 10971424 _____ (SurfRight B.V.) C:\Users\Mommy & Abba\Downloads\HitmanPro_x64.exe
2014-06-11 09:31 - 2014-06-11 09:31 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Mommy & Abba\Downloads\tdsskiller.exe
2014-06-11 09:31 - 2014-06-11 09:31 - 01990574 _____ () C:\Users\Mommy & Abba\Downloads\MGtools.exe
2014-06-11 09:30 - 2014-06-11 09:30 - 17291728 _____ (Malwarebytes Corporation ) C:\Users\Mommy & Abba\Downloads\mbam-setup-majorgeeks-2.0.2.1012.exe
2014-06-11 09:30 - 2014-06-11 09:30 - 05245952 _____ () C:\Users\Mommy & Abba\Downloads\RogueKillerX64.exe
2014-06-11 09:01 - 2014-06-11 09:01 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-05-30 09:40 - 2014-05-30 18:28 - 00271570 _____ () C:\Users\MOMMYGoToAssist Remote Support Customer_00.LOG
2014-05-30 09:40 - 2014-05-30 18:28 - 00004941 _____ () C:\Users\MOMMYmgn_service-service_00.log
2014-05-30 09:40 - 2014-05-30 09:40 - 00169544 _____ (Citrix Online) C:\Windows\system32\g2ax_credential_provider64_637.dll
2014-05-30 09:40 - 2014-05-30 09:40 - 00007267 _____ () C:\Users\MOMMYmgn_service-install_manual_00.log
2014-05-30 09:40 - 2014-05-30 09:40 - 00001587 _____ () C:\Users\Renee\Desktop\GoToAssist Customer.lnk
2014-05-30 09:40 - 2014-05-30 09:40 - 00001059 _____ () C:\Users\MOMMYmgn_service-start_session_00.log
2014-05-30 09:40 - 2014-05-30 09:40 - 00000000 ____D () C:\Users\Renee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-05-30 09:40 - 2014-05-30 09:40 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-05-30 09:39 - 2014-05-30 09:39 - 03539584 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Mommy & Abba\Downloads\g2a_rs_installer_mar4klebowitzit_com.exe
2014-05-30 09:32 - 2014-05-30 09:32 - 00027876 _____ () C:\Users\Renee\Downloads\DDS.txt
2014-05-30 09:32 - 2014-05-30 09:32 - 00011104 _____ () C:\Users\Renee\Downloads\Attach.txt
2014-05-30 09:18 - 2014-05-30 09:18 - 00011104 _____ () C:\Users\Renee\Desktop\attach.txt
2014-05-30 09:18 - 2014-05-30 09:17 - 00027876 _____ () C:\Users\Renee\Desktop\dds.txt
2014-05-30 09:15 - 2014-05-30 09:15 - 00688992 ____R (Swearware) C:\Users\Mommy & Abba\Downloads\dds.com
2014-05-30 07:11 - 2014-05-30 18:27 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Roaming\Zabezi
2014-05-30 06:30 - 2014-05-30 08:58 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Roaming\Atytfi
2014-05-30 01:17 - 2014-05-30 01:19 - 04485528 _____ (AVG Technologies) C:\Users\Mommy & Abba\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-30 00:21 - 2014-05-30 01:37 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-05-30 00:20 - 2014-05-30 01:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-30 00:09 - 2014-05-30 00:10 - 00679529 _____ () C:\Users\Mommy & Abba\Downloads\extension_1_8_1.crx
2014-05-30 00:03 - 2014-05-30 00:20 - 00007605 _____ () C:\Users\Renee\AppData\Local\Resmon.ResmonCfg
2014-05-29 23:40 - 2014-05-29 23:40 - 00000000 ____D () C:\Users\Default\AppData\Local\Tvsukernel
2014-05-29 23:40 - 2014-05-29 23:40 - 00000000 ____D () C:\Users\Default User\AppData\Local\Tvsukernel
2014-05-29 23:36 - 2014-05-29 23:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\PwrMgr
2014-05-29 23:36 - 2014-05-29 23:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\PwrMgr
2014-05-29 23:32 - 2014-05-29 23:32 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-05-29 23:32 - 2014-05-29 23:32 - 00000000 ____D () C:\Users\Default\AppData\Local\Lenovo
2014-05-29 23:32 - 2014-05-29 23:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\Lenovo
2014-05-29 23:31 - 2014-05-29 23:31 - 01402880 _____ () C:\Users\Mommy & Abba\Downloads\HiJackThis.msi
2014-05-29 23:28 - 2013-05-14 06:15 - 00064624 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys
2014-05-29 23:24 - 2013-06-06 13:58 - 00515568 _____ (Intel Corporation) C:\Windows\system32\SETEB18.tmp
2014-05-29 23:24 - 2013-06-06 13:58 - 00442352 _____ (Intel Corporation) C:\Windows\system32\SETF82C.tmp
2014-05-29 23:24 - 2013-06-06 13:58 - 00279024 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2014-05-29 23:24 - 2013-06-06 13:58 - 00254960 _____ (Intel Corporation) C:\Windows\system32\SET31B.tmp
2014-05-29 23:24 - 2013-06-06 13:58 - 00172016 _____ (Intel Corporation) C:\Windows\system32\SETEE68.tmp
2014-05-29 23:24 - 2013-05-24 07:17 - 00116224 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3190.dll
2014-05-29 23:24 - 2013-05-21 01:27 - 00017078 _____ () C:\Windows\system32\iglhxs64.vp
2014-05-29 23:24 - 2013-05-21 01:20 - 12615680 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2014-05-29 23:24 - 2013-05-21 01:20 - 05359168 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2014-05-29 23:24 - 2013-05-21 01:20 - 00440320 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00432128 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00431104 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00429056 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00428544 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2014-05-29 23:24 - 2013-05-21 01:20 - 00410624 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2014-05-29 23:24 - 2013-05-21 01:20 - 00384512 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2014-05-29 23:24 - 2013-05-21 01:20 - 00330752 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2014-05-29 23:24 - 2013-05-21 01:20 - 00286208 _____ (Intel Corporation) C:\Windows\system32\SETDAF.tmp
2014-05-29 23:24 - 2013-05-21 01:20 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2014-05-29 23:24 - 2013-05-21 01:20 - 00126976 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2014-05-29 23:24 - 2013-05-21 01:20 - 00080384 _____ () C:\Windows\system32\igdde64.dll
2014-05-29 23:24 - 2013-05-21 01:20 - 00064512 _____ () C:\Windows\SysWOW64\igdde32.dll
2014-05-29 23:24 - 2013-05-21 01:20 - 00025088 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2014-05-29 23:24 - 2013-05-21 01:20 - 00009728 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2014-05-29 23:24 - 2013-05-21 01:17 - 03511296 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2014-05-29 23:24 - 2013-05-21 01:17 - 03121152 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2014-05-29 23:24 - 2013-05-21 01:17 - 01040384 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2014-05-29 23:24 - 2013-05-21 01:17 - 00931840 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2014-05-29 23:24 - 2013-05-21 01:17 - 00575488 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2014-05-29 23:24 - 2013-05-21 01:17 - 00542720 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2014-05-29 23:24 - 2013-05-21 01:17 - 00272928 _____ () C:\Windows\SysWOW64\igvpkrng600.bin
2014-05-29 23:24 - 2013-05-21 01:17 - 00272928 _____ () C:\Windows\system32\igvpkrng600.bin
