Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue screens, but scan by "common" antiviruses did not show infection.


  • This topic is locked This topic is locked
4 replies to this topic

#1 LeoTev

LeoTev

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 16 June 2015 - 08:04 AM

Hi! My computer LENOVO 32-bit 2GB RAM with Vista Home Basic SP2. I receive blue screens in some minutes after start of computer (sometimes before blue screen the screen's view becomes freezed for some minutes while the cursor is moveable). While computer works at first minutes It is impossible to shut down or restart it normally (but the Safe Mode works and from the Safe Mode it is possible to shut down). Through the computer's start it shows message: "cssauth.exe - Unable To Locate Component. This application has failed to start becouse tcsrpc.dll was not found." Also through start the computer shows message that Back-up and Restore have been stopped. Sometimes the message about FireBird has been stopped appears. If I start Windows Explorer there are some messages (2-3 sequenced messages) too (and after I click OK on these messages the explorer operates well).
 
AVAST and Malwarebytes Anti-Malware do not find any viruses.
 
I have made scan with ComboFix and FRST (logs in attachment). Below the log of FFRST is shown. Thank you in advance for help.
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by Leo Min (administrator) on LM-COMPUTER on 16-06-2015 14:34:48
Running from C:\Users\Leo Min\Downloads
Loaded Profiles: Leo Min (Available Profiles: Leo Min)
Platform: Windows Vista ™ Home Basic Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
() C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(LENOVO) C:\Program Files\ThinkVantage\AMSG\Amsg.exe
(Cyberlink Corp.) C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\Windows\System32\IPSSVC.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(The Firebird Project) C:\Program Files\EPO_OLF5\Firebird-1.5.3.4870\bin\fbguard.exe
(The Firebird Project) C:\Program Files\EPO_OLF5\Firebird-1.5.3.4870\bin\fbserver.exe
(Lenovo.) C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe
(Gemplus) C:\Program Files\Gemalto\Classic Client\BIN\GCardSrvNT.exe
(Gemplus) C:\Program Files\Gemalto\Classic Client\BIN\GCardSrv.exe
(Gemalto) C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMSveH.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
() C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(IBM) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Corel, Inc.) C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\mblctr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Leo Min\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [58416 2007-04-09] (Lenovo Group Limited)
HKLM\...\Run: [TPWAUDAP] => C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [54824 2006-09-06] ()
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe [54832 2006-12-06] ()
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [LenovoOobeOffers] => c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe [28672 2007-09-25] (lenovo)
HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [946176 2007-05-31] (Authentec,Inc)
HKLM\...\Run: [DiskeeperSystray] => C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [217176 2006-11-16] (Diskeeper Corporation)
HKLM\...\Run: [AwaySch] => C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [91688 2006-11-07] (Lenovo Group Limited)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2630968 2007-08-09] (Lenovo Group Limited)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1822720 2007-03-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [ACWLIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe [181608 2010-04-22] (Lenovo)
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [431464 2010-04-22] (Lenovo)
HKLM\...\Run: [AMSG] => C:\Program Files\ThinkVantage\AMSG\Amsg.exe [439856 2007-02-01] (LENOVO)
HKLM\...\Run: [RemoteControl] => C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe [56928 2006-11-24] (Cyberlink Corp.)
HKLM\...\Run: [CameraApplicationLauncher] => C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe [16384 2007-08-23] ()
HKLM\...\Run: [LPManager] => C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE [120368 2007-04-26] (Lenovo Group Limited)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [536576 2007-01-09] (Lenovo Group Limited)
HKLM\...\Run: [PMHandler] => C:\Program Files\Lenovo\PM Driver\PMHandler.exe [34352 2007-06-06] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [569344 2006-12-29] (Sonix)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [478800 2006-11-13] (Corel, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-13] (Avast Software s.r.o.)
HKU\S-1-5-21-1904646845-1651169971-3518196291-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1904646845-1651169971-3518196291-1003\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-05-30]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-13] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1904646845-1651169971-3518196291-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1904646845-1651169971-3518196291-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1904646845-1651169971-3518196291-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKLM -> {B54EBB5E-F4BB-4774-A7C6-F188A8C9FF37} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=LENIE
SearchScopes: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003 -> {B54EBB5E-F4BB-4774-A7C6-F188A8C9FF37} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=LENIE
BHO: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04] (Skype Technologies S.A.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-13] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.6.0_02\bin\jp2ssv.dll No File
BHO: CPwmIEBrowserHelper Object -> {F040E541-A427-4CF7-85D8-75E3E0F476C5} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2007-08-09] (Lenovo Group Limited)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Leo Min\AppData\Roaming\Mozilla\Firefox\Profiles\6xrecrc3.default
FF Homepage: https://www.google.com/?gfe_rd=cr&ei=TH1zVY_yJNLH8ge1voCwDA&gws_rd=ssl,cr&fg=1
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\Windows\ [2009-02-26] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-16]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-13]
FF HKU\S-1-5-21-1904646845-1651169971-3518196291-1003\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2008-05-11]