2014-05-29 23:24 - 2013-05-21 01:17 - 00216064 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2014-05-29 23:24 - 2013-05-21 01:17 - 00180224 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2014-05-29 23:23 - 2013-06-06 13:58 - 05905904 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2014-05-29 23:23 - 2013-06-06 13:58 - 00399856 _____ (Intel Corporation) C:\Windows\system32\SETEEC7.tmp
2014-05-29 23:23 - 2013-06-06 13:58 - 00185840 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2014-05-29 23:23 - 2013-05-24 07:18 - 00342528 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2014-05-29 23:23 - 2013-05-24 07:18 - 00016896 _____ (Intel® Corporation) C:\Windows\system32\SET51A9.tmp
2014-05-29 23:23 - 2013-05-21 01:20 - 00223664 _____ () C:\Windows\system32\Gfxres.th-TH.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00210106 _____ () C:\Windows\system32\Gfxres.el-GR.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00194245 _____ () C:\Windows\system32\Gfxres.ru-RU.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00175104 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2014-05-29 23:23 - 2013-05-21 01:20 - 00166170 _____ () C:\Windows\system32\Gfxres.ar-SA.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00163421 _____ () C:\Windows\system32\Gfxres.ja-JP.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00159008 _____ () C:\Windows\system32\Gfxres.he-IL.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00149682 _____ () C:\Windows\system32\Gfxres.it-IT.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00148042 _____ () C:\Windows\system32\Gfxres.ko-KR.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00147393 _____ () C:\Windows\system32\Gfxres.de-DE.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00147288 _____ () C:\Windows\system32\Gfxres.es-ES.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00146004 _____ () C:\Windows\system32\Gfxres.ro-RO.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00145491 _____ () C:\Windows\system32\Gfxres.fr-FR.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00144645 _____ () C:\Windows\system32\Gfxres.tr-TR.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00144260 _____ () C:\Windows\system32\Gfxres.pt-BR.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00144020 _____ () C:\Windows\system32\Gfxres.nl-NL.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00143932 _____ () C:\Windows\system32\Gfxres.hu-HU.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00142882 _____ () C:\Windows\system32\Gfxres.sv-SE.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00142877 _____ () C:\Windows\system32\Gfxres.pt-PT.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00142717 _____ () C:\Windows\system32\Gfxres.pl-PL.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00142289 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00142008 _____ () C:\Windows\system32\Gfxres.fi-FI.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00141838 _____ () C:\Windows\system32\Gfxres.sk-SK.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00141049 _____ () C:\Windows\system32\Gfxres.hr-HR.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00137889 _____ () C:\Windows\system32\Gfxres.sl-SI.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00137784 _____ () C:\Windows\system32\Gfxres.nb-NO.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00137141 _____ () C:\Windows\system32\Gfxres.da-DK.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00132623 _____ () C:\Windows\system32\Gfxres.en-US.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00126300 _____ () C:\Windows\system32\Gfxres.zh-TW.resources
2014-05-29 23:23 - 2013-05-21 01:20 - 00124650 _____ () C:\Windows\system32\Gfxres.zh-CN.resources
2014-05-29 23:23 - 2013-05-21 01:19 - 13030912 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2014-05-29 23:23 - 2013-05-21 01:19 - 10812416 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2014-05-29 23:23 - 2013-05-21 01:17 - 00963452 _____ () C:\Windows\SysWOW64\igcodeckrng600.bin
2014-05-29 23:23 - 2013-05-21 01:17 - 00963452 _____ () C:\Windows\system32\igcodeckrng600.bin
2014-05-29 23:22 - 2013-04-10 11:09 - 00849992 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-05-29 23:22 - 2013-04-10 11:09 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-05-29 23:14 - 2014-05-29 23:14 - 00000000 ____D () C:\Users\Mommy & Abba\Desktop\Old Firefox Data
2014-05-29 22:16 - 2014-05-29 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 22:14 - 2014-05-29 22:15 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\Mommy & Abba\Downloads\mbam-setup(1).exe
2014-05-29 22:11 - 2014-05-29 22:14 - 00002360 _____ () C:\Users\Renee\Desktop\Rkill.txt
2014-05-29 22:11 - 2014-05-29 22:11 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Mommy & Abba\Downloads\rkill.exe
2014-05-29 20:10 - 2014-05-30 01:37 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Local\Citrix
2014-05-29 20:01 - 2014-05-29 20:02 - 00288824 _____ (Citrix Online) C:\Users\Mommy & Abba\Downloads\Citrix Online Launcher.exe
2014-05-29 05:56 - 2014-05-29 05:56 - 00068782 _____ () C:\Users\Mommy & Abba\AppData\Local\imqetxoh
2014-05-29 05:53 - 2014-05-29 05:53 - 00000000 _____ () C:\Users\Mommy & Abba\AppData\Roaming\SharedSettings.ccs
2014-05-28 22:41 - 2014-05-28 22:41 - 00000000 ____D () C:\Users\Mommy & Abba\Desktop\Discover dispute
2014-05-28 22:40 - 2014-05-28 22:40 - 00000000 ____D () C:\Users\Mommy & Abba\Desktop\2014_05_28
2014-05-28 21:59 - 2014-05-28 22:00 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Local\{2B0E20E9-1689-4102-A750-3B87DD315473}
2014-05-25 10:36 - 2014-05-25 10:55 - 00000000 ____D () C:\Users\Mommy & Abba\Desktop\2014_05_25
2014-05-19 17:50 - 2014-05-19 17:50 - 00972288 _____ () C:\Users\Mommy & Abba\Downloads\taste of torah jr flyer (2).pub
2014-05-19 17:28 - 2014-05-19 17:29 - 00972288 _____ () C:\Users\Mommy & Abba\Downloads\taste of torah jr flyer (1).pub
2014-05-19 17:26 - 2014-05-19 17:28 - 00972288 _____ () C:\Users\Mommy & Abba\Downloads\taste of torah jr flyer.pub
2014-05-17 21:26 - 2014-05-17 21:26 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Local\adawarebp
2014-05-16 07:21 - 2014-05-16 07:21 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Roaming\Lavasoft
2014-05-16 05:59 - 2014-05-16 05:59 - 00000000 ____D () C:\Users\Renee\AppData\Roaming\LavasoftStatistics
2014-05-15 22:06 - 2014-05-18 13:30 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-05-15 21:57 - 2014-05-15 21:57 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-15 21:56 - 2014-05-15 21:57 - 01727624 _____ () C:\Users\Mommy & Abba\Downloads\Adaware_Installer.exe
2014-05-14 20:22 - 2014-05-14 20:22 - 00094331 _____ () C:\Users\Mommy & Abba\Downloads\Go Fish Cue Card.bm2
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

==================== One Month Modified Files and Folders =======

2014-06-11 21:23 - 2014-06-11 21:22 - 00026932 _____ () C:\Users\Renee\Downloads\FRST.txt
2014-06-11 21:23 - 2013-02-14 23:37 - 00000000 ____D () C:\Users\Renee\AppData\Local\Temp
2014-06-11 21:22 - 2014-06-11 21:22 - 02081792 _____ (Farbar) C:\Users\Renee\Downloads\FRST64.exe
2014-06-11 21:22 - 2014-06-11 21:22 - 00000000 ____D () C:\FRST
2014-06-11 21:20 - 2014-06-11 21:20 - 00000000 ____D () C:\Users\Renee\AppData\Local\Macromedia
2014-06-11 21:15 - 2014-06-11 21:15 - 00254490 _____ () C:\Users\Renee\Desktop\MGlogs.zip
2014-06-11 21:15 - 2014-06-11 21:02 - 00254490 _____ () C:\MGlogs.zip
2014-06-11 21:15 - 2014-06-11 21:02 - 00000000 ____D () C:\MGtools
2014-06-11 21:14 - 2013-05-21 20:59 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-308344010-1766348682-2937439011-1001UA.job
2014-06-11 21:11 - 2012-10-16 15:53 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-11 21:09 - 2013-02-14 23:48 - 00000000 ____D () C:\Users\Renee\AppData\Roaming\Nitro PDF
2014-06-11 21:03 - 2013-02-15 00:17 - 00000000 ____D () C:\Users\Renee\AppData\Local\CrashDumps
2014-06-11 20:36 - 2013-02-18 19:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-11 18:11 - 2012-10-16 15:53 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-11 17:34 - 2013-02-16 20:12 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-11 16:46 - 2012-10-16 15:32 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-06-11 14:32 - 2013-02-14 23:55 - 00000000 ____D () C:\Users\Renee\AppData\Local\Lenovo
2014-06-11 14:05 - 2014-06-11 14:05 - 00001834 _____ () C:\Users\Renee\Documents\HitmanPro_20140611_1404.log
2014-06-11 13:01 - 2014-06-11 12:56 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-11 12:59 - 2009-07-13 23:51 - 00074956 _____ () C:\Windows\setupact.log
2014-06-11 12:58 - 2014-06-11 12:58 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-11 12:55 - 2009-07-13 23:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-11 12:55 - 2009-07-13 23:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-11 12:53 - 2012-10-16 15:25 - 01084955 _____ () C:\Windows\WindowsUpdate.log
2014-06-11 12:49 - 2012-10-16 15:32 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-06-11 12:46 - 2010-11-20 22:47 - 00585678 _____ () C:\Windows\PFRO.log
2014-06-11 12:46 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-11 12:46 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\Setup
2014-06-11 11:33 - 2013-02-15 00:55 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Local\Temp
2014-06-11 11:14 - 2014-06-11 11:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-11 11:10 - 2014-06-11 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-11 11:10 - 2014-06-11 11:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-11 11:09 - 2013-02-14 23:38 - 00021279 _____ () C:\Users\Renee\AppData\Roaming\AbsoluteReminder.xml
2014-06-11 09:55 - 2014-06-11 11:25 - 00003685 _____ () C:\Users\Renee\Documents\RKreport_SCN_06112014_095528.log
2014-06-11 09:52 - 2014-06-11 09:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-06-11 09:48 - 2013-02-15 06:15 - 00000000 ____D () C:\Users\Renee\AppData\Local\Mozilla
2014-06-11 09:43 - 2014-06-11 09:42 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-11 09:35 - 2014-06-11 09:35 - 00015812 _____ () C:\Windows\system32\results.xml
2014-06-11 09:35 - 2014-06-11 09:35 - 00000000 ____D () C:\Users\Renee\AppData\Roaming\Roxio
2014-06-11 09:35 - 2013-02-21 22:34 - 00000000 ____D () C:\Users\Renee\AppData\Roaming\Apple Computer
2014-06-11 09:35 - 2013-02-16 22:01 - 00000000 ____D () C:\Users\Renee\AppData\Local\AVG SafeGuard toolbar
2014-06-11 09:34 - 2013-03-06 17:55 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-11 09:32 - 2014-06-11 09:31 - 10971424 _____ (SurfRight B.V.) C:\Users\Mommy & Abba\Downloads\HitmanPro_x64.exe
2014-06-11 09:31 - 2014-06-11 09:36 - 01990574 _____ () C:\MGtools.exe
2014-06-11 09:31 - 2014-06-11 09:31 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Mommy & Abba\Downloads\tdsskiller.exe
2014-06-11 09:31 - 2014-06-11 09:31 - 01990574 _____ () C:\Users\Mommy & Abba\Downloads\MGtools.exe
2014-06-11 09:30 - 2014-06-11 09:30 - 17291728 _____ (Malwarebytes Corporation ) C:\Users\Mommy & Abba\Downloads\mbam-setup-majorgeeks-2.0.2.1012.exe
2014-06-11 09:30 - 2014-06-11 09:30 - 05245952 _____ () C:\Users\Mommy & Abba\Downloads\RogueKillerX64.exe
2014-06-11 09:15 - 2013-02-14 23:39 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Roaming\Mozilla
2014-06-11 09:01 - 2014-06-11 09:01 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-06-11 09:01 - 2012-10-16 15:41 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-06-11 09:01 - 2012-10-16 15:35 - 00000000 ____D () C:\Program Files\Lenovo
2014-06-11 09:00 - 2012-10-16 15:41 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-06-11 08:58 - 2013-02-15 00:57 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Local\Lenovo
2014-06-11 08:50 - 2013-02-15 07:19 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Local\CrashDumps
2014-05-30 18:28 - 2014-05-30 09:40 - 00271570 _____ () C:\Users\MOMMYGoToAssist Remote Support Customer_00.LOG
2014-05-30 18:28 - 2014-05-30 09:40 - 00004941 _____ () C:\Users\MOMMYmgn_service-service_00.log
2014-05-30 18:27 - 2014-05-30 07:11 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Roaming\Zabezi
2014-05-30 09:40 - 2014-05-30 09:40 - 00169544 _____ (Citrix Online) C:\Windows\system32\g2ax_credential_provider64_637.dll
2014-05-30 09:40 - 2014-05-30 09:40 - 00007267 _____ () C:\Users\MOMMYmgn_service-install_manual_00.log
2014-05-30 09:40 - 2014-05-30 09:40 - 00001587 _____ () C:\Users\Renee\Desktop\GoToAssist Customer.lnk
2014-05-30 09:40 - 2014-05-30 09:40 - 00001059 _____ () C:\Users\MOMMYmgn_service-start_session_00.log
2014-05-30 09:40 - 2014-05-30 09:40 - 00000000 ____D () C:\Users\Renee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-05-30 09:40 - 2014-05-30 09:40 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-05-30 09:39 - 2014-05-30 09:39 - 03539584 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Mommy & Abba\Downloads\g2a_rs_installer_mar4klebowitzit_com.exe
2014-05-30 09:32 - 2014-05-30 09:32 - 00027876 _____ () C:\Users\Renee\Downloads\DDS.txt
2014-05-30 09:32 - 2014-05-30 09:32 - 00011104 _____ () C:\Users\Renee\Downloads\Attach.txt
2014-05-30 09:18 - 2014-05-30 09:18 - 00011104 _____ () C:\Users\Renee\Desktop\attach.txt
2014-05-30 09:17 - 2014-05-30 09:18 - 00027876 _____ () C:\Users\Renee\Desktop\dds.txt
2014-05-30 09:15 - 2014-05-30 09:15 - 00688992 ____R (Swearware) C:\Users\Mommy & Abba\Downloads\dds.com
2014-05-30 09:05 - 2009-07-14 00:13 - 00739790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 08:58 - 2014-05-30 06:30 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Roaming\Atytfi
2014-05-30 01:37 - 2014-05-30 00:21 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-05-30 01:37 - 2014-05-30 00:20 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-30 01:37 - 2014-05-29 20:10 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Local\Citrix