Chrome:
=======
CHR Profile: C:\Users\Leo Min\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Leo Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-25]
CHR Extension: (Google Docs) - C:\Users\Leo Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-24]
CHR Extension: (Google Drive) - C:\Users\Leo Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Leo Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-24]
CHR Extension: (Google Search) - C:\Users\Leo Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-24]
CHR Extension: (Google Sheets) - C:\Users\Leo Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-25]
CHR Extension: (Avast Online Security) - C:\Users\Leo Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Leo Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Leo Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-24]
CHR Extension: (Gmail) - C:\Users\Leo Min\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-24]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-13] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-06-13] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-06-13] (Avast Software)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [634988 2006-11-16] (Diskeeper Corporation) [File not signed]
R2 FireBirdGuardian; C:\Program Files\EPO_OLF5\Firebird-1.5.3.4870\bin\fbguard.exe [65536 2006-01-17] (The Firebird Project) [File not signed]
S2 FirebirdGuardianDefaultInstance; C:\PCT-SAFE\Firebird\Bin\fbguard.exe [65536 2006-01-17] (The Firebird Project) [File not signed]
R2 FireBirdServer; C:\Program Files\EPO_OLF5\Firebird-1.5.3.4870\bin\fbserver.exe [1527895 2006-01-17] (The Firebird Project) [File not signed]
S3 FirebirdServerDefaultInstance; C:\PCT-SAFE\Firebird\Bin\fbserver.exe [1527895 2006-01-17] (The Firebird Project) [File not signed]
R2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [54832 2007-04-09] (Lenovo.)
R2 GemSAFE Card Server; C:\Program Files\Gemalto\Classic Client\BIN\GCardSrvNT.exe [174592 2009-06-23] (Gemplus) [File not signed]
R2 GslShmSrvc; C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe [69632 2009-02-26] (Gemalto) [File not signed]
S2 gupdate1c9f7dee9ed8e70; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-27] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 IPSSVC; C:\Windows\system32\IPSSVC.EXE [108080 2007-01-30] (Lenovo Group Limited)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation)
R2 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [57344 2007-03-16] (Lenovo) [File not signed]
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-03] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-20] ()
R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [13312 2007-06-08] (Lenovo Group Limited) [File not signed]
R2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [55936 2007-03-02] ()
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722232 2007-08-09] (IBM)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2007-01-09] () [File not signed]
S2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2007-01-09] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1118208 2007-01-09] (Lenovo Group Limited) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-06-13] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-06-13] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-06-13] (Avast Software s.r.o.)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2015-06-13] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [253600 2015-06-13] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-06-13] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-06-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-06-13] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-06-13] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-06-13] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-06-13] ()
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1387008 2010-01-05] (Atheros Communications, Inc.)
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-17] (AuthenTec, Inc.)
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [87424 2008-04-04] (Gemalto)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-11-10] (COMPAL ELECTRONIC INC.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-15] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [9598080 2007-02-17] ()
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [109744 2008-11-10] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26384 2006-10-26] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [185744 2006-10-26] (Symantec Corporation)
R2 tvtfilter; C:\Windows\System32\DRIVERS\tvtfilter.sys [33536 2008-05-11] (Lenovo) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-06-13] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Leo~1\AppData\Local\Temp\catchme.sys [X]
U3 eamonm; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 14:34 - 2015-06-16 14:36 - 00023311 _____ C:\Users\Leo Min\Downloads\FRST.txt
2015-06-16 14:31 - 2015-06-16 14:32 - 01148416 _____ (Farbar) C:\Users\Leo Min\Downloads\FRST(1).exe
2015-06-16 14:29 - 2015-06-16 14:34 - 00000000 ____D C:\FRST
2015-06-16 14:28 - 2015-06-16 14:28 - 01148416 _____ (Farbar) C:\Users\Leo Min\Downloads\FRST.exe
2015-06-16 13:38 - 2015-06-16 13:38 - 00000000 ___SD C:\ComboFix
2015-06-16 13:37 - 2015-06-16 13:38 - 00000000 ___SD C:\32788R22FWJFW
2015-06-16 13:02 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-15 23:27 - 2015-06-15 23:27 - 00143192 _____ C:\Windows\Minidump\Mini061515-01.dmp
2015-06-15 21:44 - 2015-06-15 21:44 - 00250567 _____ C:\Users\Leo Min\Downloads\HijackThis Logfileauswertung.htm
2015-06-15 21:37 - 2015-06-15 21:37 - 00014676 _____ C:\Users\Leo Min\Downloads\hijackthis.log
2015-06-15 21:03 - 2015-06-15 21:04 - 00000000 ____D C:\Users\Leo Min\Documents\TMRBLog
2015-06-15 21:03 - 2015-06-15 21:03 - 00000000 ____D C:\Users\Leo Min\Documents\log
2015-06-15 21:02 - 2015-06-15 21:03 - 10066480 _____ (Trend Micro Inc.) C:\Users\Leo Min\Documents\RootkitBusterV5.0-1180.exe
2015-06-15 21:01 - 2015-06-16 04:38 - 00000000 ____D C:\Users\Leo Min\AppData\Local\Akamai
2015-06-15 19:48 - 2015-06-15 19:48 - 00000000 ____D C:\Users\Leo Min\Doctor Web
2015-06-15 19:35 - 2015-06-15 19:35 - 00399109 _____ C:\Users\Leo Min\AppData\Local\census.cache
2015-06-15 19:35 - 2015-06-15 19:35 - 00238787 _____ C:\Users\Leo Min\AppData\Local\ars.cache
2015-06-15 09:09 - 2015-06-15 09:09 - 00000000 ____D C:\found.007
2015-06-15 08:56 - 2015-06-15 08:56 - 00000036 _____ C:\Users\Leo Min\AppData\Local\housecall.guid.cache
2015-06-15 02:11 - 2015-06-15 02:11 - 00000000 ____D C:\found.006
2015-06-14 18:58 - 2015-06-14 18:58 - 00000000 ____D C:\found.005
2015-06-14 16:13 - 2015-06-14 16:14 - 00143192 _____ C:\Windows\Minidump\Mini061415-01.dmp
2015-06-13 17:45 - 2015-06-15 22:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-13 17:44 - 2015-06-13 17:44 - 00000869 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-13 17:44 - 2015-06-13 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-13 17:44 - 2015-06-13 17:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-13 17:44 - 2015-06-13 17:44 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-13 17:44 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-13 17:44 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-13 17:44 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-13 07:38 - 2015-06-13 07:38 - 00000828 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-13 07:38 - 2015-06-13 07:38 - 00000816 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-13 07:38 - 2015-06-13 07:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-13 07:38 - 2015-06-13 07:38 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-13 06:30 - 2015-06-13 06:30 - 00000000 ____D C:\Users\Leo Min\AppData\Roaming\AVAST Software
2015-06-13 06:28 - 2015-06-13 06:28 - 00001859 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-06-13 06:28 - 2015-06-13 06:28 - 00001799 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2015-06-13 06:28 - 2015-06-13 06:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-13 06:27 - 2015-06-13 06:26 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-13 06:27 - 2015-06-13 06:26 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-06-13 06:27 - 2015-06-13 06:26 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-13 06:27 - 2015-06-13 06:26 - 00253600 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdis2.sys
2015-06-13 06:27 - 2015-06-13 06:26 - 00209048 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-13 06:27 - 2015-06-13 06:26 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-13 06:27 - 2015-06-13 06:26 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-06-13 06:27 - 2015-06-13 06:26 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-06-13 06:27 - 2015-06-13 06:26 - 00049904 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-13 06:27 - 2015-06-13 06:26 - 00026096 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-06-13 06:27 - 2015-06-13 06:26 - 00024144 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-13 06:26 - 2015-06-13 06:26 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-13 06:26 - 2015-06-13 06:26 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
2015-06-13 06:20 - 2015-06-13 06:20 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-13 06:00 - 2015-06-13 06:00 - 00143192 _____ C:\Windows\Minidump\Mini061315-01.dmp
2015-06-13 05:08 - 2015-05-09 02:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 10:33 - 2015-06-10 10:33 - 00172032 _____ C:\Users\Public\Documents\AccConnAdvanced.dat
2015-06-08 04:09 - 2015-06-08 04:09 - 00143192 _____ C:\Windows\Minidump\Mini060815-01.dmp
2015-06-04 02:17 - 2015-06-04 02:17 - 00143192 _____ C:\Windows\Minidump\Mini060415-01.dmp
2015-06-03 14:42 - 2015-06-03 14:42 - 00143192 _____ C:\Windows\Minidump\Mini060315-02.dmp
2015-06-03 13:40 - 2015-06-03 13:40 - 00143192 _____ C:\Windows\Minidump\Mini060315-01.dmp
2015-06-03 01:58 - 2015-04-10 17:06 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-03 01:58 - 2015-04-10 17:06 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-03 01:58 - 2015-04-10 17:06 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-03 01:58 - 2015-04-10 17:06 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-03 01:58 - 2015-04-10 17:05 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-06-03 01:58 - 2015-04-10 17:04 - 06007808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-03 01:58 - 2015-04-10 17:04 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-06-03 01:58 - 2015-04-10 17:04 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-03 01:58 - 2015-04-10 17:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-03 01:58 - 2015-04-10 17:04 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-03 01:58 - 2015-04-10 17:03 - 11084800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-03 01:58 - 2015-04-10 17:03 - 02006016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-03 01:58 - 2015-04-10 17:03 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-03 01:58 - 2015-04-10 17:03 - 00727552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-03 01:58 - 2015-04-10 17:03 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-03 01:58 - 2015-04-10 17:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-03 01:58 - 2015-04-10 17:03 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-03 01:58 - 2015-04-10 17:03 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-06-03 01:58 - 2015-04-10 17:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-03 01:58 - 2015-04-10 17:03 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-03 01:58 - 2015-04-10 17:03 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-06-03 01:58 - 2015-04-10 17:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-03 01:58 - 2015-04-10 17:02 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-03 01:58 - 2015-04-10 17:02 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-03 01:58 - 2015-04-10 17:02 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-06-03 01:58 - 2015-04-10 09:45 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-03 01:58 - 2015-04-10 08:01 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-03 01:58 - 2015-04-10 08:01 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-03 01:58 - 2015-04-10 07:59 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-03 01:58 - 2015-04-10 07:58 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-02 19:27 - 2015-06-02 19:27 - 00143192 _____ C:\Windows\Minidump\Mini060215-01.dmp
2015-06-02 18:04 - 2015-03-09 04:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-02 18:03 - 2015-04-30 19:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-02 18:03 - 2015-03-05 05:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-02 18:02 - 2015-03-05 05:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-02 18:02 - 2015-03-05 05:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-02 18:01 - 2015-04-20 00:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-06-02 18:01 - 2015-04-20 00:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-06-02 18:01 - 2015-04-20 00:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-06-02 18:01 - 2015-04-20 00:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-06-02 18:01 - 2015-04-19 23:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-02 18:01 - 2015-04-19 23:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-06-02 18:01 - 2015-04-19 23:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-06-02 18:01 - 2015-04-19 23:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-02 18:01 - 2015-04-19 23:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-02 18:01 - 2015-04-19 07:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-02 18:01 - 2015-03-14 05:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-02 18:01 - 2015-03-13 04:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-02 18:01 - 2015-03-13 04:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-02 18:00 - 2015-04-11 02:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-02 15:17 - 2015-04-30 16:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-02 13:21 - 2009-02-01 14:10 - 00001637 _____ C:\Users\Leo Min\Desktop\Paint.lnk
2015-05-31 17:15 - 2015-06-16 13:38 - 00000000 ____D C:\Windows\erdnt
2015-05-30 03:00 - 2015-05-30 03:00 - 00143192 _____ C:\Windows\Minidump\Mini053015-01.dmp
2015-05-30 01:20 - 2015-05-30 01:20 - 00000000 ____D C:\Windows\pss
2015-05-27 20:46 - 2015-05-27 20:46 - 00000000 ____D C:\found.004
2015-05-27 19:45 - 2015-05-27 19:45 - 00000000 ____D C:\Users\Leo Min\AppData\Roaming\ESET
2015-05-27 19:45 - 2015-05-27 19:45 - 00000000 ____D C:\Users\Leo Min\AppData\Local\ESET
2015-05-27 19:33 - 2015-05-27 19:33 - 00000000 ____D C:\Users\Leo Min\{e261a2d7-ad07-494a-aaf1-aa8c4fd411f4}
2015-05-27 19:22 - 2015-05-27 19:22 - 00000000 ____D C:\ProgramData\ESET
2015-05-27 19:22 - 2015-05-27 19:22 - 00000000 ____D C:\Program Files\ESET
2015-05-27 18:07 - 2015-05-27 18:07 - 00000000 ____D C:\Users\ADMINI~1

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 14:36 - 2010-01-18 11:13 - 00000436 ____H C:\Windows\Tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job
2015-06-16 14:16 - 2008-05-11 04:06 - 00107586 _____ C:\Windows\WindowsUpdate.log
2015-06-16 13:45 - 2009-08-15 21:06 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-16 13:43 - 2015-02-11 17:10 - 00000000 ____D C:\Users\Leo Min\Anti-Viruses and Anti-SpyWare
2015-06-16 13:27 - 2007-08-16 13:28 - 00016416 _____ C:\Windows\system32\PROCDB.INI
2015-06-16 13:26 - 2009-08-15 21:06 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-16 13:26 - 2008-08-06 03:10 - 01252818 _____ C:\Windows\PFRO.log
2015-06-16 13:26 - 2008-08-05 12:27 - 00000000 ____D C:\Users\Leo Min\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Multimedia Center
2015-06-16 13:26 - 2007-08-16 13:28 - 00000002 _____ C:\Windows\system32\IPSCtrl.INI
2015-06-16 13:26 - 2006-11-02 15:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-16 13:26 - 2006-11-02 15:45 - 00003952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-16 13:26 - 2006-11-02 15:45 - 00003952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-16 13:14 - 2006-11-02 13:23 - 00000215 _____ C:\Windows\system.ini
2015-06-16 12:43 - 2008-08-05 12:27 - 00002032 _____ C:\Users\Leo Min\AppData\Local\d3d9caps.dat
2015-06-16 11:19 - 2008-05-11 04:31 - 00000000 ____D C:\SWSHARE
2015-06-16 03:16 - 2009-01-27 17:32 - 00092672 _____ C:\Users\Leo Min\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-15 23:27 - 2010-07-07 21:44 - 00000000 ____D C:\Windows\Minidump
2015-06-15 23:26 - 2014-08-18 20:16 - 282487764 _____ C:\Windows\MEMORY.DMP
2015-06-15 19:48 - 2008-08-05 12:27 - 00000000 ____D C:\Users\Leo Min
2015-06-15 16:10 - 2009-11-27 19:15 - 00001620 _____ C:\Users\Leo Min\Desktop\Mobility Center.lnk
2015-06-15 07:27 - 2008-05-11 04:07 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-06-15 07:27 - 2006-11-02 15:58 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-14 16:24 - 2010-01-14 22:39 - 00000000 ____D C:\Users\Leo Min\AppData\Local\Adobe
2015-06-14 02:14 - 2009-06-28 13:55 - 00000000 ____D C:\Users\Leo Min\AppData\Roaming\Skype
2015-06-13 06:19 - 2014-05-24 23:09 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-13 05:50 - 2014-05-24 23:21 - 00001941 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-13 04:00 - 2015-02-07 22:17 - 00000000 ____D C:\ProgramData\Apple Computer
2015-06-10 10:33 - 2010-03-14 22:38 - 00050874 _____ C:\Users\Public\Documents\AcSvc.dmp
2015-06-02 19:06 - 2014-05-18 23:37 - 00000000 ____D C:\Windows\system32\MRT
2015-06-02 18:51 - 2006-11-02 14:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-06-02 18:11 - 2006-11-02 15:44 - 00439024 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-02 17:09 - 2006-11-02 15:35 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-06-02 15:22 - 2006-11-02 13:33 - 00883758 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-02 14:48 - 2008-05-11 05:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-31 17:51 - 2006-11-02 14:18 - 00000000 __RHD C:\Users\Default
2015-05-31 17:51 - 2006-11-02 14:18 - 00000000 ___RD C:\Users\Public
2015-05-31 17:38 - 2015-04-24 16:20 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2015-05-31 17:38 - 2006-11-02 13:22 - 68681728 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-05-31 17:38 - 2006-11-02 13:22 - 44826624 _____ C:\Windows\system32\config\COMPON~2.bak
2015-05-31 17:38 - 2006-11-02 13:22 - 33816576 _____ C:\Windows\system32\config\SYSTEM.bak
2015-05-31 17:38 - 2006-11-02 13:22 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-05-31 17:38 - 2006-11-02 13:22 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-05-30 17:12 - 2015-03-23 13:40 - 00000000 ____D C:\Users\Leo Min\Downloads\DELETE 2 - Copy (3) - Copy
2015-05-30 06:15 - 2013-06-28 18:00 - 00000000 ____D C:\ProgramData\APN
2015-05-30 05:11 - 2011-11-01 15:42 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-30 05:11 - 2011-11-01 15:41 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-05-28 16:09 - 2006-11-02 15:49 - 00066085 _____ C:\Windows\setupact.log