2014-05-30 01:37 - 2014-05-11 15:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-30 01:37 - 2014-05-09 17:17 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-05-30 01:37 - 2014-03-31 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-30 01:37 - 2013-09-21 22:26 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-05-30 01:37 - 2013-07-24 21:29 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Roaming\Roxio
2014-05-30 01:37 - 2013-07-23 23:40 - 00000000 ____D () C:\ProgramData\CinemaNow
2014-05-30 01:37 - 2013-04-15 16:53 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-05-30 01:37 - 2013-04-15 16:52 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-05-30 01:37 - 2013-02-18 19:04 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-30 01:37 - 2013-02-15 06:30 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Local\Microsoft Help
2014-05-30 01:37 - 2013-02-15 00:55 - 00000000 ____D () C:\Users\Mommy & Abba
2014-05-30 01:37 - 2013-02-14 23:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-30 01:37 - 2013-02-14 23:37 - 00000000 ____D () C:\Users\Renee
2014-05-30 01:37 - 2012-10-16 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Password Vault
2014-05-30 01:37 - 2012-10-16 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-30 01:37 - 2012-10-16 15:40 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2014-05-30 01:37 - 2012-10-16 15:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-30 01:37 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-05-30 01:37 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-05-30 01:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2014-05-30 01:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-05-30 01:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-30 01:19 - 2014-05-30 01:17 - 04485528 _____ (AVG Technologies) C:\Users\Mommy & Abba\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-30 01:13 - 2013-05-21 20:59 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-308344010-1766348682-2937439011-1001Core.job
2014-05-30 00:20 - 2014-05-30 00:03 - 00007605 _____ () C:\Users\Renee\AppData\Local\Resmon.ResmonCfg
2014-05-30 00:10 - 2014-05-30 00:09 - 00679529 _____ () C:\Users\Mommy & Abba\Downloads\extension_1_8_1.crx
2014-05-30 00:07 - 2013-02-15 03:59 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Roaming\Nitro PDF
2014-05-29 23:40 - 2014-05-29 23:40 - 00000000 ____D () C:\Users\Default\AppData\Local\Tvsukernel
2014-05-29 23:40 - 2014-05-29 23:40 - 00000000 ____D () C:\Users\Default User\AppData\Local\Tvsukernel
2014-05-29 23:37 - 2012-10-16 15:40 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2014-05-29 23:36 - 2014-05-29 23:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\PwrMgr
2014-05-29 23:36 - 2014-05-29 23:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\PwrMgr
2014-05-29 23:34 - 2012-10-15 23:05 - 00000000 ____D () C:\ProgramData\Lenovo
2014-05-29 23:32 - 2014-05-29 23:32 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-05-29 23:32 - 2014-05-29 23:32 - 00000000 ____D () C:\Users\Default\AppData\Local\Lenovo
2014-05-29 23:32 - 2014-05-29 23:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\Lenovo
2014-05-29 23:31 - 2014-05-29 23:31 - 01402880 _____ () C:\Users\Mommy & Abba\Downloads\HiJackThis.msi
2014-05-29 23:28 - 2012-10-16 15:30 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-29 23:22 - 2012-10-16 15:37 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-05-29 23:14 - 2014-05-29 23:14 - 00000000 ____D () C:\Users\Mommy & Abba\Desktop\Old Firefox Data
2014-05-29 23:01 - 2013-02-15 07:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-29 22:23 - 2013-05-19 18:51 - 00000000 ____D () C:\Windows\Minidump
2014-05-29 22:16 - 2014-05-29 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 22:15 - 2014-05-29 22:14 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\Mommy & Abba\Downloads\mbam-setup(1).exe
2014-05-29 22:14 - 2014-05-29 22:11 - 00002360 _____ () C:\Users\Renee\Desktop\Rkill.txt
2014-05-29 22:11 - 2014-05-29 22:11 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Mommy & Abba\Downloads\rkill.exe
2014-05-29 20:02 - 2014-05-29 20:01 - 00288824 _____ (Citrix Online) C:\Users\Mommy & Abba\Downloads\Citrix Online Launcher.exe
2014-05-29 05:56 - 2014-05-29 05:56 - 00068782 _____ () C:\Users\Mommy & Abba\AppData\Local\imqetxoh
2014-05-29 05:56 - 2013-09-21 22:23 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-29 05:53 - 2014-05-29 05:53 - 00000000 _____ () C:\Users\Mommy & Abba\AppData\Roaming\SharedSettings.ccs
2014-05-28 22:41 - 2014-05-28 22:41 - 00000000 ____D () C:\Users\Mommy & Abba\Desktop\Discover dispute
2014-05-28 22:40 - 2014-05-28 22:40 - 00000000 ____D () C:\Users\Mommy & Abba\Desktop\2014_05_28
2014-05-28 22:00 - 2014-05-28 21:59 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Local\{2B0E20E9-1689-4102-A750-3B87DD315473}
2014-05-25 10:56 - 2013-04-15 16:51 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Roaming\Canon
2014-05-25 10:55 - 2014-05-25 10:36 - 00000000 ____D () C:\Users\Mommy & Abba\Desktop\2014_05_25
2014-05-23 19:34 - 2013-02-15 01:20 - 00000000 ____D () C:\Users\Mommy & Abba\Desktop\renee receipts
2014-05-19 17:50 - 2014-05-19 17:50 - 00972288 _____ () C:\Users\Mommy & Abba\Downloads\taste of torah jr flyer (2).pub
2014-05-19 17:29 - 2014-05-19 17:28 - 00972288 _____ () C:\Users\Mommy & Abba\Downloads\taste of torah jr flyer (1).pub
2014-05-19 17:28 - 2014-05-19 17:26 - 00972288 _____ () C:\Users\Mommy & Abba\Downloads\taste of torah jr flyer.pub
2014-05-19 09:32 - 2013-09-21 22:26 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-18 14:05 - 2013-02-14 23:53 - 00000000 ____D () C:\Users\Renee\AppData\Local\Google
2014-05-18 13:30 - 2014-05-15 22:06 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-05-18 09:43 - 2013-09-16 21:43 - 00000000 ____D () C:\Users\Mommy & Abba\Desktop\Hillel Torah North Suburban Day School - Family Directory_files
2014-05-17 21:26 - 2014-05-17 21:26 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Local\adawarebp
2014-05-16 07:21 - 2014-05-16 07:21 - 00000000 ____D () C:\Users\Mommy & Abba\AppData\Roaming\Lavasoft
2014-05-16 05:59 - 2014-05-16 05:59 - 00000000 ____D () C:\Users\Renee\AppData\Roaming\LavasoftStatistics
2014-05-15 21:57 - 2014-05-15 21:57 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-15 21:57 - 2014-05-15 21:56 - 01727624 _____ () C:\Users\Mommy & Abba\Downloads\Adaware_Installer.exe
2014-05-15 21:57 - 2013-02-14 23:40 - 00428408 _____ () C:\Users\Renee\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-14 20:22 - 2014-05-14 20:22 - 00094331 _____ () C:\Users\Mommy & Abba\Downloads\Go Fish Cue Card.bm2
2014-05-13 18:30 - 2013-02-18 19:04 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 18:30 - 2013-02-18 19:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 18:30 - 2013-02-18 19:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-12 07:55 - 2014-06-11 11:10 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:55 - 2014-06-11 11:10 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:54 - 2014-06-11 11:10 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Renee\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-11 10:19