==================== Files in the root of some directories =======

2015-06-15 19:35 - 2015-06-15 19:35 - 0238787 _____ () C:\Users\Leo Min\AppData\Local\ars.cache
2015-06-15 19:35 - 2015-06-15 19:35 - 0399109 _____ () C:\Users\Leo Min\AppData\Local\census.cache
2008-08-05 12:27 - 2015-06-16 12:43 - 0002032 _____ () C:\Users\Leo Min\AppData\Local\d3d9caps.dat
2009-01-27 17:32 - 2015-06-16 03:16 - 0092672 _____ () C:\Users\Leo Min\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-15 08:56 - 2015-06-15 08:56 - 0000036 _____ () C:\Users\Leo Min\AppData\Local\housecall.guid.cache
2010-01-18 20:01 - 2010-01-31 17:55 - 0004096 ____H () C:\Users\Leo Min\AppData\Local\keyfile3.drm
2015-04-14 23:48 - 2015-04-14 23:48 - 0000000 _____ () C:\Users\Leo Min\AppData\Local\{73375D4A-9BF0-4B82-B485-A81136B24298}
2009-06-28 13:58 - 2009-06-28 13:58 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-16 13:33

==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by Leo Min at 2015-06-16 14:37:24
Running from C:\Users\Leo Min\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1904646845-1651169971-3518196291-500 - Administrator - Disabled)
Guest (S-1-5-21-1904646845-1651169971-3518196291-501 - Limited - Disabled)
Leo Min (S-1-5-21-1904646845-1651169971-3518196291-1003 - Administrator - Enabled) => C:\Users\Leo Min

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Premier (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.06 - Broadcom Corporation)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Camera Center (HKLM\...\{668ACF05-E455-4932-A2D2-5822A8206FEB}) (Version: 1.0.18 - Lenovo)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.1.1.17 - )
Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.2.0.8 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\CameraWindowMC) (Version: 6.1.0.7 - )
Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.2.0.13 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 2.3.0.11 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.5.0.5 - )
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.0.3.17 - )
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.17.41 - )
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 5.6.0.27 - )
Classic Client 5.2 Patch1 (HKLM\...\{A9282402-2978-4852-A59F-BD90417F9CC4}) (Version: 5.20.100.001 - Gemalto)
Client Security Solution (HKLM\...\{0F4EFCE8-E358-4430-A504-F55F32BA1816}) (Version: 8.0.0311.00 - Lenovo Group Limited)
Corel Business Center (HKLM\...\{79D56DFD-D28E-4289-BED2-32A6342A305B}) (Version: 13.0 - Corel Corporation)
Corel Snapfire Plus (HKLM\...\{7ADE3A47-B425-45E9-8FF6-11BE2B775645}) (Version: 1.10.0000 - Corel Corporation)
CorelDRAW Graphics Suite X3 (Version: 13.2 - Corel Corporation) Hidden
Crystal Reports Basic for Visual Studio 2008 (HKLM\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Diskeeper Home (HKLM\...\{796E076A-82F7-4D49-98C8-DEC0C3BC733A}) (Version: 9.0.545 - Diskeeper Corporation)
EN (Version: 13.1 - Corel Corporation) Hidden
FontNav (Version: 5.0 - Corel Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Help Center (HKLM\...\{986F64DC-FF15-449D-998F-EE3BCEC6666A}) (Version: 2.00c - )
HP Deskjet 2050 J510 series Help (HKLM\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
Integrated Camera (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.8.012 - Sonix)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kyrgyz Cyr - My-RU 04 (HKLM\...\{6518D618-192C-4F24-A5CD-4186EC47BAF8}) (Version: 1.0.3.40 - Company)
Kyrgyz Cyrillic - My-RU (HKLM\...\{04D7048E-9A77-42CE-84B4-FD9F09F1604D}) (Version: 1.0.3.40 - Company)
Kyrgyz Cyrillic - My-RU 02 (HKLM\...\{107168A4-8070-48EB-903B-7348D6120EA0}) (Version: 1.0.3.40 - Company)
Kyrgyz Cyrillic - My-RU 03 (HKLM\...\{8D128D85-3734-448F-8E64-F4BA42F51E4F}) (Version: 1.0.3.40 - Company)
Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4900 - Lenovo.)
Lenovo Care (HKLM\...\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}) (Version: 2.10 - )
Lenovo Care Supplement (HKLM\...\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}) (Version: 2.00 - )
Lenovo Fingerprint Software (HKLM\...\{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}) (Version: 1.1.0.21 - AuthenTec, Inc.)
Lenovo Multimedia Center (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: - )
Lenovo PM Driver (Version: 0.63.1.6 - Lenovo) Hidden
Lenovo Registration (HKLM\...\Lenovo Registration) (Version: - Lenovo - Leader Technologies)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.00 - )
Lingvo 5.0 (HKLM\...\Lingvo 5.0) (Version: - )
Maintenance Manager (HKLM\...\AwayTask) (Version: 3.0.5.0 - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 2.01b - )
Microsoft .NET Compact Framework 2.0 SP2 (HKLM\...\{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Device Emulator version 3.0 - ENU (HKLM\...\{B32E7732-B2FB-3FD0-81AC-6025B1104C66}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Keyboard Layout Creator 1.4 (HKLM\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices ENU (HKLM\...\{241F2BF7-69EB-42A4-9156-96B2426C7504}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - ENU (HKLM\...\Microsoft Visual Studio 2008 Professional Edition - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{05EC21B8-4593-3037-A781-A6B5AFFCB19D}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{64c5b887-b5ee-42b8-8596-78905a6b5f1f}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{B268E9A1-04A9-40D0-9866-846BE2B74BA7}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
MSDN Library for Visual Studio 2008 - ENU (HKLM\...\MSDN Library for Visual Studio 2008 - ENU) (Version: 9.0 - Microsoft)
MSDN Library for Visual Studio 2008 - ENU (Version: 9.0.21022 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
òãëåï òáåø îñðï ãåàø äæáì ùì Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-040D-0000-0000000FF1CE}_PROHYBRIDR_{18E2D7BF-CC18-4CE8-B875-D2934B6086E2}) (Version: - Microsoft)
òãëåï òáåø îñðï ãåàø äæáì ùì Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-040D-0000-0000000FF1CE}_PROPLUS_{18E2D7BF-CC18-4CE8-B875-D2934B6086E2}) (Version: - Microsoft)
òãëåï òáåø îñðï ãåàø äæáì ùì Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-040D-0000-0000000FF1CE}_PROHYBRIDR_{54B50AC9-2088-4F43-B39A-0F10F53D425E}) (Version: - Microsoft)
òãëåï òáåø îñðï ãåàø äæáì ùì Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-040D-0000-0000000FF1CE}_PROPLUS_{54B50AC9-2088-4F43-B39A-0F10F53D425E}) (Version: - Microsoft)
òãëåï òáåø îñðï ãåàø äæáì ùì Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-040D-0000-0000000FF1CE}_PROHYBRIDR_{CAB664CE-BBA4-4A81-A358-6CC6F7852FC9}) (Version: - Microsoft)
òãëåï òáåø îñðï ãåàø äæáì ùì Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-040D-0000-0000000FF1CE}_PROPLUS_{CAB664CE-BBA4-4A81-A358-6CC6F7852FC9}) (Version: - Microsoft)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 5.03 - )
Online Filing 5.0 (HKLM\...\Online Filing 5.0) (Version: - )
Online Filing Client 5.0 (HKU\S-1-5-21-1904646845-1651169971-3518196291-1003\...\Online Filing Client 5.0) (Version: - )
PatXML (HKLM\...\PatXML) (Version: 1.4.0.11 - European Patent Office)
PC-Doctor 5 for Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4565.08 - PC-Doctor, Inc.)
PCT-SAFE Online Filing (HKLM\...\PCT-SAFE Online Filing) (Version: - )
PM Driver (HKLM\...\InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}) (Version: 0.63.1.6 - Lenovo)
PM Driver (Version: 0.63.1.6 - Lenovo) Hidden
Power Ux Customization (Version: 1.00.0000 - Lenovo) Hidden