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 01
Ran by Renee at 2014-06-11 21:24:33
Running from C:\Users\Renee\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.19 - Absolute Software)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3964 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.5.514 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version:  - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version:  - )
Canon MX880 series User Registration (HKLM-x32\...\Canon MX880 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.0.63 - CinemaNow, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.48.0 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.392 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GoToAssist Customer 2.0.0.637 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.0.0.637 - Citrix Online)
H&R Block Deluxe + Efile + State 2011 (HKLM-x32\...\{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}) (Version: 11.05.7102 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block Illinois 2011 (HKLM-x32\...\{563F3279-A139-4C1C-B4E5-8889B136C135}) (Version: 1.11.3001 - HRB Technology, LLC.)
H&R Block Illinois 2012 (HKLM-x32\...\{AAD006D4-AABB-4A53-979F-CF7586B8C897}) (Version: 1.12.2801 - HRB Technology, LLC.)
H&R Block Illinois 2013 (HKLM-x32\...\{CA0B4F43-A37E-4066-8864-99C4AAEB83AB}) (Version: 1.13.2801 - HRB Technology, LLC.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.11.1219.3 - Vimicro)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3190 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.0.0.34813 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.33 - )
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.21 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version:  - Intel® Corporation)
Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{5B5DEF99-85E9-423D-A1A3-B83202697B09}) (Version: 1.0.0006.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0015-0000-0000-0000000FF1CE}_AccessR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access 2007 (HKLM-x32\...\AccessR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Access 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version:  - )
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 17.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0.4 (x86 en-US)) (Version: 17.0.4 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nitro Pro 7 (HKLM\...\{8E0790DA-185E-4DC1-8A88-750B2A6218FD}) (Version: 7.4.1.4 - Nitro PDF Software)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.30.00 - )
Password Vault (HKLM\...\{C5BB9380-D729-410A-A440-061EBCADCCB9}) (Version: 5.4.100.232 - AuthenTec, Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.65.1 - Lenovo Group Limited)
QuickBooks Pro 2008 (HKLM-x32\...\{8ECB8220-F422-4BEB-9596-97033C533702}) (Version: 18.0.4010.606 - Intuit Inc.)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.1 - Roxio) Hidden
Roxio Burn (x32 Version: 1.0.0 - Roxio) Hidden
Roxio Burn Manager (x32 Version: 1.0.0 - Roxio) Hidden
Roxio Burn Manager CDB (x32 Version: 1.0 - Roxio) Hidden
Roxio CinePlayer (x32 Version: 5.3 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Creator 2010 (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.0 - Roxio)
Roxio Creator 2010 (x32 Version: 1.2.193 - Roxio) Hidden
Roxio Creator 2010 (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Creator 2010 Content (x32 Version: 12.0.013 - Roxio) Hidden
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Roxio)
Roxio Venue (x32 Version: 2.2.170 - Sonic Solutions) Hidden
Roxio Video Capture USB (x32 Version: 1.22.0000 - Roxio) Hidden
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.8.0 - SmartSound Software Inc) Hidden
Sony Digital Voice Editor 3 (HKLM-x32\...\Sony Digital Voice Editor 3) (Version:  - )
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.92.107379 - SugarSync, Inc.)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
The Print Shop 23 (HKLM-x32\...\{D49B0B95-DF54-40E9-9169-8BB6A6A1E03F}) (Version: 23.00 - Broderbund Software)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.4.17 - )
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0031.1 - REALTEK Semiconductor Corp.)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.34.0 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0015-0000-0000-0000000FF1CE}_AccessR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_AccessR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0015-0000-0000-0000000FF1CE}_AccessR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{91120000-0015-0000-0000-0000000FF1CE}_AccessR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0015-0000-0000-0000000FF1CE}_AccessR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0015-0000-0000-0000000FF1CE}_AccessR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_AccessR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_AccessR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Intel (iaStor) hdc  (11/29/2011 11.0.0.1032) (HKLM\...\64A62163FE43328D13305746CB8BCC93F2DF6545) (Version: 11/29/2011 11.0.0.1032 - Intel)
Windows Driver Package - Lenovo 1.65.05.21 (01/11/2012 1.65.05.21) (HKLM\...\FD2ED46D31CE7DF190049D079E92DE03D347A634) (Version: 01/11/2012 1.65.05.21 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

==================== Restore Points  =========================

30-05-2014 04:39:22 Restore Operation
30-05-2014 05:20:27 Adblock Plus for IE
30-05-2014 05:46:00 Restore Operation
11-06-2014 15:25:41 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {429AF63B-CF69-4480-855B-698612C753BB} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {5A650A8A-F403-4A9D-9C47-DC0A2E6C46C4} - System32\Tasks\Lenovo\LSC\CreateHardwareScanTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {6BEB91C1-7A79-42DA-B38E-3FE64475FA23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {88A34376-0F5F-4DBC-BD43-5F4C79E08C44} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {8A6817FF-61A5-46DD-9938-D16554E9C79A} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {96680022-096C-46ED-95CA-C81A89FC5A49} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {9C1646E6-A43D-44BC-9510-4BCA087C1BEA} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {A2A65554-9F09-4CFF-9FE6-A5958B2F00A8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A42F8BD5-8CE0-4A1E-B880-67AC84D29E27} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {A6B46544-DFF3-4DF9-8B87-5A1D26A4B64B} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {AACEE59A-26BD-41EA-90C1-3933DB52971A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-308344010-1766348682-2937439011-1001UA => C:\Users\Mommy &amp; Abba\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {AE35458B-AF73-4087-8B7A-14798E4D3957} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {BD6E87E5-8E13-4C83-9692-2736D2CAB811} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {C16FC6F7-76C3-4B51-8295-D5AC521C4BE3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {C4A4B908-3D1C-4331-99E9-79DAB46408DD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-308344010-1766348682-2937439011-1001Core => C:\Users\Mommy &amp; Abba\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {C996B37F-BEF6-461A-903F-DF6FA6E33971} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16] (Google Inc.)
Task: {CC9588B5-7016-4AAB-8F96-3E9B2A4B7E7D} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for THINKPAD.Renee => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {D85CFF37-D5C8-414C-9AA8-DD58EBEF98FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16] (Google Inc.)
Task: {EA49AB46-6C6A-41D5-8186-D6BF18C26144} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {EC4CFBE4-B9EA-4CF7-9B53-0208A46DBE6C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F2E978DB-CFCD-40A7-8301-DE4E6E98E4D7} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-20] (Lenovo Group Limited)
Task: {F4DBB90A-7F18-4E62-A27D-A65650F6809A} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {FC950181-3996-454C-A9AB-05ACE358F1D4} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-308344010-1766348682-2937439011-1001Core.job => C:\Users\Mommy & Abba\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-308344010-1766348682-2937439011-1001UA.job => C:\Users\Mommy & Abba\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2014-05-09 17:17 - 2014-05-09 17:16 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\loggingserver.exe
2012-10-16 15:40 - 2014-03-20 06:05 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2012-05-24 01:04 - 2012-05-24 01:04 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2012-10-16 15:36 - 2010-10-26 13:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-10-16 15:33 - 2012-06-25 01:19 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-21 22:26 - 2014-05-09 17:16 - 02561560 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2009-07-21 11:50 - 2009-07-21 11:50 - 00084464 _____ () C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
2009-06-23 01:18 - 2009-06-23 01:18 - 00494064 _____ () C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
2009-06-23 01:18 - 2009-06-23 01:18 - 01554928 _____ () C:\Program Files (x86)\Roxio 2010\Roxio Burn\Roxio Burn.exe
2011-12-23 12:24 - 2011-12-23 12:24 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
2012-06-07 02:03 - 2012-06-07 02:03 - 01163624 _____ () C:\Program Files\Lenovo Fingerprint Reader\DataManager.dll
2012-06-07 02:04 - 2012-06-07 02:04 - 00087912 _____ () C:\Program Files\Lenovo Fingerprint Reader\ssutil.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-16 15:49 - 2012-01-17 01:29 - 00030512 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2012-10-16 15:41 - 2011-08-02 06:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2012-10-16 15:41 - 2011-08-02 06:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2009-07-24 01:21 - 2009-07-24 01:21 - 00048128 _____ () C:\Program Files (x86)\Roxio 2010\VideoCore 12\avutil-50.dll
2009-07-24 01:21 - 2009-07-24 01:21 - 00823808 _____ () C:\Program Files (x86)\Roxio 2010\VideoCore 12\avcodec-52.dll
2009-07-24 01:21 - 2009-07-24 01:21 - 00104448 _____ () C:\Program Files (x86)\Roxio 2010\VideoCore 12\swscale-0.dll
2014-05-09 17:17 - 2014-05-09 17:16 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\log4cplusU.dll
2012-10-16 15:55 - 2012-07-12 07:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2012-10-16 15:55 - 2012-07-12 07:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2012-10-16 15:55 - 2012-07-12 07:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-10-16 15:55 - 2012-07-12 07:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2012-10-16 15:55 - 2012-07-12 07:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-10-16 15:55 - 2012-07-12 07:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-10-16 15:55 - 2012-07-12 07:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-10-16 15:55 - 2012-07-12 07:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-10-16 15:55 - 2012-07-12 07:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-10-16 15:55 - 2012-07-12 07:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-10-16 15:55 - 2012-07-12 07:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-10-16 15:55 - 2012-07-12 07:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2013-12-08 21:53 - 2014-03-13 06:56 - 01593368 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
2009-06-23 01:18 - 2009-06-23 01:18 - 00584176 _____ () C:\Program Files (x86)\Roxio 2010\Roxio Burn\BBEngineAS.dll
2009-07-15 19:30 - 2009-07-15 19:30 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-08-15 22:12 - 2011-08-15 22:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
2011-08-15 22:15 - 2011-08-15 22:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 18:41 - 2011-08-17 18:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 18:48 - 2011-08-17 18:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
2011-11-25 15:29 - 2011-11-25 15:29 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
2011-08-15 22:12 - 2011-08-15 22:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-17 18:48 - 2011-08-17 18:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 21:23 - 2011-08-15 21:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
2011-11-25 15:28 - 2011-11-25 15:28 - 00484352 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
2011-11-25 15:42 - 2011-11-25 15:42 - 00499976 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2011-11-25 15:26 - 2011-11-25 15:26 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
2011-07-19 18:05 - 2011-07-19 18:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
2011-07-19 18:04 - 2011-07-19 18:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
2011-08-15 22:17 - 2011-08-15 22:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
2014-05-11 15:03 - 2014-05-11 15:03 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Mommy & Abba\Desktop\LennyMagician.AVI:TOC.WMV
AlternateDataStreams: C:\Users\Mommy & Abba\Downloads\RE_ RE_ RE_ RE_ Re_.eml:OECustomProperty
AlternateDataStreams: C:\Users\Mommy & Abba\Downloads\RE_ RE_ RE_ Re_(1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Mommy & Abba\Downloads\RE_ RE_ RE_ Re_.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/11/2014 09:02:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: swwhoami.exe, version: 1.0.0.1, time stamp: 0x2a425e19
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x00033675
Faulting process id: 0x25f8
Faulting application start time: 0xswwhoami.exe0
Faulting application path: swwhoami.exe1
Faulting module path: swwhoami.exe2
Report Id: swwhoami.exe3