Presentation Director (HKLM\...\{65706020-7B6F-41F2-8047-FC69579E386A}) (Version: 3.03a - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5391 - Realtek Semiconductor Corp.)
Registry patch for Windows Vista USB S3 PM Enablement (HKLM\...\USBPMon) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{7E4C16B8-8F76-4940-8505-98E93C00BF19}) (Version: 4.00.0117.00 - Lenovo Group Limited)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.33.01 - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype web features (HKLM\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3971 - Skype Technologies S.A.)
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.0.3.0 - Synaptics)
System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 3.00.0030 - Lenovo)
ThinkVantage Access Connections (HKLM\...\{4BD295B9-0190-4C54-B08E-33A6ECA922DF}) (Version: 5.62 - Lenovo)
ThinkVantage Technologies Welcome Message (Version: 1.21 - ) Hidden
TP-LINK Wireless Client Utility (HKLM\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Wallpapers (Version: - ) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM\...\{6C9F6D23-E9AD-43C9-B43A-011562AAF876}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM\...\{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
WordPerfect Office X3 (HKLM\...\_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}) (Version: - Corel Corporation)
WordPerfect Office X3 (Version: 13.2 - Corel Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\Windows\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 13:23 - 2015-06-02 01:54 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F6E7743-5B4E-416D-A3F0-32FD191F0E94} - System32\Tasks\{3B8C3DD9-408D-49C7-B56A-A5C38F92DB85} => pcalua.exe -a "C:\Users\Leo Min\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P82DGXC\OLF500[1].exe" -d "C:\Users\Leo Min\Desktop"
Task: {19E92E64-4221-45B6-BDA0-D87EA7CA3EB1} - System32\Tasks\{AE0C98F9-93F7-4566-863F-4765FFF88E53} => Iexplore.exe http://ui.skype.com/ui/0/6.0.0.126/en/abandoninstall?page=tsProgressBar
Task: {1ECC6430-172C-4536-86E8-3A862579FE9A} - System32\Tasks\InstallShield Software online update program => c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11] (Macrovision Corporation)
Task: {23B0FA37-458E-4235-892F-0EEB842E7C73} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3445C733-CBB6-4E17-B264-587942110C84} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {600C098B-216B-4F3D-8795-1C851F253C0E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-13] (Avast Software s.r.o.)
Task: {62CA2D97-7D65-41ED-B69C-36D3479AEE99} - System32\Tasks\{A5C5FAC8-3A9D-4BDF-8084-ED6B3C401FE5} => pcalua.exe -a C:\Windows\system32\ISUSPM.cpl -c Program Updates
Task: {8A05EF58-052A-4CD4-A0D1-C98C6A9904A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {8F51A567-784C-4144-83EC-10A921A7638C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {A55139A4-500E-435D-871E-E06B84F6B4D7} - System32\Tasks\{B8FAFD93-E8FE-4DC6-AB4F-FB33FF3C4AD7} => pcalua.exe -a "C:\Users\Leo Min\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0B9FCDN\uninstall_flash_player[1].exe" -d C:\Windows\system32
Task: {A9BD227A-6616-45AB-9454-8D7C8CE43488} - System32\Tasks\{C4677332-8A35-4D6C-9EF5-48FED7750A2B} => pcalua.exe -a C:\Users\Leo~1\AppData\Local\Temp\i5Setup.exe -d C:\Users\Leo~1\AppData\Local\Temp -c AdminRights
Task: {E4B7D24A-130A-4E7E-8D90-85ED527CC74B} - System32\Tasks\{704A7D20-8E80-44C9-BE18-4DE6F3F660D1} => C:\Program Files\Skype\Phone\Skype.exe [2015-04-17] (Skype Technologies S.A.)
Task: {E8B3806D-102D-42C6-A56E-12DDC6678DE0} - System32\Tasks\InstallShield Software update service => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11] (Macrovision Corporation)
Task: {E9A95FC2-3546-4410-8868-5B06452DE046} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E9E3FEED-24BA-41F4-B11E-BC6188B68695} - System32\Tasks\{C7764A48-7F36-4A7B-92FC-17B0979751A1} => C:\Program Files\Skype\Phone\Skype.exe [2015-04-17] (Skype Technologies S.A.)
Task: {EB8B96B3-88E4-4D7C-B57B-C24340783EB3} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {F4330950-664A-4DA2-B818-9F395208874F} - System32\Tasks\{BB2CF7D7-CB53-452A-9832-3DAD7A6F5671} => pcalua.exe -a "C:\Users\Leo Min\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MJ86HAB6\OLF500[1].exe" -d "C:\Users\Leo Min\Desktop"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-13 06:26 - 2015-06-13 06:26 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-13 06:26 - 2015-06-13 06:26 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-15 23:18 - 2015-06-15 23:18 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061501\algo.dll
2015-06-16 14:16 - 2015-06-16 14:16 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061600\algo.dll
2007-03-29 23:02 - 2007-03-29 23:02 - 00126976 ____N () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2008-05-11 04:15 - 2007-04-09 21:03 - 00235056 ____N () C:\Program Files\Lenovo\NPDIRECT\tpfnf7.dll
2007-05-11 05:23 - 2006-09-06 10:38 - 00054824 ____N () C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
2007-05-11 05:23 - 2006-09-06 10:38 - 00063016 ____N () C:\Program Files\Lenovo\HOTKEY\TpWAud32.dll
2007-01-09 05:49 - 2007-04-14 16:30 - 00139264 ____N () c:\program files\common files\lenovo\CDRecord.dll
2010-04-22 16:15 - 2010-04-22 16:15 - 00020480 _____ () C:\Program Files\ThinkPad\ConnectUtilities\ACNewBiosHelper.dll
2006-11-03 06:40 - 2006-11-03 06:40 - 00174656 ____N () C:\Windows\system32\PSIService.exe
2008-05-11 04:40 - 2006-12-20 05:23 - 00272024 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2007-05-11 05:22 - 2007-03-02 08:07 - 00055936 ____N () C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
2007-01-09 06:03 - 2007-01-09 06:03 - 00569344 ____N () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2015-06-13 06:26 - 2015-06-13 06:26 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2007-03-29 22:42 - 2007-03-29 22:42 - 00389120 ____N () C:\Windows\system32\btwhidcs.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1904646845-1651169971-3518196291-1003\Control Panel\Desktop\\Wallpaper -> C:\SWTOOLS\Wallpaper\1600x1200-Swoosh.jpg
DNS Servers: 10.0.0.138