Error: (06/11/2014 00:47:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2014 09:40:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2014 09:35:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxpers.exe, version: 8.15.10.2778, time stamp: 0x4fd00a25
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc000041d
Fault offset: 0x0000000000052f2f
Faulting process id: 0x1250
Faulting application start time: 0xigfxpers.exe0
Faulting application path: igfxpers.exe1
Faulting module path: igfxpers.exe2
Report Id: igfxpers.exe3

Error: (06/11/2014 09:35:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hkcmd.exe, version: 8.15.10.2778, time stamp: 0x4fd00a2b
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc000041d
Fault offset: 0x0000000000052f2f
Faulting process id: 0xff0
Faulting application start time: 0xhkcmd.exe0
Faulting application path: hkcmd.exe1
Faulting module path: hkcmd.exe2
Report Id: hkcmd.exe3

Error: (06/11/2014 09:35:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxpers.exe, version: 8.15.10.2778, time stamp: 0x4fd00a25
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x0000000000052f2f
Faulting process id: 0x1250
Faulting application start time: 0xigfxpers.exe0
Faulting application path: igfxpers.exe1
Faulting module path: igfxpers.exe2
Report Id: igfxpers.exe3

Error: (06/11/2014 09:35:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hkcmd.exe, version: 8.15.10.2778, time stamp: 0x4fd00a2b
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x0000000000052f2f
Faulting process id: 0xff0
Faulting application start time: 0xhkcmd.exe0
Faulting application path: hkcmd.exe1
Faulting module path: hkcmd.exe2
Report Id: hkcmd.exe3

Error: (06/11/2014 09:35:24 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070005.

Error: (06/11/2014 08:58:44 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (06/11/2014 08:49:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxpers.exe, version: 8.15.10.2778, time stamp: 0x4fd00a25
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc000041d
Fault offset: 0x0000000000052f2f
Faulting process id: 0x1364
Faulting application start time: 0xigfxpers.exe0
Faulting application path: igfxpers.exe1
Faulting module path: igfxpers.exe2
Report Id: igfxpers.exe3


System errors:
=============
Error: (06/11/2014 00:51:00 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Intel® Small Business Advantage service depends the following service: LMS. This service might not be installed.

Error: (06/11/2014 00:50:47 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Intel® Small Business Advantage service depends the following service: LMS. This service might not be installed.

Error: (06/11/2014 00:50:46 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Intel® Small Business Advantage service depends the following service: LMS. This service might not be installed.

Error: (06/11/2014 00:49:47 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Intel® Small Business Advantage service depends the following service: LMS. This service might not be installed.

Error: (06/11/2014 00:47:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (06/11/2014 00:46:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (06/11/2014 09:43:38 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Intel® Small Business Advantage service depends the following service: LMS. This service might not be installed.

Error: (06/11/2014 09:43:23 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Intel® Small Business Advantage service depends the following service: LMS. This service might not be installed.

Error: (06/11/2014 09:43:22 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Intel® Small Business Advantage service depends the following service: LMS. This service might not be installed.

Error: (06/11/2014 09:43:19 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Intel® Small Business Advantage service depends the following service: LMS. This service might not be installed.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 5733.48 MB
Available physical RAM: 3347.48 MB
Total Pagefile: 11465.16 MB
Available Pagefile: 9033.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:279.05 GB) (Free:118.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (ARTDISC1) (CDROM) (Total:4.35 GB) (Free:0 GB) CDFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:6.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 357892D0)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:06:52 AM

Posted 12 June 2014 - 08:24 PM

Hello :)
 
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Attached Files


Best Regards,
oneof4.