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{F29E94A2-10FF-48C8-AB72-11BEBAD1FDB2}] => (Allow) C:\Program Files\Lenovo Multimedia Center\PowerDirector Express\PDX.EXE
FirewallRules: [{7DA76529-DA4F-4208-8A26-70E615E164CA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{37BE7721-E26E-4095-A6D0-F400BEAC81D9}C:\program files\epo_olf5-tc\olfclient.exe] => (Allow) C:\program files\epo_olf5-tc\olfclient.exe
FirewallRules: [UDP Query User{03A8784F-2A6C-4AF4-AB32-A77EDA034E1C}C:\program files\epo_olf5-tc\olfclient.exe] => (Allow) C:\program files\epo_olf5-tc\olfclient.exe
FirewallRules: [TCP Query User{717BB0E8-FA57-42F7-A76B-9349A25500E6}C:\program files\epo_olf5\olfclient.exe] => (Allow) C:\program files\epo_olf5\olfclient.exe
FirewallRules: [UDP Query User{A2700D89-42F9-4DAB-BEDC-D80BDB10D89B}C:\program files\epo_olf5\olfclient.exe] => (Allow) C:\program files\epo_olf5\olfclient.exe
FirewallRules: [{43948BB7-178D-415C-892F-7C9A534F419A}] => (Allow) LPort=80
FirewallRules: [{31E29628-822D-42C6-9B12-B593F02A2349}] => (Allow) LPort=80
FirewallRules: [{A7D0057F-84A2-455D-96BA-1526B2920CE4}] => (Allow) LPort=80
FirewallRules: [{71CCAB85-B87E-4F24-AF6F-946DA8519F96}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EED8CACD-67BB-4FCB-ABD0-9451C1D0BC2C}] => (Allow) LPort=2869
FirewallRules: [{03C700EB-0CF8-480F-AC27-8FB85D546F92}] => (Allow) LPort=1900
FirewallRules: [{327112EE-B4BF-4842-A7B8-FA337A8E9237}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{24017E64-DDE9-4391-949D-6A9A6CF022B8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{BFA3C515-4B31-445C-81D4-7AAE59788653}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{27D9D81F-02A6-49D7-BED6-ECFE30573D2D}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{2A195B17-5798-47B3-8B6F-BFA82EA74D28}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{503ABF7A-1D61-4016-BDBA-B8A271C50833}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F3D52A41-A1CD-4B35-8039-C65E251425D0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/16/2015 01:38:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application cssauth.exe, version 8.0.306.0, time stamp 0x46bb2bde, faulting module tcsrpc.dll, version 6.0.6002.19346, time stamp 0x55024174, exception code 0xc0000135, fault offset 0x00009f55,
process id 0x820, application start time 0xcssauth.exe0.