#7 Lebowitz IT Services

Lebowitz IT Services
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 12 June 2014 - 09:48 PM

Done. Here is the contents of Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-06-2014 01
Ran by Renee at 2014-06-12 21:47:18 Run:1
Running from C:\Users\Renee\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
C:\Users\Renee\AppData\Local\Temp\ose00000.exe
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Mommy & Abba\Desktop\LennyMagician.AVI:TOC.WMV
AlternateDataStreams: C:\Users\Mommy & Abba\Downloads\RE_ RE_ RE_ RE_ Re_.eml:OECustomProperty
AlternateDataStreams: C:\Users\Mommy & Abba\Downloads\RE_ RE_ RE_ Re_(1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Mommy & Abba\Downloads\RE_ RE_ RE_ Re_.eml:OECustomProperty

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
'HKCR\PROTOCOLS\Handler\intu-help-qb1' => Key deleted successfully.
'HKCR\CLSID\{9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57}'=> Key not found.
C:\Users\Renee\AppData\Local\Temp\ose00000.exe => Moved successfully.
"C:\Windows" => ":nlsPreferences
AlternateDataStreams: C:\Users\Mommy & Abba\Desktop\LennyMagician.AVI:TOC.WMV
AlternateDataStreams: C:\Users\Mommy & Abba\Downloads\RE_ RE_ RE_ RE_ Re_.eml:OECustomProperty
AlternateDataStreams: C:\Users\Mommy & Abba\Downloads\RE_ RE_ RE_ Re_(1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Mommy & Abba\Downloads\RE_ RE_ RE_ Re_.eml:OECustomProperty" ADS not found.

==== End of Fixlog ====



#8 Lebowitz IT Services

Lebowitz IT Services
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 12 June 2014 - 09:51 PM

I forgot to mention that FRST64 did not request or trigger a reboot. The script took about half a minute to run, and then opened up the report.



#9 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:06:52 AM

Posted 13 June 2014 - 02:54 PM

Hey :)

 

Well, looks like the formatting of my fixlist got jumbled up a bit.  Let's try repeating it for the ADS entries:

 

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Attached Files


Best Regards,
oneof4.


#10 Lebowitz IT Services

Lebowitz IT Services
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 13 June 2014 - 06:18 PM

I saved fixlist.txt and reran FRST64 as directed. FRST64 finished almost instantly this time, and again did not require a reboot. Here are the contents of the Fixlog.txt file that it generated.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-06-2014 01
Ran by Renee at 2014-06-13 18:12:38 Run:2
Running from C:\Users\Renee\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Mommy & Abba\Desktop\LennyMagician.AVI:TOC.WMV
AlternateDataStreams: C:\Users\Mommy & Abba\Downloads\RE_ RE_ RE_ RE_ Re_.eml:OECustomProperty
AlternateDataStreams: C:\Users\Mommy & Abba\Downloads\RE_ RE_ RE_ Re_(1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Mommy & Abba\Downloads\RE_ RE_ RE_ Re_.eml:OECustomProperty

*****************

"C:\Windows" => ":nlsPreferences" ADS not found.
C:\Users\Mommy & Abba\Desktop\LennyMagician.AVI => ":TOC.WMV" ADS removed successfully.
C:\Users\Mommy & Abba\Downloads\RE_ RE_ RE_ RE_ Re_.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Mommy & Abba\Downloads\RE_ RE_ RE_ Re_(1).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Mommy & Abba\Downloads\RE_ RE_ RE_ Re_.eml => ":OECustomProperty" ADS removed successfully.

==== End of Fixlog ====

 

Incidentally, the computer scanned clean with AVG this morning (after I had run FRST64 last night, but before your latest fixlist.txt. Previously, when I ran an AVG scan, a rogue process would be touched off when it hit one file or another, and that process would generate 5-10 phony Flash update files, which would immediately be intercepted by AVG. The same thing would happen spontaneously if the computer were left on for more than half an hour or so. That has not happened since your first fixlist.txt.



#11 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:06:52 AM

Posted 14 June 2014 - 07:34 PM

Incidentally, the computer scanned clean with AVG this morning (after I had run FRST64 last night, but before your latest fixlist.txt. Previously, when I ran an AVG scan, a rogue process would be touched off when it hit one file or another, and that process would generate 5-10 phony Flash update files, which would immediately be intercepted by AVG. The same thing would happen spontaneously if the computer were left on for more than half an hour or so. That has not happened since your first fixlist.txt.

Good deal, that means we're getting somewhere. :thumbsup:
 
Please perform the following:
 
Please download ComboFix from one of these locations:

Link 1
Link 2

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Please refer to this link for instructions.
  • Right click it and run as admin & follow the prompts.

When finished, it will produce a log for you.  Please include the C:\ComboFix.txt in your next reply, along with a description of how things are running.


Best Regards,
oneof4.


#12 Lebowitz IT Services

Lebowitz IT Services
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 14 June 2014 - 09:53 PM

I just got your reply, and am running ComboFix on the infected computer now. The computer is running noticeably faster now, and ComboFix, which has been running for about 15 minutes as I type this, is working on Stage_6. I hope to have a ComboFix.txt within the hour.



#13 Lebowitz IT Services

Lebowitz IT Services
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 15 June 2014 - 12:48 AM

ComboFix just finished running. I finally found the link for attaching files as opposed to simply pasting the text inline (which I always find hard to read) :graduate:, so I attached it instead. I did not see where ComboFix created the Log.txt file that it displayed in Notepad, so I explicitly saved and renamed it, hence the ComboFixLog.txt file.

 

The computer seems to be working nicely, with no alerts from AVG Antivirus (which I reactivated after ComboFix exited), no stray pop-ups or redirects during web browsing, good response times and the lowest idle CPU and disk readouts I've seen since I started working on it.

Attached Files



#14 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:06:52 AM

Posted 16 June 2014 - 09:50 AM

Hello, :)

 

 

I finally found the link for attaching files as opposed to simply pasting the text inline (which I always find hard to read)

Unfortunately, it makes it more difficult for me to read, hence my instruction from my opening reply:

 

 

  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

Anyway, looks like CF took care of some additional issues so let's proceed with the next two scans:

 

Since you already have Malwarebytes installed, please follow these instructions:

 

2.0 Threat Scan

 

  • Open MBAM
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

     

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

==========

 

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

 

 

 


Best Regards,
oneof4.


#15 Lebowitz IT Services

Lebowitz IT Services
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 17 June 2014 - 10:05 PM

MalwareBytes Anti-Malware found nothing.

 

ESet found something, but it looks like it might just be a file that's hanging around in a folder waiting to be run by a process that previous steps hopefully killed off. Here's the log:

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=95926d8d2153424aae2c301b61225fad
# engine=18765
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-18 02:24:00
# local_time=2014-06-17 09:24:00 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 100 0 89245424 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 27497851 154601690 0 0
# scanned=42561
# found=1
# cleaned=0
# scan_time=1427
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\MGtools\Process.exe"
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users