Error: (06/16/2015 01:34:55 PM) (Source: MsiInstaller) (EventID: 11706) (User: LM-COMPUTER)
Description: Product: Client Security Solution -- Error 1706.No valid source could be found for product Client Security Solution. The Windows Installer cannot continue.

Error: (06/16/2015 01:30:22 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error: (06/16/2015 01:27:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rrservice.exe, version 4.0.121.0, time stamp 0x45a2e978, faulting module rrservice.exe, version 4.0.121.0, time stamp 0x45a2e978, exception code 0xc0000005, fault offset 0x000018ff,
process id 0xeac, application start time 0xrrservice.exe0.

Error: (06/16/2015 01:27:27 PM) (Source: Firebird Server) (EventID: 0) (User: )
Description: Firebird Server error: 0Could not start service

Error: (06/16/2015 01:27:23 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x80070057

Error: (06/16/2015 01:16:50 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/16/2015 01:16:09 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/16/2015 00:14:19 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x80070057

Error: (06/16/2015 00:14:10 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


System errors:
=============
Error: (06/16/2015 01:26:35 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
Description: Printer HP Deskjet 2050 J510 series failed to initialize because a suitable HP Deskjet 2050 J510 series driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.

Error: (06/16/2015 00:14:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/16/2015 00:14:10 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/16/2015 00:13:58 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/16/2015 00:13:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:11:41 PM on 6/16/2015 was unexpected.

Error: (06/16/2015 02:07:37 AM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
Description: Printer HP Deskjet 2050 J510 series failed to initialize because a suitable HP Deskjet 2050 J510 series driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.

Error: (06/16/2015 00:27:58 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/16/2015 00:27:24 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (06/16/2015 00:27:24 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (06/16/2015 00:27:22 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 58%
Total physical RAM: 2037.69 MB
Available physical RAM: 838.46 MB
Total Pagefile: 4312.67 MB
Available Pagefile: 2917.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.89 MB

==================== Drives ================================

Drive c: (SW_Preload) (Fixed) (Total:143.84 GB) (Free:50.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 9AEC455C)
Partition 1: (Not Active) - (Size=5.2 GB) - (Type=27)
Partition 2: (Active) - (Size=143.8 GB) - (Type=07 NTFS)

==================== End of log ============================

Attached Files


Edited by Oh My!, 19 June 2015 - 12:28 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,012 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:50 PM

Posted 19 June 2015 - 12:50 PM

Greetings LeoTev and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Are you familiar with PCT-SAFE?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1904646845-1651169971-3518196291-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.6.0_02\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-1904646845-1651169971-3518196291-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S2 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Leo~1\AppData\Local\Temp\catchme.sys [X]
U3 eamonm; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
Task: {0F6E7743-5B4E-416D-A3F0-32FD191F0E94} - System32\Tasks\{3B8C3DD9-408D-49C7-B56A-A5C38F92DB85} => pcalua.exe -a "C:\Users\Leo Min\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P82DGXC\OLF500[1].exe" -d "C:\Users\Leo Min\Desktop"
Task: {A55139A4-500E-435D-871E-E06B84F6B4D7} - System32\Tasks\{B8FAFD93-E8FE-4DC6-AB4F-FB33FF3C4AD7} => pcalua.exe -a "C:\Users\Leo Min\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0B9FCDN\uninstall_flash_player[1].exe" -d C:\Windows\system32
Task: {A9BD227A-6616-45AB-9454-8D7C8CE43488} - System32\Tasks\{C4677332-8A35-4D6C-9EF5-48FED7750A2B} => pcalua.exe -a C:\Users\Leo~1\AppData\Local\Temp\i5Setup.exe -d C:\Users\Leo~1\AppData\Local\Temp -c AdminRights
Task: {F4330950-664A-4DA2-B818-9F395208874F} - System32\Tasks\{BB2CF7D7-CB53-452A-9832-3DAD7A6F5671} => pcalua.exe -a "C:\Users\Leo Min\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MJ86HAB6\OLF500[1].exe" -d "C:\Users\Leo Min\Desktop"
C:\Users\Leo Min\AppData\Local\Microsoft\Windows\Temporary Internet Files
C:\Users\Leo~1\AppData\Local\Temp\i5Setup.exe
cmd: copy C:\Windows\Minidump\Mini061515-01.dmp "C:\Users\Leo Min\Desktop"
cmd: copy C:\Windows\Minidump\Mini061415-01.dmp "C:\Users\Leo Min\Desktop"
cmd: copy C:\Windows\Minidump\Mini061315-01.dmp "C:\Users\Leo Min\Desktop"
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • 3 Mindump files will be placed on your Desktop with the files extension .dmp. Please attach those files to your reply
===================================================

BlueScreenView

----------
  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Attached Minidump files
  • BSOD.txt
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 LeoTev

LeoTev
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 21 June 2015 - 10:24 AM

Dear Gary

Thank you very much for your assistance. But my Western Digital 160GB HDD from my lap-top had dead before some days, the test showed the large amount of bads. I did not succeed to repair it. Accordingly, I had no possibility to execute your recommendations. Let to cancel this help thread, sorry.

You asked about program PCT-SAFE being presented at my lap-top. I got that program (on CD) from Swiss PCT division when I applied my PCT. Unfortunately I am not familiar with that program, I prepare PCT-applications at an on-paper form yet.

Thank you and best regards.
   Sincerely

    Leo 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,012 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:50 PM

Posted 21 June 2015 - 02:45 PM

Thanks for letting me know Leo and for the additional information.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,012 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:50 PM

Posted 21 June 2015 - 02:45 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users